README
¶
frameseven
frameseven is a CLI-first offensive web security scanner for authorized security testing. It maps a target's attack surface and runs active checks for common web vulnerabilities and misconfigurations.
Only scan systems that you own or have explicit permission to test.
Requirements
- Go 1.26.4 or later in the Go 1.26 release line
- Git
- Network access to the authorized target
- Linux, macOS, or another environment supported by Go
Development Setup
git clone https://github.com/sayseven7/frameseven.git
cd frameseven
go test ./...
go run cmd/cli/v1/main.go -url https://target.example
Documentation
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
cli/v1
command
|
|
|
mcp
command
|
|
|
internal
|
|
|
cve
Package cve maps detected technology versions to known CVEs using the public NVD API 2.0.
|
Package cve maps detected technology versions to known CVEs using the public NVD API 2.0. |
|
mcp
Package mcp exposes the FrameSeven MCP server.
|
Package mcp exposes the FrameSeven MCP server. |
|
report
Package report defines the scan result structure and renders CLI v1 reports.
|
Package report defines the scan result structure and renders CLI v1 reports. |
|
tools/v1/access
Package access tests broken access control: sensitive endpoints reachable without authentication, and IDOR by enumerating numeric identifiers.
|
Package access tests broken access control: sensitive endpoints reachable without authentication, and IDOR by enumerating numeric identifiers. |
|
tools/v1/bannergrab
Package bannergrab checks lightweight service banners for selected TCP services.
|
Package bannergrab checks lightweight service banners for selected TCP services. |
|
tools/v1/content
Package content discovers common web content paths.
|
Package content discovers common web content paths. |
|
tools/v1/crawler
Package crawler expands endpoint discovery by visiting already discovered same-origin pages and extracting additional links and form actions.
|
Package crawler expands endpoint discovery by visiting already discovered same-origin pages and extracting additional links and form actions. |
|
tools/v1/lfi
Package lfi tests local file inclusion and path traversal: it injects traversal and PHP stream-wrapper payloads into parameters that look like file paths and confirms a hit when local file contents come back.
|
Package lfi tests local file inclusion and path traversal: it injects traversal and PHP stream-wrapper payloads into parameters that look like file paths and confirms a hit when local file contents come back. |
|
tools/v1/misconfig
Package misconfig checks for security misconfiguration: missing security headers, dangerous HTTP methods, permissive CORS and weak TLS.
|
Package misconfig checks for security misconfiguration: missing security headers, dangerous HTTP methods, permissive CORS and weak TLS. |
|
tools/v1/nmap
Package nmap checks whether Nmap is available for Framework v1 integrations.
|
Package nmap checks whether Nmap is available for Framework v1 integrations. |
|
tools/v1/ports
Package ports performs light TCP checks against common web-facing ports.
|
Package ports performs light TCP checks against common web-facing ports. |
|
tools/v1/ratelimit
Package ratelimit measures whether the target throttles repeated requests by firing a burst and observing status-code and latency variation.
|
Package ratelimit measures whether the target throttles repeated requests by firing a burst and observing status-code and latency variation. |
|
tools/v1/recon
Package recon maps the attack surface of a target: DNS, response headers, technologies in use, sensitive files, and reachable endpoints/parameters.
|
Package recon maps the attack surface of a target: DNS, response headers, technologies in use, sensitive files, and reachable endpoints/parameters. |
|
tools/v1/scanner
Package scanner orchestrates a full scan: it maps the surface with recon and then runs every test and enrichment module against it, returning a report.
|
Package scanner orchestrates a full scan: it maps the surface with recon and then runs every test and enrichment module against it, returning a report. |
|
tools/v1/sqli
Package sqli detects SQL injection (boolean-based) and, when a parameter is injectable, extracts real data with UNION-based payloads: DBMS, current database, current user, tables, columns and credential rows.
|
Package sqli detects SQL injection (boolean-based) and, when a parameter is injectable, extracts real data with UNION-based payloads: DBMS, current database, current user, tables, columns and credential rows. |
|
tools/v1/sqlmap
Package sqlmap checks whether sqlmap is available for Framework v1 integrations.
|
Package sqlmap checks whether sqlmap is available for Framework v1 integrations. |
|
tools/v1/ssrf
Package ssrf tests server-side request forgery: it injects internal and cloud-metadata URLs into parameters that look like URLs and confirms a hit when the server returns metadata-service content.
|
Package ssrf tests server-side request forgery: it injects internal and cloud-metadata URLs into parameters that look like URLs and confirms a hit when the server returns metadata-service content. |
|
tools/v1/subdomain
Package subdomain resolves a small seed list of common subdomain names.
|
Package subdomain resolves a small seed list of common subdomain names. |
Click to show internal directories.
Click to hide internal directories.