Home Hacking Tools Zeus Scanner – Dork Searching and Web Applications Vulnerability Assessment Tool

Zeus Scanner – Dork Searching and Web Applications Vulnerability Assessment Tool

by Unallocated Author
zeus scanner

Zeus scanner is an open source tool used for reconnaissance and vulnerability assessments of web applications. The tool is equipped with a powerful parsing engine to extract cached web pages from multiple search engines. During parsing, the robots.txt and sitemap.xml files information of target host is saved in a file on the local system.

The tool also has the ability to bypass the API calls, IP blocking, and captchas security while extracting data from search engines. Supported search engines include Google, Bing, AOL, and DuckDuckGo. Zeus supports Tor proxy and Tor browser emulation.

Besides the reconnaissance feature, Zeus also has the ability to assess various web vulnerabilities, such as SQLi, XSS, clickjacking, port scanning, admin panel information, and Whois lookup information. The vulnerability assessment can be performed either by running a default user-agent, personal user-agent, or one can select a random user-agent from an available pool of 4000 random user-agents scripts.

The record of the useful information obtained while scanning the target is saved in a log file. Zeus can also identify defensive strategies. This includes the identification of an intrusion detection system, intrusion prevention system, and web application firewalls.

How to Install Zeus Scanner

Zeus Scanner requires some libraries and packages to operate. The basic requirements include Firefox version 52-58, Sqlmap, libxml2-dev, libxslt1-dev, and python-dev. Firefox can be updated or installed using the following commands.

sudo apt-get update
sudo apt-get install firefox

Sqlmap can be installed from the github repository using the following command.

git clone https://github.com/sqlmapproject/sqlmap.git

libxml2-dev, libxslt1-dev,  and python-dev. can be installed as follows.

sudo apt-get install libxml2-dev libxslt1-dev python-dev

zeus libraries installation

Besides dev, libxslt1-dev, python-dev, Zeus requires some python packages, such as selenium-webdriver, requests, python-nmap, whichcraft, lxml, beautifulsoup, psutil, and pyvirtualdisplay. Before installing these packages, clone the Zeus Scanner setup from github repository using the following command.

clone https://github.com/ekultek/zeus-scanner.git

zeus cloning

The final step is to install the aforementioned python packages using the following commands.

cd zeus-scanner
sudo pip2 install -r requirements.txt

How Zeus Works

Run the Zeus tool by executing the zeus.py file in the following format.

sudo python zeus.py

The simplest way to scan a target is done by passing single dork scan argument (-d) to the following command.

python zeus.py –d <target website>

zeus scanning target

The tool starts extracting data from the search engines and saves the results in the root/zeus-scanner/log folder.

To run the dork list, the following command needs to be run in the terminal.

python zeus.py –l dork.txt

The dork.txt contains the urls to be scanned with the tool. The other arguments, e.g proxy setting, can also be appended with the commands in the following format.

python zeus.py –d <target website> --proxy=”proxy address here”

Similarly, we can use Zeus to check if the target host is vulnerable to SQL injections by sending the request to the sqlmap tool.

python zeus.py –s –d <target website> --sqlmap-args=”threads 5, level=3, risk=3, randomAgent true”

zeus sqlmap query

By running the above command, the tool validates the url and parameters required to proceed with the sql injection query.

What Bunny rating does it get?

The tool helps in finding certain client urls that are either blocked or hidden from public search forums. Such urls can be helpful in identifying possible hidden vulnerabilities that can be later exploited by the pen tester. The addition of tools like sqlmap in Zeus can verify the vulnerabilities and the false negatives, as a result we will be awarding this tool a rating of 4 out of 5 bunnies.

Want to learn more about ethical hacking?

We have a  networking hacking course that is of a similar level to OSCP, get an exclusive 95% discount HERE

Do you know of another GitHub related hacking tool?

Get in touch with us via the contact form if you would like us to look at any other GitHub ethical hacking tools.

You may also like

Latest Hacking News

Privacy Preference Center


The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]


DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.



The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid