Share
## https://sploitus.com/exploit?id=3F523753-FC10-5FE5-852C-E313075536DF
# VulnScan โ Automatic Vulnerability Scanner
### Kali Linux Edition | Python 3 | Zero Dependencies
---
## What It Does
| Module | Checks |
|--------|--------|
| **Port Scanner** | TCP scan with service fingerprinting, risky service detection |
| **Header Scanner** | Missing HSTS, CSP, X-Frame-Options, cookie flags, info disclosure |
| **SSL Scanner** | Expired certs, self-signed, TLS 1.0/1.1, weak ciphers, hostname mismatch |
| **Credential Scanner** | FTP anonymous, Redis unauthenticated, MongoDB open, Elasticsearch open, HTTP Basic Auth |
| **Web Scanner** | Sensitive files, directory listing, CORS misconfig, reflected XSS, SQLi errors, open redirects |
---
## Quick Start
```bash
# Clone / copy into your Kali machine
cd ~/tools
git clone vulnscan # or copy the folder
# Run setup (once only)
cd vulnscan
bash setup.sh
# Reload shell
source ~/.bashrc
# Scan a target
vulnscan 192.168.1.100
```
---
## Usage
```
vulnscan [options]
Positional:
target IP address or domain name
Options:
-p, --ports Port range (default: 1-1024)
Examples: 80,443 | 1-65535 | 22,80,443
-t, --threads Thread count (default: 100)
--timeout Timeout per connection in seconds (default: 2.0)
-o, --output Save report: report.json or report.txt
-v, --verbose Verbose output (show all probes)
--no-color Disable ANSI colors
--skip-ports Skip port scanning
--skip-headers Skip HTTP header analysis
--skip-ssl Skip SSL/TLS analysis
--skip-creds Skip default credential check
--skip-web Skip web vulnerability scan
```
### Examples
```bash
# Full scan of local machine
vulnscan 192.168.1.1
# Scan all 65535 ports, 300 threads, save JSON report
vulnscan 192.168.1.1 -p 1-65535 -t 300 -o report.json
# Web-only scan of a domain
vulnscan example.com --skip-ports --skip-creds -v
# Quick scan with text report
vulnscan 10.0.0.5 -p 80,443,8080,8443 -o results.txt
# Verbose scan with custom timeout
vulnscan target.local --timeout 3.0 -v
```
---
## File Structure
```
vulnscan/
โโโ vulnscan.py โ Main entry point
โโโ setup.sh โ One-time installer
โโโ requirements.txt โ Optional pip packages
โโโ core/
โ โโโ __init__.py
โ โโโ banner.py โ ASCII banner
โ โโโ utils.py โ Colors, helpers, port parser
โ โโโ port_scanner.py โ Module 1: TCP port scan
โ โโโ header_scanner.py โ Module 2: HTTP security headers
โ โโโ ssl_scanner.py โ Module 3: SSL/TLS checks
โ โโโ credential_scanner.py โ Module 4: Default credentials
โ โโโ web_scanner.py โ Module 5: Web vulnerabilities
โ โโโ reporter.py โ Summary + file export
โโโ reports/ โ Auto-created output folder
```
---
## Severity Levels
| Level | Color | Meaning |
|-------|-------|---------|
| CRITICAL | Red Bold | Immediate exploitation risk (open Redis, MongoDB, expired cert) |
| HIGH | Red | Serious vulnerability requiring prompt fix |
| MEDIUM | Yellow | Notable weakness that should be addressed |
| LOW | Cyan | Minor issue / best practice violation |
| INFO | Gray | Informational, no immediate risk |
---
## Legal
> โ ๏ธ **For authorized penetration testing only.**
> Use this tool only on systems you own or have **written permission** to test.
> Unauthorized scanning is illegal under the Computer Fraud and Abuse Act (CFAA) and equivalent laws worldwide.
---
## Extending VulnScan
Add a new module by:
1. Creating `core/my_module.py` with a class that returns `{"findings": [...]}`
2. Importing it in `vulnscan.py`
3. Adding the scan call in `run_scan()`
Each finding dict should have: `module`, `severity`, `title`, `description`, `recommendation`.