🛡️ EnumRust - Advanced Security Scanner

A comprehensive Rust-based security enumeration tool with real-time dashboard

---

🎯 Features

Core Capabilities

• 🕵️ Subdomain Enumeration - haktrails, subfinder, certificate transparency
• 🌐 DNS Resolution - Fast IP resolution with dnsx
• ⚡ Port Scanning - masscan for speed, httpx for validation
• 🔍 Web Crawling - JavaScript analysis, endpoint discovery
• 🚨 Vulnerability Scanning - Nuclei integration
• 🗄️ Infrastructure Mode - Network scanning with IP ranges
• 📊 Real-time Dashboard - Web UI with live progress tracking

🎯 Bug Bounty Mode (NEW!)

• 🔍 Admin Panel Discovery - Scans 15 ports & 80+ admin paths
• 🔑 Default Credential Testing - Tests 40+ common username/password combinations
• 🔔 Discord Notifications - Real-time alerts for critical findings
• 🎯 Multi-Auth Support - Form-based, Basic Auth, API JSON
• 💥 Instant Alerts - Valid credentials, secrets, vulnerabilities
• 📊 Detailed Reports - JSON + TXT outputs for bug submissions

👉 Full Bug Bounty Guide

---

🆕 Recent Improvements (v2.2.0)

Advanced Secrets Scanner

• 70+ Token Patterns - GitHub (PAT, OAuth, App), AWS, GCP, Azure, Vercel, Stripe, Twilio, SendGrid, Slack, Discord, and more
• Token Validation - Automatic validation against real APIs to confirm if secrets are active
• Code Context - Shows exact line number and code snippet where secret was found
• Remediation Guidance - Provides specific steps to fix each type of exposed secret

Cloud Storage Security Testing

• S3 Bucket Testing - Tests for anonymous read/write/list permissions
• GCS & Azure Blob - Multi-cloud storage exposure detection
• Risk Level Assessment - Automatic severity classification

IP Validator & CDN Filter

• CDN Detection - Automatically filters out IPs from Cloudflare, Akamai, Fastly, AWS CloudFront, Google Cloud CDN, Azure CDN, Incapsula
• Smart IP Validation - Removes invalid IPs and duplicates from scan results
• False Positive Reduction - Only scans real target infrastructure, not shared CDN IPs

Dependency Confusion Scanner

• NPM Package Detection - Extracts packages from require(), import statements
• Public Registry Validation - Checks if internal packages exist on public npm registry
• Dependency Confusion Alert - Identifies potential supply chain attack vectors

Enhanced JavaScript Crawler

• Multi-source Collection - Aggregates JS from URLFinder, HTTP200, DOM parsing
• Deep Secret Extraction - Analyzes JavaScript content for hardcoded credentials
• API Endpoint Discovery - Extracts REST/GraphQL endpoints from JS code

Admin Panel Discovery

• 15 Port Scanning - Covers ports 80, 443, 8080, 8443, 8000, 3000, 5000, 9000, 8888, 8088, 8081, 9090, 3001, 4200, 5001
• 80+ Admin Paths - WordPress, Joomla, Laravel, Django, phpMyAdmin, and more
• Smart Fingerprinting - Identifies CMS type from response content

Credential Testing Engine

• 40+ Default Credentials - Common admin/password combinations
• Multi-Auth Support - Form-based, HTTP Basic Auth, API JSON authentication
• Rate Limiting - Built-in delays to avoid account lockouts

---

🚀 Quick Start

1. Installation

# Clone repository
git clone https://github.com/KingOfBugbounty/enumrust.git
cd enumrust

# Build release version
cargo build --release

2. Basic Scan

# Domain enumeration with full scan
./target/release/enumrust -d example.com --subfinder --full-scan

# Domain enumeration (basic)
./target/release/enumrust -d example.com --subfinder

3. Dashboard Mode

# Start dashboard on default port 8080
./target/release/enumrust --dashboard

# Start dashboard on custom port
./target/release/enumrust --dashboard --dashboard-port 3000

# Run scan with dashboard monitoring
./target/release/enumrust -d target.com --subfinder --full-scan --dashboard

First Access Setup:

🚀 Dashboard server starting on http://0.0.0.0:8080
📊 Access the dashboard and complete the initial setup
   Setup Code: <random_16_char_code>

1. Open http://localhost:8080 in your browser
2. Use the Setup Code displayed in terminal (generated randomly each startup)
3. Create your own username and password
4. Login and start monitoring your scans

---

📊 Dashboard Features

Real-time Monitoring

• Progress Bar - Animated, shows current scan phase
• Event Stream - Live feed of tool execution
• Statistics Cards - Vulnerability counts by severity

File Explorer

• Two-Panel Layout - File list + content viewer
• Syntax Highlighting - Terminal-style display
• Domain Filtering - Select specific target to view

Vulnerability Management

• Severity Filters - Critical, High, Medium, Low
• Detailed View - Template ID, host, description
• Export Options - JSON data for reporting

Security

• Random Credentials - Setup code generated at each startup
• JWT Authentication - Secure session management
• No Hardcoded Secrets - All credentials created by user

---

📖 Usage Examples

Bug Bounty Mode 🎯

# Bug bounty scan with Discord notifications
./target/release/enumrust -d target.com \
  --bugbounty \
  --discord-webhook "https://discord.com/api/webhooks/YOUR_WEBHOOK"

# Aggressive bug bounty scan
./target/release/enumrust -d target.com \
  --bugbounty \
  --full-scan \
  --workers 20 \
  --discord-webhook "https://discord.com/api/webhooks/YOUR_WEBHOOK"

What it does:

• ✅ Discovers admin panels on 15 different ports
• ✅ Tests 40+ default credentials automatically
• ✅ Sends Discord alerts for valid credentials found
• ✅ Notifies about critical vulnerabilities & secrets
• ✅ Generates detailed reports for bug submissions

👉 See BUGBOUNTY_MODE.md for complete guide

Domain Reconnaissance

# Full enumeration with all sources
./target/release/enumrust -d target.com --full-scan

# Quick scan with specific tools
./target/release/enumrust -d target.com --subfinder

Infrastructure Scanning

# Single IP
./target/release/enumrust --infraestrutura --ip-range 192.168.1.100

# CIDR notation
./target/release/enumrust --infraestrutura --ip-range 192.168.1.0/24

# IP range
./target/release/enumrust --infraestrutura --ip-range 192.168.1.1-192.168.1.254

# Comma-separated IPs
./target/release/enumrust --infraestrutura --ip-range 192.168.1.1,192.168.1.5,192.168.1.10

# From file
./target/release/enumrust -f targets.txt --full-scan

Advanced Options

# Full IP scan with directory fuzzing
./target/release/enumrust -d target.com \
  --ip-scan \
  --ip-full-scan

---

📂 Output Structure

After scanning example.com, results are saved in:

example.com/
├── subdomains.txt          # Discovered subdomains
├── ips.txt                 # Resolved IP addresses
├── http200.txt             # Active HTTP(S) hosts
├── masscan.txt             # Port scan results
├── ports.txt               # Validated open ports
├── nuclei.txt              # Vulnerability findings
├── urls.txt                # Discovered URLs
├── js_endpoints.txt        # JavaScript endpoints
├── js_secrets.txt          # Potential secrets in JS
├── s3.txt                  # S3 bucket URLs
├── ferox_200_only.txt      # Directory bruteforce results
├── all_results.txt         # Consolidated report
├── current_status.json     # Scan status
├── progress.jsonl          # Real-time progress log
└── metrics.json            # Performance metrics

---

🛠️ Tool Installation

Automatic Installation (Recommended)

EnumRust includes built-in tool management. Install all required tools with a single command:

# Install ALL required tools automatically
./target/release/enumrust --install-tools

This will:

• ✅ Install Go if not present
• ✅ Install all 19 security tools
• ✅ Configure PATH automatically in .bashrc, .zshrc, .profile
• ✅ Update Nuclei templates
• ✅ Skip already installed tools

Check Tool Status

Verify which tools are installed:

./target/release/enumrust --check-tools

Example output:

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  CORE TOOLS (Required)
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  ✓ httpx           - HTTP probing and validation
  ✓ dnsx            - DNS resolution and validation
  ✓ nuclei          - Vulnerability scanner
  ✓ masscan         - Port scanner (requires sudo)

  OPTIONAL TOOLS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
  ✓ subfinder       - Passive subdomain discovery
  ✓ haktrails       - SecurityTrails subdomain discovery
  ✓ tlsx            - TLS/SSL certificate analysis
  ✓ ffuf            - Fast web fuzzer
  ✓ feroxbuster     - Recursive directory brute-forcer
  ✓ trufflehog      - Secret scanner
  ...

Required Tools List

Tool	Category	Description
httpx	Core	HTTP probing and validation
dnsx	Core	DNS resolution and validation
nuclei	Core	Vulnerability scanner
masscan	Core	Fast port scanner (requires sudo)
subfinder	Discovery	Passive subdomain enumeration
haktrails	Discovery	SecurityTrails integration
tlsx	Discovery	TLS/SSL certificate analysis
ffuf	Fuzzing	Fast web fuzzer
feroxbuster	Fuzzing	Recursive directory brute-forcer
trufflehog	Secrets	Secret/credential scanner
anew	Utils	Append unique lines to files
jq	Utils	JSON processor
whois	Utils	Domain registration lookup
tmux	Utils	Terminal multiplexer
hakrawler	Crawling	Web crawler for URL discovery
urlfinder	Crawling	Passive URL discovery
katana	Crawling	Fast web crawler
gau	Crawling	Fetch URLs from web archives
waybackurls	Crawling	Fetch URLs from Wayback Machine

Manual Installation (Alternative)

If you prefer manual installation:

# Install Go first (required for most tools)
apt-get install -y golang-go

# Core tools
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
apt-get install -y masscan

# Discovery tools
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/hakluke/haktrails@latest
go install -v github.com/projectdiscovery/tlsx/cmd/tlsx@latest

# Fuzzing tools
go install -v github.com/ffuf/ffuf/v2@latest
cargo install feroxbuster  # or: apt-get install feroxbuster

# Crawling tools
go install -v github.com/hakluke/hakrawler@latest
go install -v github.com/projectdiscovery/urlfinder/cmd/urlfinder@latest
go install -v github.com/projectdiscovery/katana/cmd/katana@latest
go install -v github.com/lc/gau/v2/cmd/gau@latest
go install -v github.com/tomnomnom/waybackurls@latest

# Utils
go install -v github.com/tomnomnom/anew@latest
go install -v github.com/trufflesecurity/trufflehog/v3@latest
apt-get install -y jq whois tmux

# Add Go binaries to PATH
echo 'export PATH="$PATH:$HOME/go/bin"' >> ~/.bashrc
source ~/.bashrc

# Update Nuclei templates
nuclei -ut

---

📊 Performance

• Concurrent Scanning - Parallel tool execution
• Async I/O - Non-blocking operations
• Resource Management - Automatic cleanup
• Timeout Handling - Prevents hanging scans

Typical Scan Times:

• Small domain (< 10 subdomains): 2-5 minutes
• Medium domain (10-50 subdomains): 5-15 minutes
• Large domain (> 50 subdomains): 15-30 minutes

---

🔒 Security

• Path Validation - Prevents directory traversal
• Input Sanitization - Command injection protection

---

🤝 Contributing

Contributions are welcome! Please:

1. Fork the repository
2. Create a feature branch
3. Submit a pull request

---

📄 License

MIT License - see LICENSE for details.

---

👤 Author

OFJAAAH

• GitHub: @ofjaaah

---

Made with ❤️ and Rust 🦀