command-line tool with dashboard support, streamlining the entire work fl ow by automating the process of asset discovery, reconnaissance, and vulnerability scanning on the identi fi ed assets. Its capabilities also extends to supporting distributed scanning IS A MANTIS
Not just a tool collection framework Existing frameworks are designed to cater bug bounty professionals mostly While existing frameworks are feature rich, there are very less or no options out there to distribute scans Mantis is crafted to facilitate the development of new tools, based on the gathered information PURPOSE MANTIS
assets: • Top level domains • Subdomains • IP, IP-CIDR, IP Range • Certi fi cates • Public Repos (In Progress) Performs a recon to identify the following: • Open ports • CDN • Technologies • WAF • Web Server Scans for the following on active hosts: • CVE Scans • Secrets in public • Phishing Domains • CSP miscon fi gurations TLD WITH ORG CONTEXT: mantis onboard -o org_name -t top_level_domain mantis onboard -o org_name -f fi le_name (ip, tld etc.)
established only 4 to 5 years after the product's launch. REQUIREMENTS PRODUCT SECURITY TEAM 1 STAY VIGILANT REGARDING NEW ASSETS Multiple coordination efforts with different teams, including Infrastructure, are necessary to understand newly launched assets. 2 CONTINOUS SCANNING Implementing automation for continuous discovery of assets and vulnerabilities 3 SCANNING LARGE NO. OF ASSETS To achieve continuous scanning, there is a necessity to scale a single scan across multiple instances 5 VULNERABILITY MANAGEMENT Assets should be mapped to teams or applications to facilitate swift noti fi cations and responses 4