README

Sentinel

Advanced Interactive Web Path Discovery Tool

ek0ms savi0r

Sentinel is a feature-rich, interactive command-line tool for web path enumeration and directory discovery.It combines the power of asynchronous scanning with comprehensive reporting capabilities.

Disclaimer

IMPORTANT: Unauthorized scanning of systems you do not own or lack explicit written permission to test is illegal. This tool is intended for legitimate security assessments only. Users are solely responsible for complying with all applicable laws and regulations. The developer assumes no liability for misuse or damage caused by this tool.

Features

Asynchronous Scanner – High-performance concurrent requests with connection pooling
Recursive Scanning – Automatically discovers and scans subdirectories up to specified depth
Smart Hit Detection – Tracks full redirect chains and counts hits appropriately
Wildcard Detection – Identifies and filters catch-all responses automatically
Content Fingerprinting – MD5 hashing to identify and filter duplicate pages
Flexible Filtering – Filter by status codes, content sizes, and regex patterns
Multiple HTTP Methods – Support for GET, POST, HEAD, and other methods
Rate Limiting & Delays – Control request rate to avoid overwhelming servers
Network Information – Displays local interface, IP, MAC, and gateway
Military-Grade Reports – Comprehensive executive summaries with risk assessment
Multiple Output Formats – Save results as text, JSON, or CSV
Clipboard Support – Optional paste functionality for URLs

Installation

Step 1: Clone the Repository

git clone https://github.com/ekomsSavior/Sentinel.git
cd Sentinel

Step 2: Install Required Dependencies

pip3 install aiohttp aiofiles tqdm colorama

Optional but recommended for full features:

pip3 install pyperclip netifaces

Step 3: Make the Script Executable (Optional)

chmod +x sentinel.py

You can now run the tool directly from the Sentinel directory.

Usage

Basic Execution

python3 sentinel.py

The tool is fully interactive. After launching, you will be guided through a series of prompts to configure your scan.

Interactive Configuration Prompts

Prompt	Description
Target URL	The base URL to scan (must start with http:// or https://)
Wordlist path	Path to your wordlist file (e.g., /usr/share/wordlists/dirb/common.txt)
Concurrent requests	Number of simultaneous connections (default: 50)
Max requests per second	Rate limiting (0 = unlimited)
Delay between requests	Pause between requests in seconds
Request timeout	Maximum wait time per request in seconds
HTTP method	GET, POST, HEAD, etc. (default: GET)
Custom headers	Add headers like "User-Agent: Sentinel/1.0"
Cookie data	Session cookies for authenticated scans
File extensions	Append extensions like php,html,asp
Match codes	Only show specific status codes (e.g., 200,301)
Filter codes	Exclude specific status codes (e.g., 404)
Filter sizes	Exclude specific content sizes (e.g., 0,1234)
Regex filter	Filter URLs by path pattern
Recursive scanning	Enable/disable subdirectory discovery
Max recursion depth	How deep to scan (if recursive enabled)
Content fingerprinting	Enable MD5 duplicate detection
Save results	Output file path (optional)
Output format	text, json, or csv
Generate report	Create executive summary

Example Session

python3 sentinel.py

--- Configuration ---
[?] Enter target URL: https://example.com
[?] Path to wordlist file: /usr/share/wordlists/dirb/common.txt
[?] Concurrent requests (default 50): 100
[?] Max requests per second (0 for unlimited): 50
[?] Delay between requests in seconds: 0
[?] Request timeout in seconds (default 10): 5
[?] HTTP method (GET/POST/HEAD/etc.) [GET]: GET
[?] File extensions to try: php,html
[?] Enable recursive directory scanning? (y/N): y
[?] Maximum recursion depth (default 2): 2
[?] Enable content fingerprinting? (Y/n): Y
[?] Generate executive report? (Y/n): Y

--- Starting Scan ---
[*] Loaded 4614 base words
[*] Wildcard baseline: Status 404, Size 162
Scanning depth 0: 100%|████████████| 13842/13842 [00:45<00:00, 304.21req/s]
[+] https://example.com/admin/ (Status: 403, Size: 294)
[+] https://example.com/robots.txt (Status: 200, Size: 126)
...
[*] Scan completed. Found 23 interesting items.
[+] Report saved to: /home/user/sentinel_reports/example.com_20250309_143022.txt

Using with Proxychains

For anonymity or routing through proxy chains:

proxychains python3 sentinel.py

Wordlist Recommendations

For optimal results, use comprehensive wordlists:

SecLists: git clone https://github.com/danielmiessler/SecLists.git
Kali default: /usr/share/wordlists/dirb/common.txt
Dirbuster: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt

Output and Reporting

Raw Results

If you specify an output file, results are saved in your chosen format (text, JSON, or CSV) with full details including redirect chains and timestamps.

Executive Reports

Military-grade reports are automatically saved to ~/sentinel_reports/ with filenames formatted as target_timestamp.txt. Each report includes:

Scan metadata (target, duration, parameters)
Local network information
Findings grouped by status code
Risk assessment (Critical, High, Medium, Low)
Detailed findings with redirect chains and hashes
Timestamps for all discoveries

Example report excerpt:

================================================================================
                         SENTINEL EXECUTIVE REPORT
================================================================================

Report generated: 2025-03-09 14:30:22
Target: https://example.com
Wordlist: /usr/share/wordlists/dirb/common.txt
Scan duration: 0:01:23.456789

--- NETWORK INFO ---
Interface: wlan0
IP Address: 10.0.0.124
MAC Address: 9c:4e:36:c1:e7:f4
Gateway: 10.0.0.1

--- FINDINGS SUMMARY ---
Total interesting items: 23
By status code:
  200: 5
  301: 8
  403: 6
  401: 4

--- RISK ASSESSMENT ---
Critical (accessible resources): 5
High (redirects): 8
Medium (authentication required, forbidden): 10
Low (server errors): 0

Performance Considerations

Concurrency: Start with 50 threads and adjust based on target responsiveness
Rate Limiting: Use on production systems to avoid detection or service disruption
Timeouts: Shorter timeouts (3-5 seconds) speed up scans but may miss slow responses
Wordlist Size: Larger wordlists increase coverage but scan time proportionally

Troubleshooting

Issue	Solution
"Module not found" errors	Install missing dependencies with pip3
No results found	Try a larger wordlist; verify target is reachable; check filters
Scan too slow	Increase concurrency, reduce delay, disable rate limiting
Too many false positives	Enable wildcard detection and fingerprinting
SSL certificate errors	Target may have invalid certs; consider using http:// or ignore (not recommended)

Legal and Ethical Guidelines

Always obtain written authorization before scanning any system

source code

files

viewer

select a file

// click a file to view source

license

MIT License Copyright (c) 2026 ek0mssavi0r / Church of Malware Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. USE AT YOUR OWN RISK. NO WARRANTY PROVIDED.

Sentinel_webpath_discovery