-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathNucleiScanner.sh
156 lines (135 loc) · 5.29 KB
/
NucleiScanner.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#!/bin/bash
# ANSI color codes
RED='\033[91m'
RESET='\033[0m'
# ASCII art
echo -e "${RED}"
cat << "EOF"
_ __ __ _ _____
/ | / /_ _______/ /__ (_) ___/_________ _____ ____ ___ _____
/ |/ / / / / ___/ / _ \/ /\__ \/ ___/ __ `/ __ \/ __ \/ _ \/ ___/
/ /| / /_/ / /__/ / __/ /___/ / /__/ /_/ / / / / / / / __/ /
/_/ |_/\__,_/\___/_/\___/_//____/\___/\__,_/_/ /_/_/ /_/\___/_/ v1.0.0
EOF
echo -e "${RESET}"
# Help menu
display_help() {
echo -e "NucleiScanner is a Powerful Automation tool for detecting Unknown Vulnerabilities in Web Applications\n\n"
echo -e "Usage: $0 [options]\n\n"
echo "Options:"
echo " -h, --help Display help information"
echo " -d, --domain <domain> Single domain to scan for Unknown Vulnerabilities"
echo " -f, --file <filename> File containing multiple domains/URLs to scan"
exit 0
}
# Get the current user's home directory
home_dir=$(eval echo ~"$USER")
excluded_extentions="png,jpg,gif,jpeg,swf,woff,svg,pdf,css,webp,woff,woff2,eot,ttf,otf,mp4"
# Check if subfinder is installed, if not, install it
# if ! command -v subfinder -up &> /dev/null; then
# echo "Installing Subfinder..."
# go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
# fi
# Check if Gau is installed, if not, install it
# if ! command -v gau &> /dev/null; then
# echo "Installing Gau..."
# go install -v github.com/lc/gau/v2/cmd/gau@latest
# fi
# Check if ParamSpider is already cloned and installed
# if [ ! -d "$home_dir/ParamSpider" ]; then
# echo "Cloning ParamSpider..."
# git clone https://github.com/0xKayala/ParamSpider "$home_dir/ParamSpider"
# fi
# Check if nuclei-templates is already cloned.
if [ ! -d "$home_dir/nuclei-templates" ]; then
echo "Cloning nuclei-templates..."
git clone https://github.com/projectdiscovery/nuclei-templates.git "$home_dir/nuclei-templates"
fi
# Check if nuclei is installed, if not, install it
# if ! command -v nuclei -up &> /dev/null; then
# echo "Installing Nuclei..."
# go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
# fi
# Check if httpx is installed, if not, install it
# if ! command -v httpx -up &> /dev/null; then
# echo "Installing httpx..."
# go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
# fi
# Parse command line arguments
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
-h|--help)
display_help
;;
-d|--domain)
domain="$2"
shift
shift
;;
-f|--file)
filename="$2"
shift
shift
;;
*)
echo "Unknown option: $key"
display_help
;;
esac
done
# Step 0: Ask the user to enter the domain name or specify the file
if [ -z "$domain" ] && [ -z "$filename" ]; then
echo "Please provide a domain with -d or a file with -f option."
display_help
fi
# Step 1: Collect subdomains using subfinder
if [ -n "$domain" ]; then
echo "Collecting subdomains using subfinder"
subfinder -d "$domain" -all -o "output/sub.txt" -silent
fi
# Step 2: Collecting URLs by Filtering out unwanted extensions using gau
if [ -f "output/sub.txt" ]; then
echo "Collecting URLs by Filtering out unwanted extensions from 'output/sub.txt' using gau"
cat "output/sub.txt" | gau --subs --blacklist "$excluded_extentions" --o "output/gau.txt"
fi
# Step 3: Get the vulnerable parameters based on user input
if [ -n "$domain" ]; then
echo "Running ParamSpider on $domain"
python3 /root/ParamSpider/paramspider.py -d "$domain" --exclude "$excluded_extentions" --level high --quiet -o "output/$domain.txt"
elif [ -n "$filename" ]; then
echo "Running ParamSpider on URLs from $filename"
while IFS= read -r line; do
python3 /root/ParamSpider/paramspider.py -d "$line" --exclude "$excluded_extentions" --level high --quiet -o "output/$line.txt"
cat "output/$line.txt" >> "$output_file" # Append to the combined output file
done < "$filename"
fi
# Step 4: Combine URLs collected by ParamSpider and gau
if [ -f "output/gau.txt" ]; then
echo "Combining URLs collected by ParamSpider and gau"
cat "output/$domain.txt" "output/gau.txt" > "output/allurls.txt"
urls_file="output/allurls.txt"
else
urls_file="output/$domain.txt"
fi
# Step 5: Check whether URLs were collected or not
if [ ! -s "output/$domain.txt" ] && [ ! -s "output/gau.txt" ] && [ ! -s "output/allurls.txt" ]; then
echo "No URLs Found. Exiting..."
exit 1
fi
# Step 6: Run the Nuclei Scanning templates on the collected URLs
echo "Running Nuclei on Collected URLs"
if [ -n "$domain" ]; then
# Use a temporary file to store the sorted and unique URLs
temp_file=$(mktemp)
sort "$urls_file" | uniq > "$temp_file"
httpx -silent -mc 200,301,302,403 -l "$temp_file" | nuclei -t "$home_dir/nuclei-templates" -es info -rl 05
rm -r "$temp_file" # Remove the temporary file
elif [ -n "$filename" ]; then
sort "$urls_file" | uniq > "$temp_file"
httpx -silent -mc 200,301,302,403 -l "$temp_file" | nuclei -t "$home_dir/nuclei-templates" -es info -rl 05
rm -r "$temp_file" # Remove the temporary file
fi
# Step 7: End with a general message as the scan is completed
echo "Scan is completed - Happy Hunting"