{"id":15172709,"url":"https://github.com/aziz0x48/vmass","last_synced_at":"2025-08-20T04:32:54.282Z","repository":{"id":58128510,"uuid":"528971514","full_name":"aziz0x48/vMass","owner":"aziz0x48","description":"vMass Bot :hook: Vulnerability Scanner \u0026 Auto Exploiter Tool Written in Perl.","archived":false,"fork":false,"pushed_at":"2023-06-05T19:47:52.000Z","size":79,"stargazers_count":177,"open_issues_count":0,"forks_count":41,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-12-19T07:07:05.472Z","etag":null,"topics":["auto-exploit","bot","drupal","exploit","exploitation-framework","hacking-tool","joomla","magento","pentest-tool","pentesting","perl","prestashop","security-tools","vulnerability","vulnerability-detection","vulnerability-scanners","wordpress","wpscan"],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aziz0x48.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-08-25T18:24:54.000Z","updated_at":"2024-12-15T15:38:26.000Z","dependencies_parsed_at":"2023-09-23T10:42:00.085Z","dependency_job_id":"4e8c41d1-4ed0-4d2f-b1f7-3d4423e564c3","html_url":"https://github.com/aziz0x48/vMass","commit_stats":{"total_commits":60,"total_committers":3,"mean_commits":20.0,"dds":0.25,"last_synced_commit":"b5cf27110d4632465493306190eb3807cf2e7eb8"},"previous_names":["azizz98/vmass","c99tn/vmass","aziz0x48/vmass"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aziz0x48%2FvMass","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aziz0x48%2FvMass/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aziz0x48%2FvMass/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aziz0x48%2FvMass/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aziz0x48","download_url":"https://codeload.github.com/aziz0x48/vMass/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230394228,"owners_count":18218707,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auto-exploit","bot","drupal","exploit","exploitation-framework","hacking-tool","joomla","magento","pentest-tool","pentesting","perl","prestashop","security-tools","vulnerability","vulnerability-detection","vulnerability-scanners","wordpress","wpscan"],"created_at":"2024-09-27T10:03:49.597Z","updated_at":"2024-12-19T07:07:13.348Z","avatar_url":"https://github.com/aziz0x48.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"# vMass Bot  :hook:  FREE Version 1.2\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/c99tn/Randoms/master/n.png?token=GHSAT0AAAAAABVX6V7OVKN5YN5NXLEK7T6MYYHZ5VA\" width=\"850\"\u003e\n\u003c/p\u003e  \n\u003cp align=\"center\"\u003e \n\u003ca href=\"#requirements-wrench\"\u003eRequirements\u003c/a\u003e  ◦ \n\u003ca href=\"#installation-package\"\u003eInstallation\u003c/a\u003e  ◦ \n\u003ca href=\"#usage--rescue_worker_helmet\"\u003eUsage\u003c/a\u003e  ◦ \n\u003ca href=\"#contact--speech_balloon\"\u003eContact\u003c/a\u003e \n\u003c/p\u003e \n\u003cbr\u003e   \n\u003cb\u003evMass Bot\u003c/b\u003e automates the exploitation of remote hosts by trying to find environment files (.env) in the target hosts and extract tools and info insde, \nthen the bot detects the targets host CMS and tries to auto-exploit and upload shell payload using the vMass vulnerability set \u003cb\u003e( 108 exploits in the current version 1.2, check the full vulnerability list in our \u003ca href=\"https://t.me/+7wraokmFiCcxOTk0\"\u003eTelegram Channel\u003c/a\u003e )\u003c/b\u003e.  \n\nNo target list ? No worries, \u003cb\u003evMass Bot\u003c/b\u003e can generate hosts lists from IP ranges, URL list, dotenv low profile dorks and scrapes from (bing, duckduckgo, ..) or you can use IP ranges from various hosting providers for best hit rate while scanning, then generated lists can be checked using the bot to eleminate invalid/dead hosts.\n      \n\nExtracted Tools, can be filtered and tested to only keep working ones (test smtp delivery and twilio api balance), the bot can also use wp hosts with phpmyadmin access to perform auto upload (admin takeover) if the CMS Exploits failed, working tools can be delivered right to your telegram channel inbox by settings up your telegram webhook in the Bot. The whole process from generating hosts and scanning to delivering the results to Telegram, can be automated using the AUTOPILOT option (For more information, check vMass Bot \u003ca href=\"/#\"\u003eUsage\u003c/a\u003e).\n\n# Requirements :wrench:\n- Perl v5.x+ ( For Windows, get \u003ca href=\"https://strawberryperl.com/\"\u003eStrawberry Perl\u003c/a\u003e )\n- RDP/VPS ( \u003cb\u003eOptional\u003c/b\u003e )\n\n# Installation :package:\n1- Clone vMass Bot\n``` \n$ git clone https://github.com/c99tn/vMass.git\n$ cd vMass\n```\n2- Install required Perl Modules -- IMPORTANT\nInstall Modules with Bash Script\n```\n$ chmod +x install.sh\n$ bash install.sh\n```\n\u003cb\u003eOR\u003c/b\u003e  \nInstall Perl modules manually\n```\n$ perl -MCPAN -e shell \ncpan[1]\u003e install Net::IP\n         install Net::DNS::Resolver\n         install LWP::UserAgent\n         install HTTP::Request::Common\n         install WWW::Mechanize\n         install Term::ANSIColor\ncpan[1]\u003e quit\n```\n3- Launch vMass Bot\n```\n$ perl vMass.pl\n```\n# Usage  :rescue_worker_helmet:\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/c99tn/Randoms/master/zoomed.png?token=GHSAT0AAAAAABVX6V7OMNF66DBGMCXAJ3SSYYIEZLQ\" width=\"800\"\u003e\n\u003c/p\u003e  \n\u003cp align=\"center\"\u003e\n\u003cb\u003evMass FREE Version only includes Features with :green_square:\u003c/b\u003e  \n\u003c/p\u003e \n\n\n| Command | Description |\n| :---: | --- |\n| 1 | :green_square: Generate target hosts from given IP Range, you can use more as many ranges as you like (ex:  100.20.0.0/14 )              |\n| 2 | :yellow_square: Generate target hosts from given dorks or using the bot env dorks, you can specify target hosts region, TLDs and search engines |\n| 3 | :green_square: Generate target hosts from given Website List, PS: URL Lists must me domain.com format only without www or https          |\n| 4 | :green_square: Generate target hosts from provided hosting ip range, range is picked randomly, you can change range before starting      |\n| 5 | :green_square: Check the targets hosts to filter Live Running IPS from dead ones.                                                        |\n| 6 | :green_square: Scan the target hosts for possible .env files, the bot will test all host directories and saves host if env is found      |\n| 7 | :yellow_square: Scan the target hosts for .env and perform auto exploit based on host CMS to upload shell payload (108 exploits)          |\n| 8 | :yellow_square: Under Construction...  :ninja:                                                                                            |\n| 9 | :green_square: Extract tools from hosts where env file is found based on tool type                                                       |\n| 10| :yellow_square: test extracted SMTPs, an email input is required, if the smtp delivers, the smtp info will be in the email body           |\n| 11| :yellow_square: test extracted TWILIOs APIs validity and balance                                                                          |\n| 12| :yellow_square: try to find phpmyadmin login page path, and perform admin takeover method to upload shell in Wordpress CMS hosts               |\n| 13| :yellow_square: Transfer all tools to a private telegram channel, telegram webhook is required                                            |\n|1337| :yellow_square: performs all the steps above one after another, you just configure the bot, start it and results will be delivered to your telegram, best use for RDP/VPS and with big target hosts list |\n\u003cbr\u003e\n\n# Contact :speech_balloon:\nGot a Question ?\nsend me DM on \u003ca href=\"https://t.me/dpr52\"\u003eTelegram\u003c/a\u003e\n\n# Disclaimer :bangbang:\nvMass Bot was created for educational purposes only, Any actions and/or activities done using this bot is solely your responsibility.\n\n## :ringed_planet: Join Our Channel To be Notified of Updates and New Releases :ringed_planet:\n \n\u003cbr\u003e\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://t.me/+7wraokmFiCcxOTk0\"\u003e\n\u003cimg src=\"https://raw.githubusercontent.com/c99tn/Randoms/master/telegram_button_icon_151837.png?token=GHSAT0AAAAAABVX6V7OOUCJTCCDNVAXPHCMYYIHTNA\" width=\"200\" height=\"50\"\u003e\n\u003c/a\u003e\n\u003c/p\u003e\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faziz0x48%2Fvmass","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faziz0x48%2Fvmass","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faziz0x48%2Fvmass/lists"}