OS3C is an open-source security testing tool for websites. Its primary focus is to help website owners and developers ensure the security and compliance of their websites. This tool is built with the ease of maintainability and extensibility in mind.
To run OS3C, you need to use the run.py script and specify the target URL using the -u or --url option.
python3 run.py -u https://www.example.comor if you have poetry installed:
- Install the dependencies
poetry install- Run with poetry
poetry run python ./run.py -u https://www.example.com This project is currently under heavy development.
- Develop a user-friendly interface (potentially web based)
- Support session based request.
- Enable saving of progress.
- Allow testing of dynamically loaded pages.
- Implemented
- Email extractor.
- Phone number extractor.
- Yet to be implemented
- SQLi detector.
- XSS detector.
- ...
If you are interested in contributing to the development of OS3C, please get in touch! We welcome contributions of all kinds, including bug reports, feature requests, and pull requests.
This tool is not intended to be used for illegal or malicious purposes. The creators and contributors of OS3C are not responsible for any misuse of the tool. Please use OS3C in accordance with all applicable laws and ethical principles.