Paskto will passively scan the web using the Common Crawl internet index either by downloading the indexes on request or parsing data from your local system. URLs are then processed through Nikto and known URL lists to identify interesting content. Hash signatures are also used to identify known default content for some IoT devices or web applications.
Installation
You can install Paskto by copy & paste this to console or you can play with this tool in my docker image. Tested on Ubuntu:16.04
RUN apt-get install -y sudo && \
apt-get install -y curl && \
apt-get install -y git && \
curl -sL https://deb.nodesource.com/setup_6.x | sudo -E bash - && \
apt-get install -y nodejs && \
git clone https://github.com/szalek/paskto /home/paskto && \
chmod +x /home/paskto/paskto.js && \
/bin/sed -i '1s/^/#!\/usr\/bin\/env node\n/' /home/paskto/paskto.js && \
ln -s /home/paskto/paskto.js /usr/bin/paskto
Docker image
My pentest-tool docker image already contains Paskto
– https://hub.docker.com/r/szalek/pentest-tools/
More info here
– http://www.kitploit.com/2017/11/paskto-passive-web-scanner.html
– https://github.com/cloudtracer/paskto