CryptoScanner - Cryptocurrency Wallet Scanner

Cryptocurrency Wallet Scanner

A responsible security-research demonstration tool for identifying wallet vulnerabilities with async scanning patterns.

$ python scanner.py
>> Initializing in TESTMODE (safe)
>> Generating 1000 test wallets...
>> Scanning complete: 0 vulnerabilities found
>> Memory usage: 42MB
>> Execution time: 1.8s

Technical Features

Async Architecture

10-15x faster than traditional sequential scanning with concurrent wallet generation and balance checking.

Secure Defaults

TESTMODE enabled by default with mock responses to prevent accidental live network calls.

Rate Limiting

Adaptive delays prevent API throttling with semaphore-controlled concurrent requests (default: 15).

Connection Pooling

Efficient HTTP connection reuse with aiohttp reduces overhead by ~60%.

Secure RNG

Cryptographically secure private key generation using Python's secrets module.

Error Recovery

Graceful handling of API failures and network issues without crashing the scanning process.

Usage

Safe Testing (Default)

# Run in test mode (safe - no live API calls)
python scanner.py

Authorized Research Only

# Enable live mode ONLY with proper authorization
python scanner.py live

Configuration Options

Environment Variables

TESTMODE: Set to false to enable live API calls (default: true)
MAX_CONCURRENT: Maximum concurrent requests (default: 15)
BTC_DELAY: Minimum delay between BTC API calls (default: 0.5s)
ETH_DELAY: Minimum delay between ETH API calls (default: 0.3s)

Advanced Usage

# Custom scanner configuration
async with WalletScanner(max_concurrent_requests=10) as scanner:
await scanner.run_scan(target_scans=1000)

Security Features

Responsible Disclosure Process

Do not publish details. Keep findings confidential.
Prepare a short private report with issue summary, affected components, and suggested mitigations.
Send the report privately to the operator with a reasonable deadline (e.g. 30 days).
Offer to coordinate remediation or provide further guidance.
If acknowledged and fixed, optionally coordinate a public, non-technical disclosure.

Remediation Checklist

Require API keys, OAuth, or mTLS for endpoints
Implement both global and per-IP throttling
Sanitize all inputs; treat addresses as untrusted
Never expose private keys via APIs or logs
Enforce TLS, HSTS, and strict CSP

Legal & Ethical Reminder

Important Notice

You are responsible for how you use the materials in this repository. Running active scans or attempting to extract funds from third-party wallets is illegal in many jurisdictions and will not be supported.

This tool is designed for:

Security research with proper authorization
Educational purposes in controlled environments
Testing your own infrastructure
Demonstrating async programming patterns

This tool is NOT for:

Scanning third-party wallets without permission
Attempting to extract funds
Bypassing security measures
Any form of financial fraud or theft

Remember: With great power comes great responsibility. Use this tool ethically and legally.