Web Vulnerability Scanner

ZelinScan
Find Before
They Do.

Automated multi-vector vulnerability scanner built for bug bounty hunters and pentesters. Detects SQLi, XSS, RCE, SSRF, LFI, SSTI, XXE, JWT flaws, open redirects, IDOR, and more.

Get Started → View Docs

Vuln Types

Threads

WAF

Detection

Capabilities

What it detects

Multi-vector scanning with intelligent payload validation to minimize false positives.

💉

SQL Injection

Error-based, time-based blind, and UNION-based detection. Covers MySQL, PostgreSQL, MSSQL, Oracle, SQLite.

Critical

🔥

Remote Code Execution

Detects command injection via output indicators and time-based sleep payloads. Checks for uid/gid leakage.

Critical

🧪

Server-Side Template Injection

Math expression evaluation (7*7=49), Jinja2/Twig/Freemarker/Velocity payload detection.

Critical

🌐

Cross-Site Scripting

Reflected XSS via parameter injection. Checks for unescaped script tags, event handlers, and javascript: URIs.

Medium

📁

Local File Inclusion

Path traversal detection including /etc/passwd leakage, Windows system file exposure, and base64-encoded output.

High

🔁

SSRF

Server-Side Request Forgery against cloud metadata endpoints (AWS/GCP/Azure) and internal services.

High

📦

XXE Injection

XML External Entity attacks including file read, error-based, and blind OOB detection patterns.

High

🔑

JWT Vulnerabilities

Algorithm confusion (none/HS256), weak secret brute-force indicators, and signature bypass detection.

High

↪️

Open Redirect

Tests redirect params (url, next, goto, return) with 8+ bypass payloads including protocol-relative and encoded URLs.

Medium

🔓

IDOR Detection

Increments numeric ID parameters and compares response diffs to detect insecure direct object references.

High

📨

Header Injection

Tests 12 HTTP headers (X-Forwarded-For, X-Host, Referer, etc.) with XSS and SQLi payloads.

Medium

🛡️

WAF Detection

Identifies Cloudflare, ModSecurity, Akamai, Imperva, AWS WAF, Sucuri, Barracuda, Fortinet, and more.

Recon

Installation

Get ZelinScan

Requires Python 3.8+. Install dependencies and run.

Clone & Install


                $ git clone https://github.com/zenithx/zelinscan
                $ cd zelinscan
                $ pip install -r requirements.txt

Quick Test


                $ python zelinscan.py -u http://testphp.vulnweb.com/listproducts.php?cat=1

Reference

CLI Arguments

Full list of flags and options.

Arguments

Flag	Default	Description
-u, --url	required	Target URL
-p, --params	—	Custom parameters (e.g. -p id page q)
-t, --threads	50	Number of concurrent threads
--timeout	5	Request timeout in seconds
-o, --output	auto	Output JSON file path
--proxy	—	HTTP proxy (e.g. http://127.0.0.1:8080)
--depth	2	Crawl depth for param discovery
--no-crawl	off	Disable auto parameter crawling
--rate-limit	0	Delay between requests (seconds)
-v, --verbose	off	Show every request/response detail
--all	off	Enable ALL extra scan modules
-d, --dir	payloads/	Custom payload directory

Examples

Common Usage

Copy-paste ready commands for common scenarios.

Basic scan

$ python zelinscan.py -u "https://target.com/page.php?id=1"

Full scan — all modules + verbose

$ python zelinscan.py -u "https://target.com" --all -v -o output.json

Scan through Burp Suite proxy

$ python zelinscan.py -u "https://target.com/search?q=test" --proxy http://127.0.0.1:8080

zelinscan — scan output

[*] Target : http://testphp.vulnweb.com/listproducts.php?cat=1 ------------------------------------------------------- [+] Found 1 params in URL [Critical] SQLi | http://testphp.vulnweb.com/listproducts.php?cat=1%27 [High] XSS | http://testphp.vulnweb.com/listproducts.php?cat=%3Cscript%3Ealert%281%29%3C%2Fscript%3E [*] Done! 2 findings saved

ZelinScan Find Before They Do.

What it detects

Get ZelinScan

CLI Arguments

Common Usage

Severity Matrix

ZelinScan
Find Before
They Do.