Artemis Security Scanner

Artemis is an open-source security vulnerability scanner developed by CERT PL. It is built to look for website misconfigurations and vulnerabilities on a large number of sites. It automatically prepares reports that can be sent to the affected institutions. Thanks to its modular architecture, it can be used to combine the results of various other tools in a single dashboard.

Artemis features:

subdomain scan using crt.sh and gau (https://github.com/lc/gau), Shodan integration (to use it, you will need to provide the SHODAN_API_KEY configuration variable, see Configuration options), brute-forcing of interesting paths (e.g. .env), brute-forcing of easy WordPress/MySQL/PostgreSQL/FTP passwords, email configuration verification (misconfigured SPF/DMARC, open relays), Wordpress/Joomla/Drupal/WordPress plugin version check, a check for VCS folders (e.g. .git), a check for enabled directory index, port scanning, metrics export for Prometheus (including data such as number of processed or crashed tasks): http://127.0.0.1:5000/metrics easy extensibility via plug-and-play modules, easy integration of a new tool, HTTP API to facilitate integration with other tools.

Besides, the additional modules repository (https://github.com/CERT-Polska/Artemis-modules-extra/) includes: SQL injection check, subdomain takeover check, SSL configuration check.

Artemis is able to automatically generate reports containing findings description (to do that, please refer to Generating reports to be sent).