Overview scan4all provides automated supply chain identification, analysis, and scanning capabilities. It detects dependencies, frameworks, libraries, and third-party components in web applications to identify potential supply chain vulnerabilities.
Supply Chain Security Modern applications rely on hundreds of dependencies. Vulnerabilities in any component can compromise the entire application. scan4all helps identify and assess these risks.
Automated Detection Technology Fingerprinting scan4all identifies technologies through multiple methods:
HTTP Headers : Server, X-Powered-By, X-GeneratorHTML Content : Meta tags, comments, embedded scriptsJavaScript Files : Framework signatures, library versionsCSS Patterns : Framework-specific stylesheetsFavicon Hashes : Unique identifiers for frameworksResponse Patterns : Characteristic response structures
Supported Ecosystems JavaScript
Python
PHP
Java
Go
Ruby
Package Managers : npm, yarn, pnpmFiles Detected : package.json, package-lock.json, yarn.lockFrameworks : React, Vue, Angular, Next.js, Nuxt.jsLibraries : jQuery, Lodash, Axios, Express
Package Managers : pip, poetry, pipenvFiles Detected : requirements.txt, Pipfile, pyproject.tomlFrameworks : Django, Flask, FastAPILibraries : Requests, NumPy, Pandas
Package Managers : ComposerFiles Detected : composer.json, composer.lockFrameworks : Laravel, Symfony, WordPressCMS : Drupal, Joomla, Magento
Build Tools : Maven, GradleFiles Detected : pom.xml, build.gradleFrameworks : Spring, Struts, HibernateServers : Tomcat, Weblogic, JBoss
Package Manager : Go modulesFiles Detected : go.mod, go.sumFrameworks : Gin, Echo, Beego
Package Manager : Bundler, RubyGemsFiles Detected : Gemfile, Gemfile.lockFrameworks : Rails, Sinatra Fingerprint Database scan4all uses extensive fingerprint databases:
EHole Fingerprints // pkg/fingerprint/dicts/eHoleFinger.json { "fingerprint" : [ { "cms" : "WordPress" , "method" : "keyword" , "location" : "body" , "keyword" : [ "wp-content" , "wp-includes" ] } ] }
Local Fingerprints // pkg/fingerprint/dicts/localFinger.json { "fingerprint" : [ { "cms" : "Laravel" , "method" : "keyword" , "location" : "header" , "keyword" : [ "laravel_session" ] } ] }
7000+ Fingerprints Including:
httpx fingerprints
vscan fingerprints (eHoleFinger, localFinger)
Custom scan4all fingerprints
Web framework signatures
CMS identification
Server technology detection
Detection Methods Keyword Matching method : "keyword" location : "body" | "header" | "title" | "all" keyword : [ "string1" , "string2" ]
Matches specific strings in responses.
Regular Expressions method : "regular" keyword : [ "regex_pattern" ]
Advanced pattern matching for version detection.
Favicon Hash method : "faviconhash" keyword : [ "hash_value" ]
Unique hashes identify specific frameworks/versions.
MD5 Signatures method : "md5" keyword : [ "md5_hash" ]
Exact content matching for known files.
Hex Patterns method : "hex" keyword : [ "hex_pattern" ]
Binary pattern matching for compiled assets.
Vulnerability Correlation POC Integration Once technologies are identified, scan4all:
Matches CVEs : Links detected versions to known vulnerabilitiesRuns POCs : Executes relevant proof-of-concept exploitsValidates : Confirms actual vulnerability vs. version-based detection
Nuclei Templates 15000+ POC detection capabilities:
# Example: CVE detection for vulnerable framework id : CVE-2023-XXXXX-laravel info : name : Laravel XXX Vulnerability severity : critical requests : - method : GET path : - "{{BaseURL}}/vulnerable-endpoint"
Xray POCs 300+ Xray 2.0 POCs included for:
Framework vulnerabilities
Library exploits
Supply chain attacks
Log4j Integration Critical Supply Chain Vulnerability Log4j vulnerabilities (Log4Shell) represent one of the most severe supply chain attacks. scan4all includes dedicated detection.
Python Integration scan4all links with log4j-scan :
# Setup log4j scanner mkdir ~/MyWork/ cd ~/MyWork/ git clone https://github.com/hktalent/log4j-scan # Automatically integrated with scan4all ./scan4all -host target.com
Enhanced Features
Privacy Protection : Prevents target info leakage to DNS Log serversElasticsearch Integration : Batch results storageAutomatic Detection : Triggered when Java applications detected
File Discovery Sensitive File Detection Automatic discovery of supply chain artifacts:
Common Targets: - package.json # Node.js dependencies - package-lock.json # Locked versions - yarn.lock # Yarn dependencies - composer.json # PHP dependencies - composer.lock # Locked PHP versions - requirements.txt # Python dependencies - Pipfile # Python pipenv - pom.xml # Maven dependencies - build.gradle # Gradle dependencies - go.mod # Go modules - go.sum # Go checksums - Gemfile # Ruby dependencies - Gemfile.lock # Locked Ruby versions
Configuration Custom file fuzzing dictionaries:
{ "filedic" : "brute/dicts/filedic.txt" , "enableFileFuzz" : true }
Source Map Analysis JavaScript Source Maps Detect exposed source maps revealing:
Original source code
Development dependencies
Internal API endpoints
Comments and debug info
Target Files: - *.js.map - *.css.map - webpack source maps - TypeScript maps
Version Detection Accurate Version Identification // From fingerprint scanner if ok , version := detectVersion ( response ) { // Check for known vulnerabilities in this version vulns := checkCVE ( technology , version ) }
Version Sources
Meta Tags : <meta name="generator" content="WordPress 5.8.1">Headers : X-Powered-By: Express 4.17.1Comments : <!-- Built with Vue.js 3.2.0 -->Paths : /static/js/react.17.0.2.jsPatterns : Version-specific code patterns
CDN Detection External Dependencies Identify third-party CDN usage:
Common CDNs: - cdnjs.cloudflare.com - unpkg.com - jsdelivr.net - ajax.googleapis.com - code.jquery.com
Security Implications
SRI Missing : Subresource Integrity not implementedOutdated Versions : Old libraries on CDNsCDN Compromise : Third-party supply chain risk
Output and Reporting Supply Chain Report { "target" : "example.com" , "supply_chain" : { "frontend" : { "framework" : "React 17.0.2" , "dependencies" : [ "react-router 5.2.0" , "axios 0.21.1 (VULNERABLE: CVE-2021-XXXX)" , "lodash 4.17.20 (VULNERABLE: CVE-2021-YYYY)" ] }, "backend" : { "framework" : "Express 4.17.1" , "language" : "Node.js" , "detected_files" : [ "package.json" , "package-lock.json" ] }, "vulnerabilities" : [ { "component" : "axios" , "version" : "0.21.1" , "cve" : "CVE-2021-XXXX" , "severity" : "high" } ] } }
Elasticsearch Integration Store supply chain data for analysis:
# Enable Elasticsearch storage ./config/initEs.sh # Results automatically indexed # Query specific technology http://127.0.0.1:9200/supply_chain_index/_search?q =framework:Laravel
Advanced Features Intelligent Processing From README.md:
Smart processing:
When the IPs of multiple domain names in the list are the same, merge port scans to improve efficiency
Intelligently handle http abnormal pages, and fingerprint calculation and learning
Automated supply chain identification, analysis and scanning
Self-Learning Fingerprint calculation and learning:
Adapt to new frameworks
Learn from false positives
Improve detection accuracy over time
Best Practices
Enable File Fuzzing
Discover dependency manifests: enableFileFuzz = true ./scan4all -host target.com
Use Nuclei Templates
Enable comprehensive POC checking: enableNuclei = true ./scan4all -host target.com
Store Results
Use Elasticsearch for trend analysis: # Track dependencies over time # Identify common vulnerable components
Regular Scanning
Continuous monitoring: # Daily/weekly scans # Alert on new vulnerabilities # Track dependency updates
Use Cases Security Audits # Complete supply chain audit enableFileFuzz = true enableNuclei = true ./scan4all -host target.com -o audit.json
Vulnerability Management # Track vulnerable dependencies ./scan4all -l production_apps.txt -o vuln_report.json
Compliance # Document all third-party components ./scan4all -host app.example.com -json -o compliance_report.json
Bug Bounty # Find outdated dependencies enableFileFuzz = true ./scan4all -host target.com
Troubleshooting No Dependencies Detected # Enable file fuzzing enableFileFuzz = true ./scan4all -host target.com # Check if files are accessible curl https://target.com/package.json
False Positives # Adjust fingerprint matching # Edit fingerprint databases: # - config/config.json # - pkg/fingerprint/dicts/
# Limit file fuzzing # Reduce dictionary size # Focus on specific technologies
See Also