Features • Keys • Install • Usage • Join Discord

• Passive Scan

  • Find assets with shodan
  • RapidDNS to get subdomains
  • Certsh to enumerate subdomains
  • DNS enumeration
  • Waybackurls to fetch old links
  • Find domains belonging to your target

• Normal / Agressive Scan

  • Domain http code
  • Web port scanning
  • Server information
  • HTTP security header scanner
  • CMS security identifier / misconfiguration scanner
  • Technology scanner
  • Programming Language check
  • Path Traversal scan
  • Web Crawler
  • OS detection
  • Nuclei vulnerability scanning
  • SSRF, XSS, Host header injection and Cors Misconfiguration Scanners.

Make sure you have GoLang installed, with out it you won't be able to install nuclei.

git clone https://github.com/gotr00t0day/Gsec.git

cd Gsec

pip3 install -r requirements.txt

# Make sure that nuclei-templates is cloned in the / directory. Gsec fetches the templates from ~/nuclei-templates
python3 install.py

Gsec will fetch the shodan API key from the core directory, the passive recon script supports scanning with shodan,
please save your shodan key in core/.shodan for the scan to be able to work.

Some outputs that are too large will be saved in a file in the output folder / directory.

# normal (passive and aggresive scans)

python3 gsec.py -t https://domain.com

# Passive Recon

python3 gsec.py -t https://domain.com --passive_recon

# Ultimate Scan (Scan for High and Severe CVEs and Vulnerabilities with nuclei)

python3 gsec.py --ultimatescan https://target.com

You can use Proxychains with tor for anonimity.

proxychains -q python3 gsec.py -t https://target.com

I'm working on adding proxy support for Gsec, it will be added in future releases.

In python3.10+ you might get an SSL error while running Gsec. To fix this issue just pip3 install ceritifi and then do /Applications/Python\ 3.10/Install\ Certificates.command and the issue will be fixed.