Mantis features
The framework conducts reconnaissance on active assets and completes its operation with a scan for vulnerabilities, secrets, misconfigurations, and potential phishing domains, utilizing open-source and proprietary tools.
Some of the features that make Mantis stand out are:
- Automated discovery, recon, and scan
- Distributed scanning (split a single scan across multiple machines)
- Scan customization
- Dashboard support
- Vulnerability management
- Advanced alerting
- DNS service integration
- Integrate new tools (existing and custom) in minutes
“Last year, we explored open-source frameworks our organization can use to monitor assets. We wanted to set up an asset discovery framework that allows us to add custom scripts, enable or disable tools to run based on configs, scale, and deploy the framework across a cluster of VMs. We also wanted to find a way to ingest domains from DNS services into our databases. This led us to create Mantis, an asset discovery framework that could help bug bounty hunters as well as security teams,” Prateek Thakare, lead developer of Mantis, told Help Net Security.
System requirements
- Supported OS: Ubuntu, macOS
- 4GB RAM
- 2 cores
- 16GB of storage
Mantis is CPU intensive, so it’s advisable to run it on a dedicated virtual machine.
Future plans and download
“We are planning to have our dashboard making it easier to view and monitor the assets. We will also work on improvising the discovery, recon, and scan process by adding new tools and custom scripts,” Thakare concluded.
Mantis is available for free on GitHub.
The OSINT Handbook: A practical guide to gathering and analyzing online information
InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot