🔍 Vulnerability Scanner – Bash-Based Recon & Exploit Toolkit

💡 Overview

Vulnerability Scanner is a powerful Bash-based automation tool crafted for penetration testers and cybersecurity professionals. It combines intelligence gathering, brute-force testing, and exploit analysis into one streamlined command-line utility. Whether you’re conducting a basic recon or an in-depth assessment, this tool helps identify weak spots in a network environment effectively.

---

🚀 Features

• 🔍 Automated Reconnaissance & Scanning
• 🔐 Brute-force login attacks with Hydra
• 🗂️ Directory and file enumeration using Gobuster
• 🧠 WHOIS and ExploitDB Intelligence Gathering
• 💾 Structured output for each IP with auto-zipping for archives
• 📁 Scan management: Start new scans or inspect previous results

---

📦 Prerequisites

Make sure the following tools are installed on your system:

• nmap
• hydra
• gobuster
• whois
• searchsploit (comes with exploitdb)

📄 Required Wordlists

• /usr/share/seclists/Usernames/top-usernames-shortlist.txt
• /usr/share/wordlists/metasploit/unix_passwords.txt
• /usr/share/wordlists/rockyou.txt

🛠️ Install Dependencies (Debian/Ubuntu)

sudo apt update
sudo apt install nmap hydra gobuster whois exploitdb

---

📁 Project Directory Structure

├── vulnerability_scanner.sh             # Main script
├── DB/
│   └── [SCAN_RESULTS]/
│       ├── [IP_REPORTS]/
│       ├── full_scan_results.txt
│       ├── exploit_analysis.txt
│       ├── gobuster_report.txt
│       ├── whois_report.txt
├── .scan                                # Temporary scan state file
├── .chk                                 # Temporary check file

---

⚙️ Usage

Make the script executable and run it:

chmod +x vulnerability_scanner.sh
./vulnerability_scanner.sh

🔧 Options You'll Be Prompted With:

[N] New Scan:
Choose between Basic or Full scan

Provide a valid IP range (e.g., 192.168.1.0/24)

Enter a directory name to store results

[I] Inspect Previous Results:
Enter the target IP address

Automatically zips and shows past results for sharing or review

🧪 Sample Output Files

• Within each scan folder, you’ll find:

• full_scan_results.txt – nmap results

• exploit_analysis.txt – Matches found via searchsploit

• gobuster_report.txt – Directory enumeration output

• whois_report.txt – WHOIS lookup information

• [IP_REPORTS] – Directory with all target-specific logs and data

⚠️ Legal Notice

❗ This tool is intended only for authorized testing and educational use. Do not scan or test any network you do not own or have written permission to assess. Unauthorized use of this tool is illegal and unethical.

👩‍💻 Author

Srishti Rathi 🛡️ Security Researcher | 🕵️ Penetration Tester