Skip to content
/ batman Public

Batman security auditor tool which has captcha detection , rate limit detector in site bulk or single domain

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

RuturajS/batman

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
.github/workflows
.github/workflows
 
 
Conturibution.MD
Conturibution.MD
 
 
README.md
README.md
 
 
batman.py
batman.py
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 

Repository files navigation

Batman Security Auditor

Batman Security Auditor

Batman is a comprehensive CLI security auditing tool for web applications. It helps developers and security researchers identify common security issues such as missing headers, exposed forms, weak rate limiting, and CAPTCHA implementation gaps.

🚀 Features

  • CAPTCHA Detection: Identifies Google reCAPTCHA, hCaptcha, and Cloudflare Turnstile presence on pages and forms.
  • Security Headers Analysis: Checks for essential security headers like Strict-Transport-Security, X-Frame-Options, Content-Security-Policy, etc.
  • Rate Limit Testing: Tests API endpoints or pages for rate limiting effectiveness.
  • Form Analysis: Scans forms for potential vulnerabilities like missing CSRF tokens and CAPTCHA protections.
  • SSL/TLS Verification: Validates SSL certificates and HTTPS configuration.
  • Comprehensive Reporting: Generates colorful CLI output or JSON reports for further analysis.

🛠️ Installation

  1. Clone the repository:

    git clone https://github.com/RuturajS/batman.git
cd batman/batman

  2. Install dependencies:

    pip install -r requirements.txt

    Alternatively, you can install the package directly:

    pip install .

📖 Usage

Batman works as a command-line interface (CLI) tool. You can run scans against a single URL or a list of targets from a file.

Basic Command Structure

python batman.py [COMMAND] [URL] [OPTIONS]

Commands

1. Full Security Audit

Performs all available checks on the target URL.

python batman.py fullscan https://example.com

2. Detect CAPTCHA

Scans the page to see if any CAPTCHA systems are implemented.

python batman.py captcha https://example.com

3. Check Security Headers

Analyzes the HTTP response headers for security best practices.

python batman.py headers https://example.com

4. Test Rate Limiting

Sends multiple requests to test if the server handles rate limiting correctly.

python batman.py ratelimit https://example.com --count 50 --delay 0.1

5. Analyze Forms

Scans the page for forms and checks for CSRF tokens and CAPTCHA fields.

python batman.py forms https://example.com

Common Options

  • --input-file, -i: Path to a file containing a list of URLs to scan (one per line).
  • --output, -o: Save the results to a JSON file.
  • --verbose, -v: Enable verbose output for more details.
  • --help: Show help message for any command.

🤝 Contribution

We welcome contributions! Please see Contribution.MD for guidelines on how to get started.

📄 License

This project is licensed under the MIT License. See setup.py for details.

Created by Ruturaj Sharbidre

About

Batman security auditor tool which has captcha detection , rate limit detector in site bulk or single domain

Topics

security-audit security-scanner automation-testing vapt vapt-report captcha-detector

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages