MCPcopy Index your code
hub / github.com/KingOfBugbounty/enumrust

github.com/KingOfBugbounty/enumrust @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
471 symbols 861 edges 25 files 238 documented · 51%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

🛡️ EnumRust - Advanced Security Scanner

EnumRust Banner

A comprehensive Rust-based security enumeration tool with real-time dashboard

Rust License: MIT Docker GitHub


🎯 Features

Core Capabilities

  • 🕵️ Subdomain Enumeration - haktrails, subfinder, certificate transparency
  • 🌐 DNS Resolution - Fast IP resolution with dnsx
  • Port Scanning - masscan for speed, httpx for validation
  • 🔍 Web Crawling - JavaScript analysis, endpoint discovery
  • 🚨 Vulnerability Scanning - Nuclei integration
  • 🗄️ Infrastructure Mode - Network scanning with IP ranges
  • 📊 Real-time Dashboard - Web UI with live progress tracking

🎯 Bug Bounty Mode (NEW!)

  • 🔍 Admin Panel Discovery - Scans 15 ports & 80+ admin paths
  • 🔑 Default Credential Testing - Tests 40+ common username/password combinations
  • 🔔 Discord Notifications - Real-time alerts for critical findings
  • 🎯 Multi-Auth Support - Form-based, Basic Auth, API JSON
  • 💥 Instant Alerts - Valid credentials, secrets, vulnerabilities
  • 📊 Detailed Reports - JSON + TXT outputs for bug submissions

👉 Full Bug Bounty Guide

🤖 MCP Server Integration (NEW!)

  • AI Assistant Integration - Use EnumRust from Claude Code, Cursor, and other MCP-enabled AI tools
  • Programmatic Scanning - Invoke security scans via MCP tools without CLI
  • 11 Available Tools - subdomain_enum, dns_resolve, ip_scan, http_probe, js_crawl, admin_finder, secrets_scan, vuln_scan, wordpress_scan, info_disclosure, full_scan

👉 MCP Server Guide - See below for setup and usage


🆕 What's New

IIS Short Filename Scanner (Shortscan)

  • Auto IIS Detection - Automatically detects Microsoft IIS servers via Server header during scans
  • 8.3 Filename Bruteforce - Exploits the Windows tilde (~) vulnerability to discover hidden files and directories
  • shortscan Integration - Runs as STAGE 7.7 against up to 10 IIS targets
  • JSON Output - Results saved to shortscan_results.json with structured findings
  • Skip Flag - Use --no-shortscan to disable IIS scanning
  • Install - go install github.com/bitquark/shortscan/cmd/shortscan@latest

WordPress Vulnerability Scanner (WPScan)

  • Auto WordPress Detection - Identifies WordPress sites from admin panels, /wp-content/, /wp-json/, etc.
  • Docker-based WPScan - Runs wpscanteam/wpscan via Docker for deep vulnerability analysis
  • Plugin & Theme Enumeration - Detects vulnerable plugins, outdated themes, and exposed users
  • AI False Positive Filter - Ollama validates WPScan findings and removes false positives
  • API Token Support - Use --wpscan-token for enhanced vulnerability database access
  • Skip Flag - Use --no-wpscan to disable WordPress scanning

Ollama AI Integration

  • Auto-Detection - Silently detects Ollama at localhost:11434 on scan start
  • All-Stage Filtering - AI validates secrets, nuclei findings, admin panels, credentials, and more
  • Executive Summary - Generates ai_executive_summary.txt with AI-powered analysis
  • Response Caching - Up to 5000 cached entries to avoid redundant queries
  • Custom Model - Configure via OLLAMA_MODEL env var (default: llama3)

Enhanced HTML Report Generator

  • Interactive Dashboard - Full HTML report with charts, filtering, and severity breakdown
  • All Findings Integrated - Secrets, vulnerabilities, admin panels, WordPress, IIS findings in one report
  • Export Ready - Professional format suitable for bug bounty submissions

Recent Improvements (v2.3.0)

Advanced Secrets Scanner

  • 70+ Token Patterns - GitHub (PAT, OAuth, App), AWS, GCP, Azure, Vercel, Stripe, Twilio, SendGrid, Slack, Discord, and more
  • Token Validation - Automatic validation against real APIs to confirm if secrets are active
  • Code Context - Shows exact line number and code snippet where secret was found
  • Remediation Guidance - Provides specific steps to fix each type of exposed secret

Cloud Storage Security Testing

  • S3 Bucket Testing - Tests for anonymous read/write/list permissions
  • GCS & Azure Blob - Multi-cloud storage exposure detection
  • Risk Level Assessment - Automatic severity classification

IP Validator & CDN Filter

  • CDN Detection - Automatically filters out IPs from Cloudflare, Akamai, Fastly, AWS CloudFront, Google Cloud CDN, Azure CDN, Incapsula
  • Smart IP Validation - Removes invalid IPs and duplicates from scan results
  • False Positive Reduction - Only scans real target infrastructure, not shared CDN IPs

Dependency Confusion Scanner

  • NPM Package Detection - Extracts packages from require(), import statements
  • Public Registry Validation - Checks if internal packages exist on public npm registry
  • Dependency Confusion Alert - Identifies potential supply chain attack vectors

Enhanced JavaScript Crawler

  • Multi-source Collection - Aggregates JS from URLFinder, HTTP200, DOM parsing
  • Deep Secret Extraction - Analyzes JavaScript content for hardcoded credentials
  • API Endpoint Discovery - Extracts REST/GraphQL endpoints from JS code

Admin Panel Discovery

  • 15 Port Scanning - Covers ports 80, 443, 8080, 8443, 8000, 3000, 5000, 9000, 8888, 8088, 8081, 9090, 3001, 4200, 5001
  • 80+ Admin Paths - WordPress, Joomla, Laravel, Django, phpMyAdmin, and more
  • Smart Fingerprinting - Identifies CMS type from response content

Credential Testing Engine

  • 40+ Default Credentials - Common admin/password combinations
  • Multi-Auth Support - Form-based, HTTP Basic Auth, API JSON authentication
  • Rate Limiting - Built-in delays to avoid account lockouts

🚀 Quick Start

1. One-Line Auto Install (Recommended)

git clone https://github.com/KingOfBugbounty/enumrust.git && cd enumrust && sudo bash install.sh

This will automatically: - Install Rust and Go toolchains (if missing) - Build enumrust and copy to /usr/local/bin/ - Install all 21 security tools (httpx, nuclei, shortscan, etc.) - Configure PATH in .bashrc, .zshrc, .profile - Update Nuclei templates

After install, open a new terminal or run source ~/.bashrc, then:

enumrust --check-tools       # verify all tools
enumrust -d target.com       # start scanning

1b. Manual Build (Alternative)

# Clone repository
git clone https://github.com/KingOfBugbounty/enumrust.git
cd enumrust

# Build release version
cargo build --release

## Installation

### Clone via GitHub Token (Private Repository)

To clone this repository, you need a GitHub Personal Access Token with `repo` scope.

1. **Generate your token** at [GitHub Settings > Developer settings > Personal access tokens](https://github.com/settings/tokens)

2. **Clone using HTTPS + Token:**

```bash
git clone https://$YOUR_GITHUB_TOKEN@github.com/tools-ofjaaah/enumrust.git

Or set the token as an environment variable:

export YOUR_GITHUB_TOKEN="ghp_xxxxxxxxxxxxxxxxxxxx"
git clone https://${YOUR_GITHUB_TOKEN}@github.com/tools-ofjaaah/enumrust.git
cd enumrust
  1. Alternative — SSH clone (if you have SSH keys configured):
git clone git@github.com:tools-ofjaaah/enumrust.git

Repository URL: https://github.com/tools-ofjaaah/enumrust.git

2. Basic Scan

# Domain enumeration with full scan
./target/release/enumrust -d example.com --subfinder --full-scan

# Domain enumeration (basic)
./target/release/enumrust -d example.com --subfinder

3. Dashboard Mode

# Start dashboard on default port 8080
./target/release/enumrust --dashboard

# Start dashboard on custom port
./target/release/enumrust --dashboard --dashboard-port 3000

# Run scan with dashboard monitoring
./target/release/enumrust -d target.com --subfinder --full-scan --dashboard

First Access Setup:

🚀 Dashboard server starting on http://0.0.0.0:8080
📊 Access the dashboard and complete the initial setup
   Setup Code: <random_16_char_code>
  1. Open http://localhost:8080 in your browser
  2. Use the Setup Code displayed in terminal (generated randomly each startup)
  3. Create your own username and password
  4. Login and start monitoring your scans

🐳 Docker Installation

Run EnumRust with all 21 tools pre-installed using Docker - zero configuration required.

# Build
docker build -t enumrust .

# Verify all 21 tools
docker run --rm enumrust --check-tools

# Run a scan
docker run --rm --privileged \
  -v $(pwd)/results:/results \
  enumrust -d target.com --subfinder --full-scan

# Dashboard mode
docker run --rm --privileged \
  -p 8080:8080 \
  -v $(pwd)/results:/results \
  enumrust -d target.com --dashboard --full-scan

Note: --privileged is required for masscan (raw socket access). Omit it if you don't need port scanning.

👉 Full Docker Guide - Complete instructions, examples, volume mounts, troubleshooting, and more


🤖 MCP Server Integration

EnumRust includes an MCP (Model Context Protocol) server that allows AI assistants like Claude Code, Cursor, and other MCP-enabled tools to invoke security scanning capabilities programmatically.

Build the MCP Server

# Build from enumrust directory
cd enumrust
cargo build --release --package enumrust_mcp

Available MCP Tools

Tool Description Parameters
subdomain_enum Passive subdomain discovery domain: string
dns_resolve DNS resolution to IPs domains: string[]
ip_scan Port scan + directory fuzzing ip: string, ports?: string, wordlist?: string
http_probe Check HTTP hosts alive status hosts: string[]
js_crawl Extract secrets/endpoints from JS urls: string[]
admin_finder Discover admin panels hosts: string[]
secrets_scan Scan for hardcoded secrets hosts: string[]
vuln_scan Run Nuclei vulnerability scan hosts: string[]
wordpress_scan WordPress vulnerability scan urls: string[]
info_disclosure S3/Actuator/GraphQL scanning hosts: string[]
full_scan Complete bug bounty scan domain: string, options?: {workers?, discord_webhook?}

Claude Code Configuration

Add to your MCP settings (~/.claude/settings.json or project .claude/mcp.json):

{
  "mcpServers": {
    "enumrust": {
      "command": "/path/to/enumrust/enumrust-mcp",
      "args": []
    }
  }
}

Usage Example with Claude Code

You: "Scan example.com for subdomains using enumrust"
Claude: (calls subdomain_enum tool)
-> Returns list of discovered subdomains

You: "Run a full bug bounty scan on example.com"
Claude: (calls full_scan tool)
-> Returns complete scan results

Run Standalone MCP Server

# Start the MCP server (stdio mode)
./target/release/enumrust-mcp

# Test with an MCP client
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | ./target/release/enumrust-mcp

📊 Dashboard Features

Real-time Monitoring

  • Progress Bar - Animated, shows current scan phase
  • Event Stream - Live feed of tool execution
  • Statistics Cards - Vulnerability counts by severity

File Explorer

  • Two-Panel Layout - File list + content viewer
  • Syntax Highlighting - Terminal-style display
  • Domain Filtering - Select specific target to view

Vulnerability Management

  • Severity Filters - Critical, High, Medium, Low
  • Detailed View - Template ID, host, description
  • Export Options - JSON data for reporting

Security

  • Random Credentials - Setup code generated at each startup
  • JWT Authentication - Secure session management
  • No Hardcoded Secrets - All credentials created by user

📖 Usage Examples

Bug Bounty Mode 🎯

# Bug bounty scan with Discord notifications
./target/release/enumrust -d target.com \
  --bugbounty \
  --discord-webhook "https://discord.com/api/webhooks/YOUR_WEBHOOK"

# Aggressive bug bounty scan
./target/release/enumrust -d target.com \
  --bugbounty \
  --full-scan \
  --workers 20 \
  --discord-webhook "https://discord.com/api/webhooks/YOUR_WEBHOOK"

What it does: - ✅ Discovers admin panels on 15 different ports - ✅ Tests 40+ default credentials automatically - ✅ Sends Discord alerts for valid credentials found - ✅ Notifies about critical vulnerabilities & secrets - ✅ Generates detailed reports for bug submissions

👉 See BUGBOUNTY_MODE.md for complete guide

Domain Reconnaissance

# Full enumeration with all sources
./target/release/enumrust -d target.com --full-scan

# Quick scan with specific tools
./target/release/enumrust -d target.com --subfinder

Infrastructure Scanning

# Single IP
./target/release/enumrust --infraestrutura --ip-range 192.168.1.100

# CIDR notation
./target/release/enumrust --infraestrutura --ip-range 192.168.1.0/24

# IP range
./target/release/enumrust --infraestrutura --ip-range 192.168.1.1-192.168.1.254

# Comma-separated IPs
./target/release/enumrust --infraestrutura --ip-range 192.168.1.1,192.168.1.5,192.168.1.10

# From file
./target/release/enumrust -f targets.txt --full-scan

Advanced Options

```bash

Full IP scan with directory fuzzing

./target/release/enumrust -d target.com \ --ip-scan \ --i

Core symbols most depended-on inside this repo

add_simple_secret
called by 36
src/secrets_scanner.rs
tool_completed
called by 26
src/progress.rs
tool_started
called by 24
src/progress.rs
data_found
called by 17
src/progress.rs
extract_context
called by 16
src/secrets_scanner.rs
create_safe_preview
called by 15
src/secrets_scanner.rs
is_available
called by 15
src/ollama.rs
tool_failed
called by 13
src/progress.rs

Shape

Function 313
Class 89
Method 63
Enum 6

Languages

Rust100%

Modules by API surface

src/package_scanner.rs51 symbols
src/main.rs48 symbols
src/secrets_scanner.rs33 symbols
src/info_disclosure_scanner.rs31 symbols
src/js_crawler.rs26 symbols
src/ollama.rs25 symbols
src/wpscan.rs22 symbols
src/secret_validators.rs21 symbols
src/metrics.rs21 symbols
src/report_generator.rs19 symbols
src/parallel_executor.rs19 symbols
src/progress.rs18 symbols

Datastores touched

(mongodb)Database · 1 repos
(mysql)Database · 1 repos

For agents

$ claude mcp add enumrust \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact