Metadata-Version: 2.4
Name: s2n
Version: 0.3.2
Summary: Plugin-based web vulnerabillity scanner library
Author-email: 503+1 <imapversion4@gmail.com>
License: MIT License
        
        Copyright (c) 2025 504s2n
        
        Permission is hereby granted, free of charge, to any person obtaining a copy
        of this software and associated documentation files (the "Software"), to deal
        in the Software without restriction, including without limitation the rights
        to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
        copies of the Software, and to permit persons to whom the Software is
        furnished to do so, subject to the following conditions:
        
        The above copyright notice and this permission notice shall be included in all
        copies or substantial portions of the Software.
        
        THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
        IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
        FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
        AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
        LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
        OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
        SOFTWARE.
        
Project-URL: Homepage, https://github.com/504s2n/s2n
Project-URL: Repository, https://github.com/504s2n/s2n
Project-URL: Issues, https://github.com/504s2n/s2n/issues
Requires-Python: >=3.9
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: requests>=2.28.0
Requires-Dist: beautifulsoup4>=4.12
Requires-Dist: selenium>=4.20
Requires-Dist: webdriver-manager
Requires-Dist: click>=8.0
Requires-Dist: rich>=13.0
Provides-Extra: dev
Requires-Dist: pytest; extra == "dev"
Requires-Dist: responses; extra == "dev"
Requires-Dist: pytest-cov; extra == "dev"
Requires-Dist: build; extra == "dev"
Requires-Dist: twine; extra == "dev"
Dynamic: license-file

# S2N — Plugin-based Web Vulnerability Scanner

[![PyPI Version](https://img.shields.io/pypi/v/s2n)](https://pypi.org/project/s2n/)
[![PyPI Downloads](https://static.pepy.tech/badge/s2n)](https://pepy.tech/project/s2n)
[![Monthly Downloads](https://img.shields.io/pypi/dm/s2n)](https://pypi.org/project/s2n/)
[![Docker Pulls](https://img.shields.io/docker/pulls/opens2n/s2n-docker.svg)](https://hub.docker.com/r/opens2n/s2n-docker)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

```mermaid
stateDiagram-v2

state "<pre><code>
  .-')                 .-') _  
 ( OO ).              ( OO ) ) 
(_)---\_) .-----. ,--./ ,--,'  
/    _ | / ,-.   \|   \ |  |\  
\  :` `. '-'  |  ||    \|  | ) 
 '..`''.)   .'  / |  .     |/  
.-._)   \ .'  /__ |  |\    |   
\       /|       ||  | \   |   
 `-----' `-------'`--'  `--'   
</pre></code>" as logo

style logo color: #FFF, fill:#0022FF
```

> A lightweight, plugin-driven web vulnerability scanner library.
> Core data types and interfaces are defined in `s2n.s2nscanner.interfaces`.
> More detailed type Documentation is available in [`interfaces.en.md`](/docs/interfaces.en.md).

---

- [PyPi s2n](https://pypi.org/project/s2n/)
- [Korean Documentation](./README.ko.md)

---

## Quick install

### CLI Usage

Execute a scan from the command line:

```bash
s2n scan \
  --url http://target.com \
  --all \
  --auth auto \
  --username admin \
  --password pass \
  --output-format html \
  --output results.html
```

Common options:

- `-u, --url`: Target URL to scan (Required)
- `-p, --plugin`: Select specific plugins (multiple allowed)
- `--all`: Run all default plugins
- `-a, --auth`: Authentication type (NONE, BASIC, BEARER, AUTO, etc.)
- `--login-url`: Login page URL for automatic authentication
- `-o, --output`: Save results to a file
- `--output-format`: Output format (JSON, HTML, CSV, CONSOLE, MULTI)
- `--crawler-depth`: Set crawling depth (Default: 2)
- `-v, --verbose`: Enable detailed logging

### Chrome Extension Usage (GUI)

S2N provides a user-friendly scanning experience via a Chrome Extension alongside the CLI. Follow these steps to link the extension with your local S2N host.

1. **Install Extension**: Install the S2N Scanner extension from the Chrome Web Store or via Developer Mode.
2. **Link Host**: Run the following command in your terminal to install the Native Messaging Host. This establishes communication between your browser and the local scanner. (It will automatically link to the official default Extension ID)
   ```bash
   s2n install-gui
   ```
3. Restart your browser and click the extension icon to start scanning.

### Python usage

```python
from s2n import Scanner, ScanConfig, PluginConfig, AuthConfig
from s2n.interfaces import Severity, AuthType

# Create ScanConfig
config = ScanConfig(
    target_url="http://target.com",
    scanner_config=ScannerConfig(crawl_depth=3),
    plugin_configs={
        "sql": PluginConfig(
            enabled=True,
            max_payloads=50
        )
    },
    auth_config=AuthConfig(
        auth_type=AuthType.BASIC,
        username="admin",
        password="pass"
    )
)

# Execute Scan with ScanConfig parameter
scanner = Scanner(config)
report = scanner.scan()

# 결과 처리
print(f"[RESULT]: {report.summary.total_vulnerabilities}개")
for result in report.plugin_results:
    for finding in result.findings:
        if finding.severity in [Severity.CRITICAL, Severity.HIGH]:
            print(f"[{finding.severity}] {finding.title}")

```

---

## Key type references

### Documentation

- Data type reference: `interfaces.en.md`
- Source: `interfaces.py`

### Core types and data models:

- `s2n.s2nscanner.interfaces.ScanConfig`
- `s2n.s2nscanner.interfaces.PluginConfig`
- `s2n.s2nscanner.interfaces.ScannerConfig`

### Results & reporting:

- `s2n.s2nscanner.interfaces.ScanReport`
- `s2n.s2nscanner.interfaces.Finding`

### Enums:

- `s2n.s2nscanner.interfaces.Severity`
- `s2n.s2nscanner.interfaces.PluginStatus`

## Features

- Plugin-based Architecture: Modular vulnerability checks for easy expansion.
- Advanced Crawling & Discovery: Universal login support and automatic attack point detection.
- Supported Plugins: SQL Injection, XSS, CSRF, JWT, OS Command Injection, File Upload, Brute Force, etc.
- Multiple UI Clients: Powerful CLI and Chrome Extension GUI for various workflows.
- Rich Reporting: Structured data models with support for JSON, HTML, CSV, and Console outputs.
- Cross-Platform Support: Optimized detection patterns for Windows, Linux, and macOS environments.
- Automated Testing: Integrated CI/CD support for security regression testing.

---

## LICENSE

---

## Contributing

Follow the project coding style and add tests for new features.  
Update type docs in interfaces.en.md when interfaces change.

---
