A comprehensive Rust-based security enumeration tool with real-time dashboard
👉 MCP Server Guide - See below for setup and usage
Server header during scans~) vulnerability to discover hidden files and directoriesshortscan_results.json with structured findings--no-shortscan to disable IIS scanninggo install github.com/bitquark/shortscan/cmd/shortscan@latest/wp-content/, /wp-json/, etc.wpscanteam/wpscan via Docker for deep vulnerability analysis--wpscan-token for enhanced vulnerability database access--no-wpscan to disable WordPress scanninglocalhost:11434 on scan startai_executive_summary.txt with AI-powered analysisOLLAMA_MODEL env var (default: llama3)git clone https://github.com/KingOfBugbounty/enumrust.git && cd enumrust && sudo bash install.sh
This will automatically:
- Install Rust and Go toolchains (if missing)
- Build enumrust and copy to /usr/local/bin/
- Install all 21 security tools (httpx, nuclei, shortscan, etc.)
- Configure PATH in .bashrc, .zshrc, .profile
- Update Nuclei templates
After install, open a new terminal or run source ~/.bashrc, then:
enumrust --check-tools # verify all tools
enumrust -d target.com # start scanning
# Clone repository
git clone https://github.com/KingOfBugbounty/enumrust.git
cd enumrust
# Build release version
cargo build --release
## Installation
### Clone via GitHub Token (Private Repository)
To clone this repository, you need a GitHub Personal Access Token with `repo` scope.
1. **Generate your token** at [GitHub Settings > Developer settings > Personal access tokens](https://github.com/settings/tokens)
2. **Clone using HTTPS + Token:**
```bash
git clone https://$YOUR_GITHUB_TOKEN@github.com/tools-ofjaaah/enumrust.git
Or set the token as an environment variable:
export YOUR_GITHUB_TOKEN="ghp_xxxxxxxxxxxxxxxxxxxx"
git clone https://${YOUR_GITHUB_TOKEN}@github.com/tools-ofjaaah/enumrust.git
cd enumrust
git clone git@github.com:tools-ofjaaah/enumrust.git
Repository URL:
https://github.com/tools-ofjaaah/enumrust.git
# Domain enumeration with full scan
./target/release/enumrust -d example.com --subfinder --full-scan
# Domain enumeration (basic)
./target/release/enumrust -d example.com --subfinder
# Start dashboard on default port 8080
./target/release/enumrust --dashboard
# Start dashboard on custom port
./target/release/enumrust --dashboard --dashboard-port 3000
# Run scan with dashboard monitoring
./target/release/enumrust -d target.com --subfinder --full-scan --dashboard
First Access Setup:
🚀 Dashboard server starting on http://0.0.0.0:8080
📊 Access the dashboard and complete the initial setup
Setup Code: <random_16_char_code>
http://localhost:8080 in your browserRun EnumRust with all 21 tools pre-installed using Docker - zero configuration required.
# Build
docker build -t enumrust .
# Verify all 21 tools
docker run --rm enumrust --check-tools
# Run a scan
docker run --rm --privileged \
-v $(pwd)/results:/results \
enumrust -d target.com --subfinder --full-scan
# Dashboard mode
docker run --rm --privileged \
-p 8080:8080 \
-v $(pwd)/results:/results \
enumrust -d target.com --dashboard --full-scan
Note:
--privilegedis required for masscan (raw socket access). Omit it if you don't need port scanning.
👉 Full Docker Guide - Complete instructions, examples, volume mounts, troubleshooting, and more
EnumRust includes an MCP (Model Context Protocol) server that allows AI assistants like Claude Code, Cursor, and other MCP-enabled tools to invoke security scanning capabilities programmatically.
# Build from enumrust directory
cd enumrust
cargo build --release --package enumrust_mcp
| Tool | Description | Parameters |
|---|---|---|
subdomain_enum |
Passive subdomain discovery | domain: string |
dns_resolve |
DNS resolution to IPs | domains: string[] |
ip_scan |
Port scan + directory fuzzing | ip: string, ports?: string, wordlist?: string |
http_probe |
Check HTTP hosts alive status | hosts: string[] |
js_crawl |
Extract secrets/endpoints from JS | urls: string[] |
admin_finder |
Discover admin panels | hosts: string[] |
secrets_scan |
Scan for hardcoded secrets | hosts: string[] |
vuln_scan |
Run Nuclei vulnerability scan | hosts: string[] |
wordpress_scan |
WordPress vulnerability scan | urls: string[] |
info_disclosure |
S3/Actuator/GraphQL scanning | hosts: string[] |
full_scan |
Complete bug bounty scan | domain: string, options?: {workers?, discord_webhook?} |
Add to your MCP settings (~/.claude/settings.json or project .claude/mcp.json):
{
"mcpServers": {
"enumrust": {
"command": "/path/to/enumrust/enumrust-mcp",
"args": []
}
}
}
You: "Scan example.com for subdomains using enumrust"
Claude: (calls subdomain_enum tool)
-> Returns list of discovered subdomains
You: "Run a full bug bounty scan on example.com"
Claude: (calls full_scan tool)
-> Returns complete scan results
# Start the MCP server (stdio mode)
./target/release/enumrust-mcp
# Test with an MCP client
echo '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}' | ./target/release/enumrust-mcp
# Bug bounty scan with Discord notifications
./target/release/enumrust -d target.com \
--bugbounty \
--discord-webhook "https://discord.com/api/webhooks/YOUR_WEBHOOK"
# Aggressive bug bounty scan
./target/release/enumrust -d target.com \
--bugbounty \
--full-scan \
--workers 20 \
--discord-webhook "https://discord.com/api/webhooks/YOUR_WEBHOOK"
What it does: - ✅ Discovers admin panels on 15 different ports - ✅ Tests 40+ default credentials automatically - ✅ Sends Discord alerts for valid credentials found - ✅ Notifies about critical vulnerabilities & secrets - ✅ Generates detailed reports for bug submissions
👉 See BUGBOUNTY_MODE.md for complete guide
# Full enumeration with all sources
./target/release/enumrust -d target.com --full-scan
# Quick scan with specific tools
./target/release/enumrust -d target.com --subfinder
# Single IP
./target/release/enumrust --infraestrutura --ip-range 192.168.1.100
# CIDR notation
./target/release/enumrust --infraestrutura --ip-range 192.168.1.0/24
# IP range
./target/release/enumrust --infraestrutura --ip-range 192.168.1.1-192.168.1.254
# Comma-separated IPs
./target/release/enumrust --infraestrutura --ip-range 192.168.1.1,192.168.1.5,192.168.1.10
# From file
./target/release/enumrust -f targets.txt --full-scan
```bash
./target/release/enumrust -d target.com \ --ip-scan \ --i
$ claude mcp add enumrust \
-- python -m otcore.mcp_server <graph>