BestHub
Sign in
Information Security 6 min read

Master One-Click Info Collection & Scanning with jws-cli: A Python Security Tool

jws-cli is a Python‑based, extensible one‑click information collection and scanning tool that automates subdomain discovery, CDN and WAF detection, port and C‑segment scanning, and integrates third‑party vulnerability scanners, offering visual reports and email delivery for rapid penetration testing workflows.

Software Development Quality
Software Development Quality
Software Development Quality
Master One-Click Info Collection & Scanning with jws-cli: A Python Security Tool

Tool Introduction

Information collection is a crucial and often tedious phase of penetration testing. jws-cli is a Python‑based, extensible and customizable one‑click information collection tool designed to help testers quickly gather assets and perform reconnaissance in red‑team exercises and SRC projects.

Key Features

One‑click collection: subdomains, CDN detection, port scan, web fingerprint, C‑segment scan, WAF detection.</code><code>Collect assets by company name (e.g., "XX Ltd.") automatically.</code><code>Extend DNS dataset via custom configuration files.</code><code>Replace built‑in modules with third‑party tools (e.g., use ksubdomain for subdomain brute‑forcing).</code><code>Integrate third‑party vulnerability scanners such as afrog.</code><code>Generate visual result pages and push them to the user’s email.

Installation & Quick Start

python -m pip install --upgrade pip</code><code>pip install -r requirements.txt</code><code>python jws-cli.py -t example.com --auto</code><code>python jws-cli.py -f targets.txt --auto</code><code>python jws-cli.py -c "XX Ltd." --auto</code><code>python jws-cli.py --help

Configuration File

The configuration file resides at jws-cli/db/config.yaml. It includes sections for debug mode, table display, API keys (Zero, Quake, ZoomEye, Hunter, FOFA, etc.), automatic scan settings, smart mode, blacklist filters, report generation, and SMTP email settings, as well as detailed modules for subdomain, port, CIDR, and POC scanning.

Sample Config Snippet

debug_mode: False</code><code>show_table: True</code><code># API keys</code><code>api_key:</code><code>  zero_key: ""</code><code>  quake_key: ""</code><code>  zoomeye_mail: ""</code><code>  zoomeye_pass: ""</code><code># Auto scan settings</code><code>auto_setting:</code><code>  port_scan: True</code><code>  cidr_scan: True</code><code>  poc_scan: True</code><code>smart_mode: True</code><code>filter_blacklist: ['Microsoft', 'CDN', 'Azure', 'Tencent Cloud', 'Alibaba Cloud', 'Huawei Cloud', 'Amazon', '127.0.0.1']</code><code>generate_report: True</code><code>smtp_server: smtp.163.com</code><code>smtp_port: 465

Visualization

Pythonautomationvulnerability scanningPenetration Testingsecurity toolinformation gathering
Software Development Quality
Written by

Software Development Quality

Discussions on software development quality, R&D efficiency, high availability, technical quality, quality systems, assurance, architecture design, tool platforms, test development, continuous delivery, continuous testing, etc. Contact me with any article questions.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment