Share
## https://sploitus.com/exploit?id=3F523753-FC10-5FE5-852C-E313075536DF
# VulnScan โ€” Automatic Vulnerability Scanner
### Kali Linux Edition | Python 3 | Zero Dependencies

---

## What It Does

| Module | Checks |
|--------|--------|
| **Port Scanner** | TCP scan with service fingerprinting, risky service detection |
| **Header Scanner** | Missing HSTS, CSP, X-Frame-Options, cookie flags, info disclosure |
| **SSL Scanner** | Expired certs, self-signed, TLS 1.0/1.1, weak ciphers, hostname mismatch |
| **Credential Scanner** | FTP anonymous, Redis unauthenticated, MongoDB open, Elasticsearch open, HTTP Basic Auth |
| **Web Scanner** | Sensitive files, directory listing, CORS misconfig, reflected XSS, SQLi errors, open redirects |

---

## Quick Start

```bash
# Clone / copy into your Kali machine
cd ~/tools
git clone  vulnscan   # or copy the folder

# Run setup (once only)
cd vulnscan
bash setup.sh

# Reload shell
source ~/.bashrc

# Scan a target
vulnscan 192.168.1.100
```

---

## Usage

```
vulnscan  [options]

Positional:
  target              IP address or domain name

Options:
  -p, --ports         Port range (default: 1-1024)
                      Examples: 80,443 | 1-65535 | 22,80,443
  -t, --threads       Thread count (default: 100)
  --timeout           Timeout per connection in seconds (default: 2.0)
  -o, --output        Save report: report.json or report.txt
  -v, --verbose       Verbose output (show all probes)
  --no-color          Disable ANSI colors
  --skip-ports        Skip port scanning
  --skip-headers      Skip HTTP header analysis
  --skip-ssl          Skip SSL/TLS analysis
  --skip-creds        Skip default credential check
  --skip-web          Skip web vulnerability scan
```

### Examples

```bash
# Full scan of local machine
vulnscan 192.168.1.1

# Scan all 65535 ports, 300 threads, save JSON report
vulnscan 192.168.1.1 -p 1-65535 -t 300 -o report.json

# Web-only scan of a domain
vulnscan example.com --skip-ports --skip-creds -v

# Quick scan with text report
vulnscan 10.0.0.5 -p 80,443,8080,8443 -o results.txt

# Verbose scan with custom timeout
vulnscan target.local --timeout 3.0 -v
```

---

## File Structure

```
vulnscan/
โ”œโ”€โ”€ vulnscan.py           โ† Main entry point
โ”œโ”€โ”€ setup.sh              โ† One-time installer
โ”œโ”€โ”€ requirements.txt      โ† Optional pip packages
โ”œโ”€โ”€ core/
โ”‚   โ”œโ”€โ”€ __init__.py
โ”‚   โ”œโ”€โ”€ banner.py         โ† ASCII banner
โ”‚   โ”œโ”€โ”€ utils.py          โ† Colors, helpers, port parser
โ”‚   โ”œโ”€โ”€ port_scanner.py   โ† Module 1: TCP port scan
โ”‚   โ”œโ”€โ”€ header_scanner.py โ† Module 2: HTTP security headers
โ”‚   โ”œโ”€โ”€ ssl_scanner.py    โ† Module 3: SSL/TLS checks
โ”‚   โ”œโ”€โ”€ credential_scanner.py โ† Module 4: Default credentials
โ”‚   โ”œโ”€โ”€ web_scanner.py    โ† Module 5: Web vulnerabilities
โ”‚   โ””โ”€โ”€ reporter.py       โ† Summary + file export
โ””โ”€โ”€ reports/              โ† Auto-created output folder
```

---

## Severity Levels

| Level | Color | Meaning |
|-------|-------|---------|
| CRITICAL | Red Bold | Immediate exploitation risk (open Redis, MongoDB, expired cert) |
| HIGH | Red | Serious vulnerability requiring prompt fix |
| MEDIUM | Yellow | Notable weakness that should be addressed |
| LOW | Cyan | Minor issue / best practice violation |
| INFO | Gray | Informational, no immediate risk |

---

## Legal

> โš ๏ธ **For authorized penetration testing only.**  
> Use this tool only on systems you own or have **written permission** to test.  
> Unauthorized scanning is illegal under the Computer Fraud and Abuse Act (CFAA) and equivalent laws worldwide.

---

## Extending VulnScan

Add a new module by:
1. Creating `core/my_module.py` with a class that returns `{"findings": [...]}`
2. Importing it in `vulnscan.py`
3. Adding the scan call in `run_scan()`

Each finding dict should have: `module`, `severity`, `title`, `description`, `recommendation`.