Categorygithub.com/rix4uni/vulntechx
repositorypackage
0.0.5
Repository: https://github.com/rix4uni/vulntechx.git
Documentation: pkg.go.dev
Overview
Dependencies
1
Dependents
0

# Packages

No description provided by the author
No description provided by the author

# README

vulntechx

vulntechx finds vulnerabilities based on tech stack using nuclei tags or fuzzing with ffuf.

Installation

go install github.com/rix4uni/vulntechx@latest

Download prebuilt binaries

wget https://github.com/rix4uni/vulntechx/releases/download/v0.0.5/vulntechx-linux-amd64-0.0.5.tgz
tar -xvzf vulntechx-linux-amd64-0.0.5.tgz
rm -rf vulntechx-linux-amd64-0.0.5.tgz
mv vulntechx ~/go/bin/vulntechx

Or download binary release for your platform.

Compile from source

git clone --depth 1 github.com/rix4uni/vulntechx.git
cd vulntechx; go install

Usage

                __        __               __
 _   __ __  __ / /____   / /_ ___   _____ / /_   _  __
| | / // / / // // __ \ / __// _ \ / ___// __ \ | |/_/
| |/ // /_/ // // / / // /_ /  __// /__ / / / /_>  <
|___/ \__,_//_//_/ /_/ \__/ \___/ \___//_/ /_//_/|_|

                            Current vulntechx version v0.0.5

A longer description of your application.

Usage:
  vulntechx [flags]
  vulntechx [command]

Available Commands:
  completion  Generate the autocompletion script for the specified shell
  ffuf        A brief description of your command
  help        Help about any command
  httpxjson   Parse httpx output to extract hosts and technologies, and format as JSON.
  nuclei      Run Nuclei scans on multiple hosts in parallel, filtering by technology stack.

Flags:
  -h, --help      help for vulntechx
  -u, --update    update vulntechx to latest version
  -v, --version   Print the version of the tool and exit.

Use "vulntechx [command] --help" for more information about a command.

Usage Example

# Step 1, subdomain enumeration and subdomain probing and find tech stack
subfinder -d hackerone.com -all -duc -silent | httpx -duc -silent -nc -mc 200 -t 300 -td | unew httpx.txt

# Step 2, convert httpx output to json
cat httpx.txt | vulntechx httpxjson -o httpxjson-output.json

# Step 3, find vulnerabilities based on tech using nuclei
vulntechx nuclei --file httpxjson-output.json --cmd "nuclei -duc -nc -t ~/nucleihub-templates -tags {tech} -es unknown,info,low" --parallel 10 --process --append nuclei-output.txt

# or
vulntechx nuclei --file httpxjson-output.json --cmd "nuclei -duc -nc -t ~/nucleihub-templates -tc {tech} -es unknown,info,low" --parallel 10 --process --append nuclei-output.txt

# or
vulntechx nuclei --file httpxjson-output.json --cmd "nuclei -duc -nc -t ~/nucleihub-templates -tc {tech} -es unknown,info,low" --parallel 10 --process --exclude-tech "hsts,bootstrap" --append nuclei-output.txt

# Step 4, find vulnerabilities based on tech using fuzzing with ffuf