FGscanner - An Open-source URL Scanner

FGscanner (FantaGhost Scanner) is an advanced, open-source URL scanner with proxy and TOR support.

It can find hidden contents on a web server using a dictionary based attack.


FGscanner read the Directories wordlist and analyze the HTTP return code. If the directory exist on the target FGscanner starts reading pages list for a dictionary-based attack. Depending by –dump switch, if the page exists FGscanner dump it on disk.


./fgscan.pl --host=hostname [--proxy=filepath] [--sec=n] [--dump] [--dirlist=filepath] 
[--wordlist=filepath] [--tor] [--tordns] [--debug] [--help]

--debug    : Print debug information
--dirs     : Specify the directory list file
--pages    : Specify the wordlist file
--uarnd    : Enable User Agent randomization
--host     : Specify hostname to scan (without http:// or https://)
--proxy    : Specify a proxy list
--sec    : Seconds between requests. Value 999 will randomize delay between requests 
             from 1 to 30 seconds
--dump     : Save found pages on disk
--tor      : Use TOR as proxy for each request
--tordns   : Use TOR to resolve hostname. Without this options DNS queries will be 
             directed to default DNS server outside TOR network
--help     : Show this help

If you want to avoid detection you can use the following options:
  • -tor switch to adddress GET requests via TOR network (TOR must be running on your system)
  • -tordns to resolve target via TOR network (otherwise DNS request will be directed to your dns)
  • -sec to slow down the scan or randomize time between requests
  • -uarnd to randomize User-Agent.


git clone https://github.com/FantaGhost/FGscanner.git
cd ./FGscanner
chmod +x fgscan.pl

No comments

Powered by Blogger.