mantis: automates the workflow of discovery, reconnaissance, and vulnerability scanning
Mantis
Mantis is a command-line framework designed to automate the workflow of asset discovery, reconnaissance, and scanning. It takes the top-level domains as input, and then seamlessly progresses to discovering corresponding assets, including subdomains and certificates. The tool performs reconnaissance on active assets and concludes with a comprehensive scan for vulnerabilities, secrets, misconfiguration, and phishing domains – all powered by a blend of open-source and custom tools.
Mantis is a security framework engineered to provide exceptional value and convenience to both product security teams and bug bounty hunters alike.
- Our innovative framework offers unparalleled ease-of-use and customizable automation for all your recon needs
- With Mantis, you can take advantage of our advanced alerting capabilities and faster scanning times to fortify your defenses and stay ahead of the game
Features
- Automated Discovery, Recon & Scan
- Distributed Scanning (split a single scan across multiple machines)
- Super-Easy Scan Customisation
- Dashboard Support
- Vulnerability Management
- Advanced Alerting
- DNS Service Integration
- Integrate new tools (existing and custom) in minutes
Modules
- Discovery
- Subdomains
- Certificates
- Recon
- Open Ports
- Technologies
- CDN
- WAF
- Web Server
- IP
- ASN Information
- Location
- Scan
- Domain Level Vulnerabilities and Misconfigurations
- Secrets Scanning
- Phishing Domains
Mantis supports multiple installation types. Installing Mantis via Docker would be a good start to get a hang of the framework.
Considering that Mantis also includes MongoDB and AppSmith, we have provided a shell script that installs all the components.
Install & Use
Copyright (C) 2024 PhonePe
