diff --git a/README.md b/README.md
new file mode 100644
index 0000000..907f118
--- /dev/null
+++ b/README.md
@@ -0,0 +1,127 @@
+
+
+ 
+
+ VulScanPro
+
+
+
+Automatic Web Vulnerability Scanner
+
+
+
+ 
+
+
+ 
+
+
+ 
+
+
+
+
+
+
+
+```bash
+
+
+ __ __ _ _____ _____
+ \ \ / / | |/ ____| | __ \ 1.0.0
+ \ \ / / _| | (___ ___ __ _ _ __ | |__) | __ ___
+ \ \/ / | | | |\___ \ / __/ _` | '_ \| ___/ '__/ _ \
+ \ /| |_| | |____) | (_| (_| | | | | | | | | (_) |
+ \/ \__,_|_|_____/ \___\__,_|_| |_|_| |_| \___/
+
+ Automatic Web Vulnerability Scanner.
+
+ by @thenurhabib
+```
+
+
+
+
+VulScanPro is An Intelligent Automated Framework to scan a domain and perform various attacks to find vulnerabilities. VulScanPro performs 100+ attacks with mutiple web hacking and networking analyzing frameworks. and also it's provide you discription about that vulnerbitry and solution also.
+
+
+### Find for This vulnerabilities
+- Cross Site Scripting (XSS)
+- SQL Injection
+- Open Redirection
+- Server-side request forgery (SSRF)
+- Cross-site request forgery (CSRF)
+- Cross-origin resource sharing (CORS)
+- Host Heder Injection
+- HTML Injection
+- Session Hijacking
+- Subdomain Takeover
+- Sensitive Information disclosure
+- shell injection
+- clickjacking
+- Remote Code execution
+- path traversal
+- Broken Access Control
+- Security Misconfiguration
+- Vulnerable and Outdated Components
+- Unrestricted File Upload
+
+`This Framework Also crawl URLs and JS Files for sensitive information.`
+
+
+### Installation
+```bash
+git clone https://www.github.com/thenurhabib/vulscanpro
+cd vulscanpro
+pip install -r requirements.txt
+python3 vulscanpro.py -h
+```
+
+
+#### Usage
+```bash
+>> python3 vulscanpro.py example.com (Scan Domain)
+>> python3 vulscanpro.py example.com --skip (Skip some tools and scan faster.)
+>> python3 vulscanpro.py example.com --nospinner (Disable the IDLE spinner.)
+```
+
+
+#### Available command line options
+```bash
+Usage :
+
+>> python vulscanpro example.com
+
+-h, --help : Help Menu
+-s, --skip : Skip some tools and scan faster.
+-u, --update : Update VulScanPro.
+-n, --nospinner : Disable the IDLE spinner.
+```
+
+
+
+#### Domain hijacking vulnerability in Yahoo
+
+
+
+
+
+### :warning: Warning!
+
+***I Am Not Responsible of any Illegal Use***
+
+-------------------------------------
+
+### _🕷️ Contribution & License_
+
+You can contribute in following ways:
+
+- [Report bugs & add issues](https://github.com/thenurhabib/vulscanpro/issues/new)
+- Search for new vulnerability
+- Develop plugins
+- Searching Exploits
+- Give suggestions **(Ideas)** to make it better
+
+Do you want to have a conversation in private? email me : Bensaad.tig@gmail.com
+
+***VulScanPro*** is licensed under [GPL-3.0 License](https://github.com/thenurhabib/vulscanpro/blob/master/LICENSE)
diff --git a/core/__pycache__/__init__.cpython-310.pyc b/core/__pycache__/__init__.cpython-310.pyc
new file mode 100644
index 0000000..92c89ee
Binary files /dev/null and b/core/__pycache__/__init__.cpython-310.pyc differ
diff --git a/core/__pycache__/__init__.cpython-39.pyc b/core/__pycache__/__init__.cpython-39.pyc
new file mode 100644
index 0000000..fe5b03c
Binary files /dev/null and b/core/__pycache__/__init__.cpython-39.pyc differ
diff --git a/core/__pycache__/toolcmd.cpython-310.pyc b/core/__pycache__/toolcmd.cpython-310.pyc
new file mode 100644
index 0000000..a12c1da
Binary files /dev/null and b/core/__pycache__/toolcmd.cpython-310.pyc differ
diff --git a/core/__pycache__/toolcmd.cpython-39.pyc b/core/__pycache__/toolcmd.cpython-39.pyc
new file mode 100644
index 0000000..e4362ad
Binary files /dev/null and b/core/__pycache__/toolcmd.cpython-39.pyc differ
diff --git a/core/__pycache__/toolfix.cpython-310.pyc b/core/__pycache__/toolfix.cpython-310.pyc
new file mode 100644
index 0000000..155ee7e
Binary files /dev/null and b/core/__pycache__/toolfix.cpython-310.pyc differ
diff --git a/core/__pycache__/toolfix.cpython-39.pyc b/core/__pycache__/toolfix.cpython-39.pyc
new file mode 100644
index 0000000..bc36876
Binary files /dev/null and b/core/__pycache__/toolfix.cpython-39.pyc differ
diff --git a/core/__pycache__/toolnames.cpython-310.pyc b/core/__pycache__/toolnames.cpython-310.pyc
new file mode 100644
index 0000000..9bdb958
Binary files /dev/null and b/core/__pycache__/toolnames.cpython-310.pyc differ
diff --git a/core/__pycache__/toolnames.cpython-39.pyc b/core/__pycache__/toolnames.cpython-39.pyc
new file mode 100644
index 0000000..bf4e1b4
Binary files /dev/null and b/core/__pycache__/toolnames.cpython-39.pyc differ
diff --git a/core/__pycache__/toolprecheck.cpython-310.pyc b/core/__pycache__/toolprecheck.cpython-310.pyc
new file mode 100644
index 0000000..a9370fb
Binary files /dev/null and b/core/__pycache__/toolprecheck.cpython-310.pyc differ
diff --git a/core/__pycache__/toolprecheck.cpython-39.pyc b/core/__pycache__/toolprecheck.cpython-39.pyc
new file mode 100644
index 0000000..e10daf6
Binary files /dev/null and b/core/__pycache__/toolprecheck.cpython-39.pyc differ
diff --git a/core/__pycache__/toolresp.cpython-310.pyc b/core/__pycache__/toolresp.cpython-310.pyc
new file mode 100644
index 0000000..d6f3a8a
Binary files /dev/null and b/core/__pycache__/toolresp.cpython-310.pyc differ
diff --git a/core/__pycache__/toolresp.cpython-39.pyc b/core/__pycache__/toolresp.cpython-39.pyc
new file mode 100644
index 0000000..66385d4
Binary files /dev/null and b/core/__pycache__/toolresp.cpython-39.pyc differ
diff --git a/core/__pycache__/toolstatus.cpython-310.pyc b/core/__pycache__/toolstatus.cpython-310.pyc
new file mode 100644
index 0000000..d706caa
Binary files /dev/null and b/core/__pycache__/toolstatus.cpython-310.pyc differ
diff --git a/core/__pycache__/toolstatus.cpython-39.pyc b/core/__pycache__/toolstatus.cpython-39.pyc
new file mode 100644
index 0000000..bbf5f6c
Binary files /dev/null and b/core/__pycache__/toolstatus.cpython-39.pyc differ
diff --git a/core/toolfix.py b/core/toolfix.py
new file mode 100644
index 0000000..7b3623b
--- /dev/null
+++ b/core/toolfix.py
@@ -0,0 +1,104 @@
+toolFix = [
+ [1, "Not a vulnerability, just an informational alert. The host does not have IPv6 support. IPv6 provides more security as IPSec (responsible for CIA - Confidentiality, Integrity and Availablity) is incorporated into this model. So it is good to have IPv6 Support.",
+ "It is recommended to implement IPv6. More information on how to implement IPv6 can be found from this resource. https://www.cisco.com/c/en/us/solutions/collateral/enterprise/cisco-on-cisco/IPv6-Implementation_CS.html"],
+ [2, "Sensitive Information Leakage Detected. The ASP.Net application does not filter out illegal characters in the URL. The attacker injects a special character (%7C~.aspx) to make the application spit sensitive information about the server stack.",
+ "It is recommended to filter out special charaters in the URL and set a custom error page on such situations instead of showing default error messages. This resource helps you in setting up a custom error page on a Microsoft .Net Application. https://docs.microsoft.com/en-us/aspnet/web-forms/overview/older-versions-getting-started/deploying-web-site-projects/displaying-a-custom-error-page-cs"],
+ [3, "It is not bad to have a CMS in WordPress. There are chances that the version may contain vulnerabilities or any third party scripts associated with it may possess vulnerabilities",
+ "It is recommended to conceal the version of WordPress. This resource contains more information on how to secure your WordPress Blog. https://codex.wordpress.org/Hardening_WordPress"],
+ [4, "It is not bad to have a CMS in Drupal. There are chances that the version may contain vulnerabilities or any third party scripts associated with it may possess vulnerabilities",
+ "It is recommended to conceal the version of Drupal. This resource contains more information on how to secure your Drupal Blog. https://www.drupal.org/docs/7/site-building-best-practices/ensure-that-your-site-is-secure"],
+ [5, "It is not bad to have a CMS in Joomla. There are chances that the version may contain vulnerabilities or any third party scripts associated with it may possess vulnerabilities",
+ "It is recommended to conceal the version of Joomla. This resource contains more information on how to secure your Joomla Blog. https://www.incapsula.com/blog/10-tips-to-improve-your-joomla-website-security.html"],
+ [6, "Sometimes robots.txt or sitemap.xml may contain rules such that certain links that are not supposed to be accessed/indexed by crawlers and search engines. Search engines may skip those links but attackers will be able to access it directly.",
+ "It is a good practice not to include sensitive links in the robots or sitemap files."],
+ [7, "Without a Web Application Firewall, An attacker may try to inject various attack patterns either manually or using automated scanners. An automated scanner may send hordes of attack vectors and patterns to validate an attack, there are also chances for the application to get DoS`ed (Denial of Service)",
+ "Web Application Firewalls offer great protection against common web attacks like XSS, SQLi, etc. They also provide an additional line of defense to your security infrastructure. This resource contains information on web application firewalls that could suit your application. https://www.gartner.com/reviews/market/web-application-firewall"],
+ [8, "Open Ports give attackers a hint to exploit the services. Attackers try to retrieve banner information through the ports and understand what type of service the host is running",
+ "It is recommended to close the ports of unused services and use a firewall to filter the ports wherever necessary. This resource may give more insights. https://security.stackexchange.com/a/145781/6137"],
+ [9, "Chances are very less to compromise a target with email addresses. However, attackers use this as a supporting data to gather information around the target. An attacker may make use of the username on the email address and perform brute-force attacks on not just email servers, but also on other legitimate panels like SSH, CMS, etc with a password list as they have a legitimate name. This is however a shoot in the dark scenario, the attacker may or may not be successful depending on the level of interest",
+ "Since the chances of exploitation is feeble there is no need to take action. Perfect remediation would be choosing different usernames for different services will be more thoughtful."],
+ [10, "Zone Transfer reveals critical topological information about the target. The attacker will be able to query all records and will have more or less complete knowledge about your host.",
+ "Good practice is to restrict the Zone Transfer by telling the Master which are the IPs of the slaves that can be given access for the query. This SANS resource provides more information. https://www.sans.org/reading-room/whitepapers/dns/securing-dns-zone-transfer-868"],
+ [11, "The email address of the administrator and other information (address, phone, etc) is available publicly. An attacker may use these information to leverage an attack. This may not be used to carry out a direct attack as this is not a vulnerability. However, an attacker makes use of these data to build information about the target.",
+ "Some administrators intentionally would have made this information public, in this case it can be ignored. If not, it is recommended to mask the information. This resource provides information on this fix. http://www.name.com/blog/how-tos/tutorial-2/2013/06/protect-your-personal-information-with-whois-privacy/"],
+ [12, "As the target is lacking this header, older browsers will be prone to Reflected XSS attacks.",
+ "Modern browsers does not face any issues with this vulnerability (missing headers). However, older browsers are strongly recommended to be upgraded."],
+ [13, "This attack works by opening multiple simultaneous connections to the web server and it keeps them alive as long as possible by continously sending partial HTTP requests, which never gets completed. They easily slip through IDS by sending partial requests.",
+ "If you are using Apache Module, `mod_antiloris` would help. For other setup you can find more detailed remediation on this resource. https://www.acunetix.com/blog/articles/slow-http-dos-attacks-mitigate-apache-http-server/"],
+ [14, "This vulnerability seriously leaks private information of your host. An attacker can keep the TLS connection alive and can retrieve a maximum of 64K of data per heartbeat.",
+ "PFS (Perfect Forward Secrecy) can be implemented to make decryption difficult. Complete remediation and resource information is available here. http://heartbleed.com/"],
+ [15, "By exploiting this vulnerability, an attacker will be able gain access to sensitive data in a n encrypted session such as session ids, cookies and with those data obtained, will be able to impersonate that particular user.",
+ "This is a flaw in the SSL 3.0 Protocol. A better remediation would be to disable using the SSL 3.0 protocol. For more information, check this resource. https://www.us-cert.gov/ncas/alerts/TA14-290A"],
+ [16, "This attacks takes place in the SSL Negotiation (Handshake) which makes the client unaware of the attack. By successfully altering the handshake, the attacker will be able to pry on all the information that is sent from the client to server and vice-versa",
+ "Upgrading OpenSSL to latest versions will mitigate this issue. This resource gives more information about the vulnerability and the associated remediation. http://ccsinjection.lepidum.co.jp/"],
+ [17, "With this vulnerability the attacker will be able to perform a MiTM attack and thus compromising the confidentiality factor.",
+ "Upgrading OpenSSL to latest version will mitigate this issue. Versions prior to 1.1.0 is prone to this vulnerability. More information can be found in this resource. https://bobcares.com/blog/how-to-fix-sweet32-birthday-attacks-vulnerability-cve-2016-2183/"],
+ [18, "With the LogJam attack, the attacker will be able to downgrade the TLS connection which allows the attacker to read and modify any data passed over the connection.",
+ "Make sure any TLS libraries you use are up-to-date, that servers you maintain use 2048-bit or larger primes, and that clients you maintain reject Diffie-Hellman primes smaller than 1024-bit. More information can be found in this resource. https://weakdh.org/"],
+ [19, "Allows remote attackers to cause a denial of service (crash), and possibly obtain sensitive information in applications that use OpenSSL, via a malformed ClientHello handshake message that triggers an out-of-bounds memory access.",
+ " OpenSSL versions 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c are vulnerable. It is recommended to upgrade the OpenSSL version. More resource and information can be found here. https://www.openssl.org/news/secadv/20110208.txt"],
+ [20, "Otherwise termed as BREACH atack, exploits the compression in the underlying HTTP protocol. An attacker will be able to obtain email addresses, session tokens, etc from the TLS encrypted web traffic.",
+ "Turning off TLS compression does not mitigate this vulnerability. First step to mitigation is to disable Zlib compression followed by other measures mentioned in this resource. http://breachattack.com/"],
+ [21, "Otherwise termed as Plain-Text Injection attack, which allows MiTM attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context.",
+ "Detailed steps of remediation can be found from these resources. https://securingtomorrow.mcafee.com/technical-how-to/tips-securing-ssl-renegotiation/ https://www.digicert.com/news/2011-06-03-ssl-renego/ "],
+ [22, "This vulnerability allows attackers to steal existing TLS sessions from users.",
+ "Better advice is to disable session resumption. To harden session resumption, follow this resource that has some considerable information. https://wiki.crashtest-security.com/display/KB/Harden+TLS+Session+Resumption"],
+ [23, "This has nothing to do with security risks, however attackers may use this unavailability of load balancers as an advantage to leverage a denial of service attack on certain services or on the whole application itself.",
+ "Load-Balancers are highly encouraged for any web application. They improve performance times as well as data availability on during times of server outage. To know more information on load balancers and setup, check this resource. https://www.digitalocean.com/community/tutorials/what-is-load-balancing"],
+ [24, "An attacker can forwarded requests that comes to the legitimate URL or web application to a third party address or to the attacker's location that can serve malware and affect the end user's machine.",
+ "It is highly recommended to deploy DNSSec on the host target. Full deployment of DNSSEC will ensure the end user is connecting to the actual web site or other service corresponding to a particular domain name. For more information, check this resource. https://www.cloudflare.com/dns/dnssec/how-dnssec-works/"],
+ [25, "Attackers may find considerable amount of information from these files. There are even chances attackers may get access to critical information from these files.",
+ "It is recommended to block or restrict access to these files unless necessary."],
+ [26, "Attackers may find considerable amount of information from these directories. There are even chances attackers may get access to critical information from these directories.",
+ "It is recommended to block or restrict access to these directories unless necessary."],
+ [27, "May not be SQLi vulnerable. An attacker will be able to know that the host is using a backend for operation.",
+ "Banner Grabbing should be restricted and access to the services from outside would should be made minimum."],
+ [28, "An attacker will be able to steal cookies, deface web application or redirect to any third party address that can serve malware.",
+ "Input validation and Output Sanitization can completely prevent Cross Site Scripting (XSS) attacks. XSS attacks can be mitigated in future by properly following a secure coding methodology. The following comprehensive resource provides detailed information on fixing this vulnerability. https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet"],
+ [29, "SSL related vulnerabilities breaks the confidentiality factor. An attacker may perform a MiTM attack, intrepret and eavesdrop the communication.",
+ "Proper implementation and upgraded version of SSL and TLS libraries are very critical when it comes to blocking SSL related vulnerabilities."],
+ [30, "Particular Scanner found multiple vulnerabilities that an attacker may try to exploit the target.",
+ "Refer to RS-Vulnerability-Report to view the complete information of the vulnerability, once the scan gets completed."],
+ [31, "Attackers may gather more information from subdomains relating to the parent domain. Attackers may even find other services from the subdomains and try to learn the architecture of the target. There are even chances for the attacker to find vulnerabilities as the attack surface gets larger with more subdomains discovered.",
+ "It is sometimes wise to block sub domains like development, staging to the outside world, as it gives more information to the attacker about the tech stack. Complex naming practices also help in reducing the attack surface as attackers find hard to perform subdomain bruteforcing through dictionaries and wordlists."],
+ [32, "Through this deprecated protocol, an attacker may be able to perform MiTM and other complicated attacks.",
+ "It is highly recommended to stop using this service and it is far outdated. SSH can be used to replace TELNET. For more information, check this resource https://www.ssh.com/ssh/telnet"],
+ [33, "This protocol does not support secure communication and there are likely high chances for the attacker to eavesdrop the communication. Also, many FTP programs have exploits available in the web such that an attacker can directly crash the application or either get a SHELL access to that target.",
+ "Proper suggested fix is use an SSH protocol instead of FTP. It supports secure communication and chances for MiTM attacks are quite rare."],
+ [34, "The StuxNet is level-3 worm that exposes critical information of the target organization. It was a cyber weapon that was designed to thwart the nuclear intelligence of Iran. Seriously wonder how it got here? Hope this isn't a false positive Nmap ;)",
+ "It is highly recommended to perform a complete rootkit scan on the host. For more information refer to this resource. https://www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99&tabid=3"],
+ [35, "WebDAV is supposed to contain multiple vulnerabilities. In some case, an attacker may hide a malicious DLL file in the WebDAV share however, and upon convincing the user to open a perfectly harmless and legitimate file, execute code under the context of that user",
+ "It is recommended to disable WebDAV. Some critical resource regarding disbling WebDAV can be found on this URL. https://www.networkworld.com/article/2202909/network-security/-webdav-is-bad---says-security-researcher.html"],
+ [36, "Attackers always do a fingerprint of any server before they launch an attack. Fingerprinting gives them information about the server type, content- they are serving, last modification times etc, this gives an attacker to learn more information about the target",
+ "A good practice is to obfuscate the information to outside world. Doing so, the attackers will have tough time understanding the server's tech stack and therefore leverage an attack."],
+ [37, "Attackers mostly try to render web applications or service useless by flooding the target, such that blocking access to legitimate users. This may affect the business of a company or organization as well as the reputation",
+ "By ensuring proper load balancers in place, configuring rate limits and multiple connection restrictions, such attacks can be drastically mitigated."],
+ [38, "Intruders will be able to remotely include shell files and will be able to access the core file system or they will be able to read all the files as well. There are even higher chances for the attacker to remote execute code on the file system.",
+ "Secure code practices will mostly prevent LFI, RFI and RCE attacks. The following resource gives a detailed insight on secure coding practices. https://wiki.sei.cmu.edu/confluence/display/seccode/Top+10+Secure+Coding+Practices"],
+ [39, "Hackers will be able to steal data from the backend and also they can authenticate themselves to the website and can impersonate as any user since they have total control over the backend. They can even wipe out the entire database. Attackers can also steal cookie information of an authenticated user and they can even redirect the target to any malicious address or totally deface the application.",
+ "Proper input validation has to be done prior to directly querying the database information. A developer should remember not to trust an end-user's input. By following a secure coding methodology attacks like SQLi, XSS and BSQLi. The following resource guides on how to implement secure coding methodology on application development. https://wiki.sei.cmu.edu/confluence/display/seccode/Top+10+Secure+Coding+Practices"],
+ [40, "Attackers exploit the vulnerability in BASH to perform remote code execution on the target. An experienced attacker can easily take over the target system and access the internal sources of the machine",
+ "This vulnerability can be mitigated by patching the version of BASH. The following resource gives an indepth analysis of the vulnerability and how to mitigate it. https://www.symantec.com/connect/blogs/shellshock-all-you-need-know-about-bash-bug-vulnerability https://www.digitalocean.com/community/tutorials/how-to-protect-your-server-against-the-shellshock-bash-vulnerability"],
+ [41, "Gives attacker an idea on how the address scheming is done internally on the organizational network. Discovering the private addresses used within an organization can help attackers in carrying out network-layer attacks aiming to penetrate the organization's internal infrastructure.",
+ "Restrict the banner information to the outside world from the disclosing service. More information on mitigating this vulnerability can be found here. https://portswigger.net/kb/issues/00600300_private-ip-addresses-disclosed"],
+ [42, "There are chances for an attacker to manipulate files on the webserver.",
+ "It is recommended to disable the HTTP PUT and DEL methods incase if you don't use any REST API Services. Following resources helps you how to disable these methods. http://www.techstacks.com/howto/disable-http-methods-in-tomcat.html https://docs.oracle.com/cd/E19857-01/820-5627/gghwc/index.html https://developer.ibm.com/answers/questions/321629/how-to-disable-http-methods-head-put-delete-option/"],
+ [43, "Attackers try to learn more about the target from the amount of information exposed in the headers. An attacker may know what type of tech stack a web application is emphasizing and many other information.",
+ "Banner Grabbing should be restricted and access to the services from outside would should be made minimum."],
+ [44, "An attacker who successfully exploited this vulnerability could read data, such as the view state, which was encrypted by the server. This vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server.",
+ "Microsoft has released a set of patches on their website to mitigate this issue. The information required to fix this vulnerability can be inferred from this resource. https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-070"],
+ [45, "Any outdated web server may contain multiple vulnerabilities as their support would've been ended. An attacker may make use of such an opportunity to leverage attacks.",
+ "It is highly recommended to upgrade the web server to the available latest version."],
+ [46, "Hackers will be able to manipulate the URLs easily through a GET/POST request. They will be able to inject multiple attack vectors in the URL with ease and able to monitor the response as well",
+ "By ensuring proper sanitization techniques and employing secure coding practices it will be impossible for the attacker to penetrate through. The following resource gives a detailed insight on secure coding practices. https://wiki.sei.cmu.edu/confluence/display/seccode/Top+10+Secure+Coding+Practices"],
+ [47, "Since the attacker has knowledge about the particular type of backend the target is running, they will be able to launch a targetted exploit for the particular version. They may also try to authenticate with default credentials to get themselves through.",
+ "Timely security patches for the backend has to be installed. Default credentials has to be changed. If possible, the banner information can be changed to mislead the attacker. The following resource gives more information on how to secure your backend. http://kb.bodhost.com/secure-database-server/"],
+ [48, "Attackers may launch remote exploits to either crash the service or tools like ncrack to try brute-forcing the password on the target.",
+ "It is recommended to block the service to outside world and made the service accessible only through the a set of allowed IPs only really neccessary. The following resource provides insights on the risks and as well as the steps to block the service. https://www.perspectiverisk.com/remote-desktop-service-vulnerabilities/"],
+ [49, "Hackers will be able to read community strings through the service and enumerate quite a bit of information from the target. Also, there are multiple Remote Code Execution and Denial of Service vulnerabilities related to SNMP services.",
+ "Use a firewall to block the ports from the outside world. The following article gives wide insight on locking down SNMP service. https://www.techrepublic.com/article/lock-it-down-dont-allow-snmp-to-compromise-network-security/"],
+ [50, "Attackers will be able to find the logs and error information generated by the application. They will also be able to see the status codes that was generated on the application. By combining all these information, the attacker will be able to leverage an attack.",
+ "By restricting access to the logger application from the outside world will be more than enough to mitigate this weakness."],
+ [51, "Cyber Criminals mainly target this service as it is very easier for them to perform a remote attack by running exploits. WannaCry Ransomware is one such example.",
+ "Exposing SMB Service to the outside world is a bad idea, it is recommended to install latest patches for the service in order not to get compromised. The following resource provides a detailed information on SMB Hardening concepts. https://kb.iweb.com/hc/en-us/articles/115000274491-Securing-Windows-SMB-and-NetBios-NetBT-Services"]
+]
diff --git a/core/toolprecheck.py b/core/toolprecheck.py
new file mode 100644
index 0000000..4385044
--- /dev/null
+++ b/core/toolprecheck.py
@@ -0,0 +1,4 @@
+toolsPreCheck = [
+ ["wapiti"], ["whatweb"], ["nmap"], ["golismero"], ["host"], ["wget"], ["uniscan"], ["wafw00f"], ["dirb"], ["davtest"], ["theHarvester"], ["xsser"], [
+ "dnsrecon"], ["fierce"], ["dnswalk"], ["whois"], ["sslyze"], ["lbd"], ["golismero"], ["dnsenum"], ["dmitry"], ["davtest"], ["nikto"], ["dnsmap"], ["amass"]
+]
diff --git a/core/toolresp.py b/core/toolresp.py
new file mode 100644
index 0000000..20768c2
--- /dev/null
+++ b/core/toolresp.py
@@ -0,0 +1,249 @@
+toolResponse = [
+
+ ["Does not have an IPv6 Address. It is good to have one.","i",1],
+
+
+ ["ASP.Net is misconfigured to throw server stack errors on screen.","m",2],
+
+
+ ["WordPress Installation Found. Check for vulnerabilities corresponds to that version.","i",3],
+
+
+ ["Drupal Installation Found. Check for vulnerabilities corresponds to that version.","i",4],
+
+
+ ["Joomla Installation Found. Check for vulnerabilities corresponds to that version.","i",5],
+
+
+ ["robots.txt/sitemap.xml found. Check those files for any information.","i",6],
+
+
+ ["No Web Application Firewall Detected","m",7],
+
+
+ ["Some ports are open. Perform a full-scan manually.","l",8],
+
+
+ ["Email Addresses Found.","l",9],
+
+
+ ["Zone Transfer Successful using DNSRecon. Reconfigure DNS immediately.","h",10],
+
+
+
+
+
+ ["Zone Transfer Successful using dnswalk. Reconfigure DNS immediately.","h",10],
+
+
+ ["Whois Information Publicly Available.","i",11],
+
+
+ ["XSS Protection Filter is Disabled.","m",12],
+
+
+ ["Vulnerable to Slowloris Denial of Service.","c",13],
+
+
+ ["HEARTBLEED Vulnerability Found with SSLyze.","h",14],
+
+
+ ["HEARTBLEED Vulnerability Found with Nmap.","h",14],
+
+
+ ["POODLE Vulnerability Detected.","h",15],
+
+
+ ["OpenSSL CCS Injection Detected.","h",16],
+
+
+ ["FREAK Vulnerability Detected.","h",17],
+
+
+ ["LOGJAM Vulnerability Detected.","h",18],
+
+
+ ["Unsuccessful OCSP Response.","m",19],
+
+
+ ["Server supports Deflate Compression.","m",20],
+
+
+ ["Secure Client Initiated Renegotiation is supported.","m",21],
+
+
+ ["Secure Resumption unsupported with (Sessions IDs/TLS Tickets).","m",22],
+
+
+ ["No DNS/HTTP based Load Balancers Found.","l",23],
+
+
+ ["Domain is spoofed/hijacked.","h",24],
+
+
+ ["HEARTBLEED Vulnerability Found with Golismero.","h",14],
+
+
+ ["Open Files Found with Golismero BruteForce.","m",25],
+
+
+ ["Open Directories Found with Golismero BruteForce.","m",26],
+
+
+ ["DB Banner retrieved with SQLMap.","l",27],
+
+
+ ["Open Directories Found with DirB.","m",26],
+
+
+ ["XSSer found XSS vulnerabilities.","c",28],
+
+
+ ["Found SSL related vulnerabilities with Golismero.","m",29],
+
+
+ ["Zone Transfer Successful with Golismero. Reconfigure DNS immediately.","h",10],
+
+
+ ["Golismero Nikto Plugin found vulnerabilities.","m",30],
+
+
+ ["Found Subdomains with Golismero.","m",31],
+
+
+ ["Zone Transfer Successful using DNSEnum. Reconfigure DNS immediately.","h",10],
+
+
+ ["Found Subdomains with Fierce.","m",31],
+
+
+ ["Email Addresses discovered with DMitry.","l",9],
+
+
+ ["Subdomains discovered with DMitry.","m",31],
+
+
+ ["Telnet Service Detected.","h",32],
+
+
+ ["FTP Service Detected.","c",33],
+
+
+ ["Vulnerable to STUXNET.","c",34],
+
+
+ ["WebDAV Enabled.","m",35],
+
+
+ ["Found some information through Fingerprinting.","l",36],
+
+
+ ["Open Files Found with Uniscan.","m",25],
+
+
+ ["Open Directories Found with Uniscan.","m",26],
+
+
+ ["Vulnerable to Stress Tests.","h",37],
+
+
+ ["Uniscan detected possible LFI, RFI or RCE.","h",38],
+
+
+ ["Uniscan detected possible XSS, SQLi, BSQLi.","h",39],
+
+
+ ["Apache Expect XSS Header not present.","m",12],
+
+
+ ["Found Subdomains with Nikto.","m",31],
+
+
+ ["Webserver vulnerable to Shellshock Bug.","c",40],
+
+
+ ["Webserver leaks Internal IP.","l",41],
+
+
+ ["HTTP PUT DEL Methods Enabled.","m",42],
+
+
+ ["Some vulnerable headers exposed.","m",43],
+
+
+ ["Webserver vulnerable to MS10-070.","h",44],
+
+
+ ["Some issues found on the Webserver.","m",30],
+
+
+ ["Webserver is Outdated.","h",45],
+
+
+ ["Some issues found with HTTP Options.","l",42],
+
+
+ ["CGI Directories Enumerated.","l",26],
+
+
+ ["Vulnerabilities reported in SSL Scans.","m",29],
+
+
+ ["Interesting Files Detected.","m",25],
+
+
+ ["Injectable Paths Detected.","l",46],
+
+
+ ["Found Subdomains with DNSMap.","m",31],
+
+
+ ["MS-SQL DB Service Detected.","l",47],
+
+
+ ["MySQL DB Service Detected.","l",47],
+
+
+ ["ORACLE DB Service Detected.","l",47],
+
+
+ ["RDP Server Detected over UDP.","h",48],
+
+
+ ["RDP Server Detected over TCP.","h",48],
+
+
+ ["TCP Ports are Open","l",8],
+
+
+ ["UDP Ports are Open","l",8],
+
+
+ ["SNMP Service Detected.","m",49],
+
+
+ ["Elmah is Configured.","m",50],
+
+
+ ["SMB Ports are Open over TCP","m",51],
+
+
+ ["SMB Ports are Open over UDP","m",51],
+
+
+ ["Wapiti discovered a range of vulnerabilities","h",30],
+
+
+ ["IIS WebDAV is Enabled","m",35],
+
+
+ ["X-XSS Protection is not Present","m",12],
+
+
+ ["Found Subdomains with AMass","m",31]
+
+
+
+ ]
+
+
diff --git a/core/toolstatus.py b/core/toolstatus.py
new file mode 100644
index 0000000..f4f202e
--- /dev/null
+++ b/core/toolstatus.py
@@ -0,0 +1,330 @@
+
+procHigh = "●"
+procMedium = "●"
+procMedium = "●"
+
+
+toolStatus = [
+
+ ["has IPv6", 1, procMedium, " < 15s", "ipv6", ["not found", "has IPv6"]],
+
+
+ ["Server Error", 0, procMedium, " < 30s", "asp.netmisconf", [
+ "unable to resolve host address", "Connection timed out"]],
+
+
+ ["wp-login", 0, procMedium, " < 30s", "wpcheck",
+ ["unable to resolve host address", "Connection timed out"]],
+
+
+ ["drupal", 0, procMedium, " < 30s", "drupalcheck", [
+ "unable to resolve host address", "Connection timed out"]],
+
+
+ ["joomla", 0, procMedium, " < 30s", "joomlacheck", [
+ "unable to resolve host address", "Connection timed out"]],
+
+
+ ["[+]", 0, procMedium, " < 40s", "robotscheck",
+ ["Use of uninitialized value in unpack at"]],
+
+
+ ["No WAF", 0, procMedium, " < 45s",
+ "wafcheck", ["appears to be down"]],
+
+
+ ["tcp open", 0, procMedium, " < 2m",
+ "nmapopen", ["Failed to resolve"]],
+
+
+ ["No emails found", 1, procMedium, " < 3m",
+ "harvester", ["No hosts found", "No emails found"]],
+
+
+ ["[+] Zone Transfer was successful!!", 0, procMedium,
+ " < 20s", "dnsreconzt", ["Could not resolve domain"]],
+
+
+
+
+
+ ["0 errors", 0, procMedium, " < 35s", "dnswalkzt",
+ ["!!!0 failures, 0 warnings, 3 errors."]],
+
+
+ ["Admin Email:", 0, procMedium, " < 25s",
+ "whois", ["No match for domain"]],
+
+
+ ["XSS filter is disabled", 0, procMedium,
+ " < 20s", "nmapxssh", ["Failed to resolve"]],
+
+
+ ["VULNERABLE", 0, procHigh, " < 45m",
+ "nmapdos", ["Failed to resolve"]],
+
+
+ ["Server is vulnerable to Heartbleed", 0, procMedium,
+ " < 40s", "sslyzehb", ["Could not resolve hostname"]],
+
+
+ ["VULNERABLE", 0, procMedium, " < 30s",
+ "nmap1", ["Failed to resolve"]],
+
+
+ ["VULNERABLE", 0, procMedium, " < 35s",
+ "nmap2", ["Failed to resolve"]],
+
+
+ ["VULNERABLE", 0, procMedium, " < 35s",
+ "nmap3", ["Failed to resolve"]],
+
+
+ ["VULNERABLE", 0, procMedium, " < 30s",
+ "nmap4", ["Failed to resolve"]],
+
+
+ ["VULNERABLE", 0, procMedium, " < 35s",
+ "nmap5", ["Failed to resolve"]],
+
+
+ ["ERROR - OCSP response status is not successful", 0, procMedium,
+ " < 25s", "sslyze1", ["Could not resolve hostname"]],
+
+
+ ["VULNERABLE", 0, procMedium, " < 30s",
+ "sslyze2", ["Could not resolve hostname"]],
+
+
+ ["VULNERABLE", 0, procMedium, " < 25s",
+ "sslyze3", ["Could not resolve hostname"]],
+
+
+ ["VULNERABLE", 0, procMedium, " < 30s",
+ "sslyze4", ["Could not resolve hostname"]],
+
+
+ ["does NOT use Load-balancing", 0, procMedium,
+ " < 4m", "lbd", ["NOT FOUND"]],
+
+
+ ["No vulnerabilities found", 1, procMedium, " < 45s", "golism1", [
+ "Cannot resolve domain name", "No vulnerabilities found"]],
+
+
+ ["No vulnerabilities found", 1, procMedium, " < 40s", "golism2", [
+ "Cannot resolve domain name", "No vulnerabilities found"]],
+
+
+ ["No vulnerabilities found", 1, procMedium, " < 45s", "golism3", [
+ "Cannot resolve domain name", "No vulnerabilities found"]],
+
+
+ ["No vulnerabilities found", 1, procMedium, " < 40s", "golism4", [
+ "Cannot resolve domain name", "No vulnerabilities found"]],
+
+
+ ["No vulnerabilities found", 1, procMedium, " < 45s", "golism5", [
+ "Cannot resolve domain name", "No vulnerabilities found"]],
+
+
+ ["FOUND: 0", 1, procHigh, " < 35m", "dirb",
+ ["COULDNT RESOLVE HOST", "FOUND: 0"]],
+
+
+ ["Could not find any vulnerability!", 1, procMedium, " < 4m", "xsser", [
+ "XSSer is not working propertly!", "Could not find any vulnerability!"]],
+
+
+ ["Occurrence ID", 0, procMedium, " < 45s",
+ "golism6", ["Cannot resolve domain name"]],
+
+
+ ["DNS zone transfer successful", 0, procMedium,
+ " < 30s", "golism7", ["Cannot resolve domain name"]],
+
+
+ ["Nikto found 0 vulnerabilities", 1, procMedium, " < 4m", "golism8", [
+ "Cannot resolve domain name", "Nikto found 0 vulnerabilities"]],
+
+
+ ["Possible subdomain leak", 0, procHigh, " < 30m",
+ "golism9", ["Cannot resolve domain name"]],
+
+
+ ["AXFR record query failed:", 1, procMedium, " < 45s", "dnsenumzt", [
+ "NS record query failed:", "AXFR record query failed", "no NS record for"]],
+
+
+ ["Found 0 entries", 1, procHigh, " < 75m",
+ "fierce2", ["Found 0 entries", "is gimp"]],
+
+
+ ["Found 0 E-Mail(s)", 1, procMedium, " < 30s", "dmitry1",
+ ["Unable to locate Host IP addr", "Found 0 E-Mail(s)"]],
+
+
+ ["Found 0 possible subdomain(s)", 1, procMedium, " < 35s", "dmitry2", [
+ "Unable to locate Host IP addr", "Found 0 possible subdomain(s)"]],
+
+
+ ["open", 0, procMedium, " < 15s",
+ "nmaptelnet", ["Failed to resolve"]],
+
+
+ ["open", 0, procMedium, " < 15s", "nmapftp", ["Failed to resolve"]],
+
+
+ ["open", 0, procMedium, " < 20s",
+ "nmapstux", ["Failed to resolve"]],
+
+
+ ["SUCCEED", 0, procMedium, " < 30s", "webdav",
+ ["is not DAV enabled or not accessible."]],
+
+
+ ["No vulnerabilities found", 1, procMedium, " < 15s", "golism10", [
+ "Cannot resolve domain name", "No vulnerabilities found"]],
+
+
+ ["[+]", 0, procMedium, " < 2m", "uniscan2",
+ ["Use of uninitialized value in unpack at"]],
+
+
+ ["[+]", 0, procMedium, " < 5m", "uniscan3",
+ ["Use of uninitialized value in unpack at"]],
+
+
+ ["[+]", 0, procMedium, " < 9m", "uniscan4",
+ ["Use of uninitialized value in unpack at"]],
+
+
+ ["[+]", 0, procMedium, " < 8m", "uniscan5",
+ ["Use of uninitialized value in unpack at"]],
+
+
+ ["[+]", 0, procMedium, " < 9m", "uniscan6",
+ ["Use of uninitialized value in unpack at"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto1", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto2", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto3", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto4", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto5", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto6", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto7", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto8", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto9", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto10", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto11", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto12", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto13", [
+ "ERROR: Cannot resolve hostname", "0 item(s) reported", "No web server found", "0 host(s) tested"]],
+
+
+ ["0 item(s) reported", 1, procMedium, " < 35s", "nikto14",
+ "ERROR: Cannot resolve hostname , 0 item(s) reported"],
+
+
+ ["#1", 0, procHigh, " < 30m", "dnsmap_brute", [
+ "[+] 0 (sub)domains and 0 IP address(es) found"]],
+
+
+ ["open", 0, procMedium, " < 15s",
+ "nmapmssql", ["Failed to resolve"]],
+
+
+ ["open", 0, procMedium, " < 15s",
+ "nmapmysql", ["Failed to resolve"]],
+
+
+ ["open", 0, procMedium, " < 15s",
+ "nmaporacle", ["Failed to resolve"]],
+
+
+ ["open", 0, procMedium, " < 15s",
+ "nmapudprdp", ["Failed to resolve"]],
+
+
+ ["open", 0, procMedium, " < 15s",
+ "nmaptcprdp", ["Failed to resolve"]],
+
+
+ ["open", 0, procHigh, " > 50m",
+ "nmapfulltcp", ["Failed to resolve"]],
+
+
+ ["open", 0, procHigh, " > 75m",
+ "nmapfulludp", ["Failed to resolve"]],
+
+
+ ["open", 0, procMedium, " < 30s",
+ "nmapsnmp", ["Failed to resolve"]],
+
+
+ ["Microsoft SQL Server Error Log", 0, procMedium, " < 30s", "elmahxd", [
+ "unable to resolve host address", "Connection timed out"]],
+
+
+ ["open", 0, procMedium, " < 20s",
+ "nmaptcpsmb", ["Failed to resolve"]],
+
+
+ ["open", 0, procMedium, " < 20s",
+ "nmapudpsmb", ["Failed to resolve"]],
+
+
+ ["Host:", 0, procMedium, " < 5m", "wapiti", ["none"]],
+
+
+ ["WebDAV is ENABLED", 0, procMedium, " < 40s",
+ "nmapwebdaviis", ["Failed to resolve"]],
+
+
+ ["X-XSS-Protection[1", 1, procMedium, " < 3m", "whatweb",
+ ["Timed out", "Socket error", "X-XSS-Protection[1"]],
+
+
+ ["No names were discovered", 1, procMedium, " < 15m", "amass",
+ ["The system was unable to build the pool of resolvers"]]
+
+
+
+]
diff --git a/img/logo.png b/img/logo.png
new file mode 100644
index 0000000..a2c93bd
Binary files /dev/null and b/img/logo.png differ
diff --git a/img/ss1.png b/img/ss1.png
new file mode 100644
index 0000000..e33d72f
Binary files /dev/null and b/img/ss1.png differ
diff --git a/img/ss2.png b/img/ss2.png
new file mode 100644
index 0000000..66ef075
Binary files /dev/null and b/img/ss2.png differ
diff --git a/plugins/__pycache__/banner.cpython-310.pyc b/plugins/__pycache__/banner.cpython-310.pyc
new file mode 100644
index 0000000..81bddab
Binary files /dev/null and b/plugins/__pycache__/banner.cpython-310.pyc differ
diff --git a/plugins/__pycache__/banner.cpython-39.pyc b/plugins/__pycache__/banner.cpython-39.pyc
new file mode 100644
index 0000000..97e17a3
Binary files /dev/null and b/plugins/__pycache__/banner.cpython-39.pyc differ
diff --git a/plugins/__pycache__/colors.cpython-310.pyc b/plugins/__pycache__/colors.cpython-310.pyc
new file mode 100644
index 0000000..dd9e87b
Binary files /dev/null and b/plugins/__pycache__/colors.cpython-310.pyc differ
diff --git a/plugins/__pycache__/colors.cpython-39.pyc b/plugins/__pycache__/colors.cpython-39.pyc
new file mode 100644
index 0000000..c39fd8f
Binary files /dev/null and b/plugins/__pycache__/colors.cpython-39.pyc differ
diff --git a/plugins/banner.py b/plugins/banner.py
new file mode 100644
index 0000000..b7eb5e1
--- /dev/null
+++ b/plugins/banner.py
@@ -0,0 +1,28 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+__Name__ = "VulScanPro"
+__Discription__ = "Automatic Web Vulnerability Scanner."
+__Version__ = "1.0.0"
+__Author__ = "Md. Nur Habib"
+
+try:
+ from colors import *
+except ModuleNotFoundError:
+ from plugins.colors import *
+
+
+def BannerFunction():
+ print(f"""{bold}{yellow}
+
+ __ __ _ _____ _____
+ \ \ / / | |/ ____| | __ \ {blue}{__Version__}{yellow}
+ \ \ / / _| | (___ ___ __ _ _ __ | |__) | __ ___
+ \ \/ / | | | |\___ \ / __/ _` | '_ \| ___/ '__/ _ \
+ \ /| |_| | |____) | (_| (_| | | | | | | | | (_) |
+ \/ \__,_|_|_____/ \___\__,_|_| |_|_| |_| \___/
+
+ Automatic Web Vulnerability Scanner.
+
+ {red}by @thenurhabib
+ {reset}""")
diff --git a/plugins/colors.py b/plugins/colors.py
new file mode 100644
index 0000000..fef401d
--- /dev/null
+++ b/plugins/colors.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+__Name__ = "VulScanPro"
+__Discription__ = "Automatic Web Vulnerability Scanner."
+__Version__ = "1.0.0"
+__Author__ = "Md. Nur Habib"
+
+reset='\033[0m'
+bold='\033[01m'
+disable='\033[02m'
+underline='\033[04m'
+reverse='\033[07m'
+strikethrough='\033[09m'
+invisible='\033[08m'
+black='\033[30m'
+red='\033[31m'
+green='\033[32m'
+orange='\033[33m'
+blue='\033[34m'
+purple='\033[35m'
+cyan='\033[36m'
+lightgrey='\033[37m'
+darkgrey='\033[90m'
+lightred='\033[91m'
+lightgreen='\033[92m'
+yellow='\033[93m'
+lightblue='\033[94m'
+pink='\033[95m'
+lightcyan='\033[96m'
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..9ad05a0
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1,4 @@
+argparse
+time
+threading
+re
\ No newline at end of file
diff --git a/vulscanpro.py b/vulscanpro.py
new file mode 100644
index 0000000..e73c88a
--- /dev/null
+++ b/vulscanpro.py
@@ -0,0 +1,433 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+__Name__ = "VulScanPro"
+__Discription__ = "Automatic Web Vulnerability Scanner."
+__Version__ = "1.0.0"
+__Author__ = "Md. Nur Habib"
+
+# Importing the libraries
+import sys
+import argparse
+import subprocess
+import os
+import time
+import random
+import threading
+import re
+import random
+from urllib.parse import urlsplit
+from core.toolcmd import *
+from core.toolfix import *
+from core.toolnames import *
+from core.toolprecheck import *
+from core.toolresp import *
+from core.toolstatus import *
+from plugins.banner import BannerFunction
+from plugins.colors import *
+
+
+# Scan Time Elapser
+intervalsVariable = (
+ ("h", 3600),
+ ("m", 60),
+ ("s", 1),
+)
+
+
+def displayTimeFunction(secoundVariable, granularity=3):
+ resultVariable = []
+ secoundVariable = secoundVariable + 1
+ for name, count in intervalsVariable:
+ valueVariable = secoundVariable // count
+ if valueVariable:
+ secoundVariable -= valueVariable * count
+ resultVariable.append("{}{}".format(valueVariable, name))
+ return " ".join(resultVariable[:granularity])
+
+
+def terminalSizeFunction():
+ try:
+ rows, columns = subprocess.check_output(["stty", "size"]).split()
+ return int(columns)
+ except subprocess.CalledProcessError as e:
+ return int(20)
+
+
+
+def urlMarkerFunction(url):
+ if not re.match(r'http(s?)\:', url):
+ url = 'http://' + url
+ parsed = urlsplit(url)
+ host = parsed.netloc
+ if host.startswith('www.'):
+ host = host[4:]
+ return host
+
+
+def checkInternetConnectionFunction():
+ os.system("ping -c1 github.com > rs_net 2>&1")
+ if "0% packet loss" in open("rs_net").read():
+ val = 1
+ else:
+ val = 0
+ os.system("rm rs_net > /dev/null 2>&1")
+ return val
+
+
+# Classifies the Vulnerability"s Severity
+def vulnerablitryInformation(val):
+ resultVariable = ""
+ if val == "c":
+ resultVariable = bold + red + " critical : " + reset
+ elif val == "h":
+ resultVariable = bold + orange + " high : " + reset
+ elif val == "m":
+ resultVariable = bold + purple + " medium : " + reset
+ elif val == "l":
+ resultVariable = bold + blue + " low : " + reset
+ else:
+ resultVariable = bold + lightgrey + " info : " + reset
+ return resultVariable
+
+
+procHigh = red + "●" + reset
+pprocMedium = orange + "●" + reset
+procLow = green + "●" + reset
+
+
+def vulnerabilityRemedInformationFunction(v1, v2, v3):
+ print(bold+"Vulnerability Threat Level"+reset)
+ print("\t"+vulnerablitryInformation(v2)+" "+orange +
+ str(toolResponse[v1][0])+reset)
+ print(bold+"Vulnerability Definition"+reset)
+ print("\t"+red+str(toolFix[v3-1][1])+reset)
+ print(bold+"Vulnerability Remediation"+reset)
+ print("\t"+green+str(toolFix[v3-1][2])+reset)
+
+
+# Help Menu
+def helper():
+ print(f"{bold}{blue}Usage : \n")
+ print(f"{orange}>> python vulscanpro example.com\n")
+ print(f"{blue}-h, --help : Help Menu")
+ print("-s, --skip : Skip some tools and scan faster.")
+ print("-u, --update : Update VulScanPro.")
+ print(f"-n, --nospinner : Disable the IDLE spinner.{reset}")
+
+
+def clearFunction():
+ sys.stdout.write("\033[F")
+ sys.stdout.write("\033[K")
+
+
+class Spinner:
+ busy = False
+ delay = 0.005
+
+ @staticmethod
+ def spinningCorsorFunction():
+ while 1:
+
+ for cursor in " ":
+ yield cursor
+
+ def __init__(self, delay=None):
+ self.spinningGenerator = self.spinningCorsorFunction()
+ if delay and float(delay):
+ self.delay = delay
+ self.disabled = False
+
+ def spinningTaskFunction(self):
+ inc = 0
+ try:
+ while self.busy:
+ if not self.disabled:
+ x = + \
+ next(self.spinningGenerator)
+ inc = inc + 1
+ print(x, end="")
+ if inc > random.uniform(0, terminalSizeFunction()):
+ print(end="\r") + \
+ str(round(random.uniform(40, 47)))+"m"
+ inc = 0
+ sys.stdout.flush()
+ time.sleep(self.delay)
+ if not self.disabled:
+ sys.stdout.flush()
+
+ except (KeyboardInterrupt, SystemExit):
+ print("\n\tQuitting...")
+ sys.exit(1)
+
+ def startFunction(self):
+ self.busy = True
+ try:
+ threading.Thread(target=self.spinningTaskFunction).startFunction()
+ except Exception as e:
+ print("\n")
+
+ def stop(self):
+ try:
+ self.busy = False
+ time.sleep(self.delay)
+ except (KeyboardInterrupt, SystemExit):
+ print("\n\tQuitting...")
+ sys.exit(1)
+
+
+spinner = Spinner()
+
+# Tool Names
+toolNames
+
+# Tool CMD
+toolCMD
+# Tool Response
+toolResponse
+
+# Tool Status
+toolStatus
+
+# Tool Fix
+toolFix
+
+# Tool precheck
+toolsPreCheck
+
+
+def getParserFunction():
+ parser = argparse.ArgumentParser(add_help=False)
+ parser.add_argument("-h", "--help", action="store_true",
+ help="Show help message and exit.")
+ parser.add_argument("-u", "--update", action="store_true",
+ help="Update VulScanPro.")
+ parser.add_argument("-s", "--skip", action="append", default=[],
+ help="Skip some tools", choices=[t[0] for t in toolsPreCheck])
+ parser.add_argument("-n", "--nospinner", action="store_true",
+ help="Disable the idle loader/spinner.")
+ parser.add_argument("target", nargs="?", metavar="URL",
+ help="URL to scan.", default="", type=str)
+ return parser
+
+
+getParserFunction()
+
+
+scanShuffleVariabe = list(zip(toolNames, toolCMD, toolResponse, toolStatus))
+random.shuffle(scanShuffleVariabe)
+toolNames, toolCMD, toolResponse, toolStatus = zip(*scanShuffleVariabe)
+toolChecksVariable = (len(toolNames) + len(toolResponse) + len(toolStatus)) / 3
+toolChecksVariable = round(toolChecksVariable)
+
+# Variables And List
+tool = 0
+runTest = 1
+argumentOne = 0
+argumentTwo = 1
+argumentThree = 2
+argumentFour = 3
+argumentFive = 4
+argumentSix = 5
+
+scanVulnerablitryList = list()
+scanVulneriblityNumber = 0
+scanVulnerariblity = 0
+
+scanTotalElapsed = 0
+scanAvailTools = 0
+scanSkippedTools = 0
+
+if len(sys.argv) == 1:
+ BannerFunction()
+ helper()
+ sys.exit(1)
+
+argumentNameSpace = getParserFunction().parse_args()
+
+if argumentNameSpace.nospinner:
+ spinner.disabled = True
+
+if argumentNameSpace.help or (not argumentNameSpace.update
+ and not argumentNameSpace.target):
+ BannerFunction()
+ helper()
+
+elif argumentNameSpace.update:
+ BannerFunction()
+ print(f"{bold}{cyan}VulScanPro is Updating, Please Wait.{reset}\n")
+ spinner.startFunction()
+ rs_internet_availability = checkInternetConnectionFunction()
+ if rs_internet_availability == 0:
+ print(f"\t{bold}{red}Found Connecting Error.Try Again.{reset}")
+ spinner.stop()
+ sys.exit(1)
+ cmd = "sha1sum vulscanpro | grep .... | cut -c 1-40"
+ oldVersionofHash = subprocess.check_output(cmd, shell=True)
+ oldVersionofHash = oldVersionofHash.strip()
+ os.system("wget -N https://raw.githubusercontent.com/thenurhabib/vulscanpro/master/vulscanpro -O vulscanpro > /dev/null 2>&1")
+ newVersionofHash = subprocess.check_output(cmd, shell=True)
+ newVersionofHash = newVersionofHash.strip()
+ if oldVersionofHash == newVersionofHash:
+ clearFunction()
+ print(f"\t{bold}You already have the latest version of VulScanPro.{reset}")
+ else:
+ clearFunction()
+ print(f"{bold}\tVulScanPro successfully updated to the latest version.{reset}")
+ spinner.stop()
+ sys.exit(1)
+
+elif argumentNameSpace.target:
+ target = urlMarkerFunction(argumentNameSpace.target)
+ os.system("rm /tmp/te* > /dev/null 2>&1")
+ os.system("clear")
+ os.system("setterm -cursor off")
+ BannerFunction()
+ print(f"{bold}{blue}Checking Available Security Scanning Tools Phase... Initiated.{reset}\n")
+
+ unavalableToolNames = list()
+
+ while (scanAvailTools < len(toolsPreCheck)):
+ preComandLine = str(toolsPreCheck[scanAvailTools][argumentOne])
+ try:
+ p = subprocess.Popen([preComandLine], stdin=subprocess.PIPE,
+ stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
+ output, err = p.communicate()
+ val = output + err
+ except:
+ print(f"\t{bold}{blue}VulScanPro was terminated abruptly.{reset}")
+ sys.exit(1)
+
+ if b"Not Found" in val or toolsPreCheck[scanAvailTools][argumentOne] in argumentNameSpace.skip:
+ if b"not found" in val:
+ print(
+ f"\t{blue}{toolsPreCheck[scanAvailTools][argumentOne]}{reset}{red}...unavailable.{reset}")
+
+ elif toolsPreCheck[scanAvailTools][argumentOne] in argumentNameSpace.skip:
+ print(
+ f"\t{blue}{toolsPreCheck[scanAvailTools][argumentOne]}{reset}{red}...skipped.{reset}")
+
+ for scanner_index, scanner_val in enumerate(toolNames):
+ if scanner_val[2] == toolsPreCheck[scanAvailTools][argumentOne]:
+
+ scanner_val[3] = 0
+ unavalableToolNames.append(
+ toolsPreCheck[scanAvailTools][argumentOne])
+
+ else:
+ print(
+ f"\t{blue}{toolsPreCheck[scanAvailTools][argumentOne]}{reset}{green}...available.{reset}")
+ scanAvailTools = scanAvailTools + 1
+ clearFunction()
+ unavalableToolNames = list(set(unavalableToolNames))
+ if len(unavalableToolNames) == 0:
+ print(f"\t{green}All Scanning Tools are available.{reset}")
+ else:
+ print(f"\t{orange}Some of these tools {red}" + str(unavalableToolNames) + f"{reset}{orange}are unavailable.{reset}")
+ print(f"{bold}{blue}\nChecking Available Security Scanning Tools Phase... Completed.{reset}")
+ print("\n")
+ print(f"Preliminary Scan Phase Initiated... Loaded"+str(toolChecksVariable)+" vulnerability checks.")
+
+ while(tool < len(toolNames)):
+ print("["+toolStatus[tool][argumentThree]+toolStatus[tool][argumentFour]+"] Deploying "+str(tool+1) +"/"+str(toolChecksVariable)+" | "+blue+toolNames[tool][argumentTwo]+reset,)
+ if toolNames[tool][argumentFour] == 0:
+ print(f"{orange}\nScanning Tool Unavailable. Skipping Test...\n{reset}")
+ scanSkippedTools = scanSkippedTools + 1
+ tool = tool + 1
+ continue
+ try:
+ spinner.startFunction()
+ except Exception as e:
+ print("\n")
+ scanStartVariable = time.time()
+ temporarryFilesVariable = f"/tmp/VulScanPro_temp_{toolNames[tool][argumentOne]}"
+ cmd = toolCMD[tool][argumentOne]+target + \
+ toolCMD[tool][argumentTwo]+" > "+temporarryFilesVariable+" 2>&1"
+
+ try:
+ subprocess.check_output(cmd, shell=True)
+ except KeyboardInterrupt:
+ runTest = 0
+ except:
+ runTest = 1
+
+ if runTest == 1:
+ spinner.stop()
+ scanStopVariable = time.time()
+ elapsed = scanStopVariable - scanStartVariable
+ scanTotalElapsed = scanTotalElapsed + elapsed
+ print(blue+"Scan Completed in " + displayTimeFunction(int(elapsed))+reset, end="\r", flush=True)
+ print("\n")
+ scanToolOutputFileVariable = open(temporarryFilesVariable).read()
+ if toolStatus[tool][argumentTwo] == 0:
+ if toolStatus[tool][argumentOne].lower() in scanToolOutputFileVariable.lower():
+ vulnerabilityRemedInformationFunction(
+ tool, toolResponse[tool][argumentTwo], toolResponse[tool][argumentThree])
+ scanVulnerablitryList.append(
+ toolNames[tool][argumentOne]+"*"+toolNames[tool][argumentTwo])
+ else:
+ if any(i in scanToolOutputFileVariable for i in toolStatus[tool][argumentSix]):
+ m = 1
+ else:
+ vulnerabilityRemedInformationFunction(
+ tool, toolResponse[tool][argumentTwo], toolResponse[tool][argumentThree])
+ scanVulnerablitryList.append(
+ toolNames[tool][argumentOne]+"*"+toolNames[tool][argumentTwo])
+ else:
+ runTest = 1
+ spinner.stop()
+ scanStopVariable = time.time()
+ elapsed = scanStopVariable - scanStartVariable
+ scanTotalElapsed = scanTotalElapsed + elapsed
+
+ print(blue+"\nScan Interrupted in " + displayTimeFunction(int(elapsed))+reset, end="\r", flush=True)
+ print(f"{orange}\n\tTest Skipped. Performing Next. Press Ctrl+Z to Quit VulScanPro.\n{reset}")
+ scanSkippedTools = scanSkippedTools + 1
+
+ tool = tool + 1
+
+ print(f"{bold}{blue}Preliminary Scan Phase Completed.{reset}\n")
+ print(f"{bold}{blue}Report Generation Phase Initiated.{reset}")
+ if len(scanVulnerablitryList) == 0:
+ print(f"\t{green}No Vulnerabilities Detected.{reset}")
+ else:
+ with open("RS-Vulnerability-Report", "a") as report:
+ while(scanVulnerariblity < len(scanVulnerablitryList)):
+ vulnerableIformation = scanVulnerablitryList[scanVulnerariblity].split(
+ "*")
+ report.write(vulnerableIformation[argumentTwo])
+ report.write("\n------------------------\n\n")
+ temporaryReport_name = "/tmp/VulScanPro_temp_" + \
+ vulnerableIformation[argumentOne]
+ with open(temporaryReport_name, "r") as temporaryReport:
+ data = temporaryReport.read()
+ report.write(data)
+ report.write("\n\n")
+ temporaryReport.close()
+ scanVulnerariblity = scanVulnerariblity + 1
+
+ print(
+ f"\tComplete Vulnerability Report for {blue}{target}{reset}named {green}`RS-Vulnerability-Report`{reset} is available under the same directory VulScanPro resides.")
+
+ report.close()
+
+ for fileIndex, fileName in enumerate(toolNames):
+ with open("RS-Debug-ScanLog", "a") as report:
+ try:
+ with open("/tmp/VulScanPro_temp_"+fileName[argumentOne], "r") as temporaryReport:
+ data = temporaryReport.read()
+ report.write(fileName[argumentTwo])
+ report.write("\n------------------------\n\n")
+ report.write(data)
+ report.write("\n\n")
+ temporaryReport.close()
+ except:
+ break
+ report.close()
+
+ print("\tTotal Vulnerability Checks : " + bold + green+ str(len(toolNames))+reset)
+ print("\tTotal Vulnerability Skipped : " + bold + orange +str(scanSkippedTools)+reset)
+ print("\tTotal Vulnerabilities Detected : " + bold + red +str(len(scanVulnerablitryList))+reset)
+ print("\tTotal Time Elapsed for the Scan : " + bold + blue +displayTimeFunction(int(scanTotalElapsed))+reset)
+ os.system("setterm -cursor on")
+ os.system("rm /tmp/VulScanPro_te* > /dev/null 2>&1")