-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathNucleiFuzzer.sh
89 lines (76 loc) · 2.8 KB
/
NucleiFuzzer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
#!/bin/bash
# ASCII art
echo -e "\e[91m
_ __ __ _ ______
/ | / /__ __ _____ / /___ (_) / ____/__ __ ____ ____ ___ _____
/ |/ // / / // ___// // _ \ / / / /_ / / / //_ //_ / / _ \ / ___/
/ /| // /_/ // /__ / // __// / / __/ / /_/ / / /_ / /_/ __// /
/_/ |_/ \__,_/ \___//_/ \___//_/ /_/ \__,_/ /___//___/\___//_/
Made by Satya Prakash (0xKayala)
Upgraded By PushkraJ
\e[0m"
# Help menu
display_help() {
echo -e "NucleiFuzzer is a Powerful Automation tool for detecting XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities in Web Applications\n\n"
echo -e "Usage: $0 [options]\n\n"
echo "Options:"
echo " -h, --help Display help information"
echo " -d, --domain <domain> Domain to scan for XSS, SQLi, SSRF, Open-Redirect, etc. vulnerabilities"
exit 0
}
# Get the current user's home directory
home_dir=$(eval echo ~$USER)
# Check if ParamSpider is already cloned and installed
if ! command -v paramspider &> /dev/null; then
echo "Installing ParamSpider..."
git clone https://github.com/devanshbatham/paramspider.git "$home_dir/paramspider"
cd "$home_dir/paramspider" || exit
pip install .
fi
# Check if fuzzing-templates is already cloned.
if [ ! -d "$home_dir/fuzzing-templates" ]; then
echo "Cloning fuzzing-templates..."
git clone https://github.com/projectdiscovery/fuzzing-templates.git "$home_dir/fuzzing-templates"
fi
# Check if nuclei is installed, if not, install it
if ! command -v nuclei &> /dev/null; then
echo "Installing Nuclei..."
go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
fi
# Step 1: Parse command line arguments
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
-h|--help)
display_help
;;
-d|--domain)
domain="$2"
shift
shift
;;
*)
echo "Unknown option: $key"
display_help
;;
esac
done
# Step 2: Ask the user to enter the domain name
if [ -z "$domain" ]; then
echo "Enter the domain name: target.com"
read domain
fi
# Step 3: Get the vulnerable parameters of the given domain name using ParamSpider tool and save the output into a text file
echo "Running ParamSpider on $domain"
paramspider -d "$domain"
# Check whether URLs were collected or not
if [ ! -s output/$domain.txt ]; then
echo "No URLs Found. Exiting..."
exit 1
fi
# Step 4: Run the Nuclei Fuzzing templates on $domain.txt file
echo "Running Nuclei on $domain.txt"
nuclei -l output/$domain.txt -t "$home_dir/fuzzing-templates" -rl 05 -es info
# Step 5: End with a general message as the scan is completed
echo "Scan is completed - Happy Fuzzing"