{"id":18268189,"url":"https://github.com/blackhatethicalhacking/terminatorz","last_synced_at":"2025-04-06T15:12:44.514Z","repository":{"id":111385335,"uuid":"595814866","full_name":"blackhatethicalhacking/TerminatorZ","owner":"blackhatethicalhacking","description":"TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.","archived":false,"fork":false,"pushed_at":"2024-09-06T13:28:47.000Z","size":76,"stargazers_count":274,"open_issues_count":16,"forks_count":38,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-30T12:08:32.985Z","etag":null,"topics":["bugbounty","bugbounty-tool","hacking","offensive-security","penetration-testing","pentesting","redteam"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/blackhatethicalhacking.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"blackhatethicalhacking","patreon":"blackhatethicalhacking"}},"created_at":"2023-01-31T21:33:14.000Z","updated_at":"2025-03-18T14:04:54.000Z","dependencies_parsed_at":null,"dependency_job_id":"f9c5f356-eba8-43b5-8ef2-6b7e85f8edf5","html_url":"https://github.com/blackhatethicalhacking/TerminatorZ","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackhatethicalhacking%2FTerminatorZ","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackhatethicalhacking%2FTerminatorZ/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackhatethicalhacking%2FTerminatorZ/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/blackhatethicalhacking%2FTerminatorZ/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/blackhatethicalhacking","download_url":"https://codeload.github.com/blackhatethicalhacking/TerminatorZ/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247500469,"owners_count":20948880,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","bugbounty-tool","hacking","offensive-security","penetration-testing","pentesting","redteam"],"created_at":"2024-11-05T11:30:21.370Z","updated_at":"2025-04-06T15:12:44.497Z","avatar_url":"https://github.com/blackhatethicalhacking.png","language":"Shell","funding_links":["https://github.com/sponsors/blackhatethicalhacking","https://patreon.com/blackhatethicalhacking"],"categories":[],"sub_categories":[],"readme":"# BHEH's TerminatorZ\n\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"https://www.blackhatethicalhacking.com\"\u003e\u003cimg src=\"https://www.blackhatethicalhacking.com/wp-content/uploads/2022/06/BHEH_logo.png\" width=\"300px\" alt=\"BHEH\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\nTerminatorZ is written by Chris \"SaintDruG\" Abou-Chabke from Black Hat Ethical Hacking and is designed for Offensive Security attacks. \n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003e\u003cb\u003eBlack Hat Ethical Hacking\u003c/b\u003e\u003c/h1\u003e\n\n\u003cp align=\"center\"\u003e\n\u003cimg src=\"https://github-readme-stats.vercel.app/api?username=blackhatethicalhacking\u0026show_icons=true\u0026include_all_commits=true\"\u003e\n\u003cbr\u003e\n\u003cbr\u003e\n\u003c/p\u003e\n\n\u003c!--\n**blackhatethicalhacking** is a ✨ _special_ ✨ repository because its `README.md` (this file) appears on your GitHub profile.\n\nHere are some ideas to get you started:\n\n- πŸ”­ I’m currently working on ...\n- 🌱 I’m currently learning ...\n- πŸ‘― I’m looking to collaborate on ...\n- πŸ€” I’m looking for help with ...\n- πŸ’¬ Ask me about ...\n- πŸ“« How to reach me: ...\n- πŸ˜„ Pronouns: ...\n- ⚑ Fun fact: ...\n--\u003e\n\n\n# Description\n\nTerminatorZ is a highly sophisticated and efficient web security tool that scans for potential vulnerabilities in your web applications. It uses a combination of advanced techniques, including using popular tools like waybackurls and curl, to scan your web applications and highlight any potential vulnerabilities but in a passive and quick way for a quick look. The results are displayed in an easy-to-read format in the terminal, and only vulnerable results are saved for further investigation. With its lightweight and fast nature, TerminatorZ is the perfect tool for any RED Teamer.\n\n\n# What Makes TerminatorZ Unique:\n\nTerminatorZ is special because it's a highly customized for quick and speed high priority known CVES. The script then reads each URL from urls.txt and checks for various vulnerabilities including RCE, CSRF, LFI, open redirect, Log4J, RFI, path traversal, and SQL injection. For each vulnerability, the script performs a test by sending a specific HTTP request and looking for a specific response.\n\nIf the vulnerability is detected, the script will write a message to the domain.txt file indicating that the URL is vulnerable. If the vulnerability is not detected, the script will write a message indicating that the URL is not vulnerable.\n\n**Total POCs it will check so far after v2: 24**\n \nIt is also Special well, because:\n \n![giphy](https://user-images.githubusercontent.com/13942386/220471761-3c554abf-ece4-442f-84de-2b28b5f02329.gif)\n\n\n# The Flow \u0026 Methodology\n\nThe tool starts by asking the user to input the domain they wish to scan. It then creates a folder to store the results and starts the scan. The scan utilizes curl to make HTTP requests to the target domain and checks for various vulnerabilities by injecting known payloads. The tool then checks the responses for indicators of exploitation and validates the results to determine if the target is vulnerable.\n\nThe tool's methodology is carefully designed to ensure that each type of vulnerability is checked specifically and thoroughly. The tool employs a highly analytical and methodical approach to the scanning process, which results in the identification of even the most elusive vulnerabilities. The tool's logic is designed to be highly efficient and effective, making it the ultimate choice for red team security experts and web security professionals.\n\nIn conclusion, TerminatorZ offers a combination of technology, methodology, and expert logic makes it the ultimate tool for identifying and mitigating web application vulnerabilities. Speed is sometimes needed, if you want more tools that do not focus on speed, please make sure to check our other ones :)\n\n# Features:\n\nScans for various web application vulnerabilities, including:\n\n- File Upload\n\n- Command Injection\n\n- Host Header Injection\n\n- HTTP Parameter Pollution (HPP)\n\n- Clickjacking\n\n- CORS Misconfiguration\n\n- Sensitive Data Exposure\n\n- Session Fixation\n\n- XSS (Cross-site scripting)\n\n- SSRF (Server-side request forgery)\n\n- XXE (XML external entity)\n\n- Insecure deserialization\n\n- Remote Code Execution via Shellshock (RCE)\n\n- SQL Injection (SQLi)\n\n- Cross-Site Scripting (XSS)\n\n- Cross-Site Request Forgery (CSRF)\n\n- Remote Code Execution (RCE)\n\n- Log4J\n\n- Directory Traversal (DT)\n\n- File Inclusion (FI)\n\n- Sensitive Data Exposure (SDE)\n\n- Server Side Request Forgery (SSRF)\n\n- Shell Injection (SI)\n\n- Broken Access Control (BAC)\n\n- Generates Random Sun Tzu Quote for Red Teamers, Checks if you are connected to the Internet too!\n\n- Utilizes tools such as waybackurls, curl, and others for comprehensive vulnerability assessments\n\n- Lightweight and fast, delivering results in real-time directly to the terminal\n\n- Only reports vulnerabilities, making it easy to prioritize and remediate vulnerabilities in a timely manner\n\n# Screenshot\n\n![One](https://github.com/user-attachments/assets/61214770-9840-47ce-9d9c-a75b5d14d24f)\n![Two](https://github.com/user-attachments/assets/d3f89e26-59a9-43d9-ac0e-e3118539ce21)\n![Three](https://github.com/user-attachments/assets/a6220871-c9cb-4f2a-ab30-b97379ef92fa)\n\n\n# Expansion\n\nFeel free to expand more Pocs, and integrate it, the idea is speed, and sending 1 curl, send a push!\n\n# Requirements:\n\n- waybackurls: This tool can be installed by running `go install github.com/tomnomnom/waybackurls@latest`\n\n- cURL: This tool is commonly pre-installed on Kali Linux and Ubuntu, but can be installed by running `apt-get install curl` on Ubuntu or `brew install curl` on MacOS\n\n- httpx: is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryable http library. To install it: `go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest`\n\n- lolcat: `pip install lolcat` for rainbow beauty\n- You also need, toilet, fortune-mod but the new update will install them in the beginning.\n\n# Installation\n\n`git clone https://github.com/blackhatethicalhacking/TerminatorZ.git`\n\n`cd TerminatorZ`\n\n`chmod +x TerminatorZ.sh`\n\n`./TerminatorZ.sh`\n\n# Compatibility: \n\nThis tool has been tested on Kali Linux, Ubuntu and MacOS.\n\n# Latest Version \u0026 Updates:\n\n## Version 2.0:\n\n- Added 8 new Vulnerabilities with exploits:\n\n β€’ File Upload\n\n β€’ Command Injection\n\n β€’ Host Header Injection\n\n β€’ HTTP Parameter Pollution (HPP)\n\n β€’ Clickjacking\n\n β€’ CORS Misconfiguration\n\n β€’ Sensitive Data Exposure\n\n β€’ Session Fixation\n\n## Version 1.1:\n\n- Enhancement in the output, Red for not vulnerable, Green for vulnerable.\n- Counts URLs before starting the attack, which gives you an estimate, based on final URLs.\n- Added 5 more new Vulnerabilities with exploits:\n\n β€’ XSS (Cross-site scripting)\n\n β€’ SSRF (Server-side request forgery)\n\n β€’ XXE (XML external entity)\n\n β€’ Insecure deserialization\n\n β€’ Remote Code Execution via Shellshock (RCE)\n\n# To Do\n\nA lot will be done and added to it, this is the starting point. If you want to contribute, send me a commit explaining what more / better you are doing, and will credit you if it fits the model of design in mind!\n\n# Disclaimer\n\nThis tool is provided for educational and research purpose only. The author of this project are no way responsible for any misuse of this tool. \nWe use it to test under NDA agreements with clients and their consents for pentesting purposes and we never encourage to misuse or take responsibility for any damage caused !\n\n\u003ch2 align=\"center\"\u003e\n \u003ca href=\"https://store.blackhatethicalhacking.com/\" target=\"_blank\"\u003eBHEH Official Merch\u003c/a\u003e\n\u003c/h2\u003e\n\n\u003cp align=\"center\"\u003e\nIntroducing our Merch Store, designed for the Offensive Security community. Explore a curated collection of apparel and drinkware, perfect for both professionals and enthusiasts. Our selection includes premium t-shirts, hoodies, and mugs, each featuring bold hacking-themed slogans and graphics that embody the spirit of red teaming and offensive security. \nHack with style and showcase your dedication to hacker culture with gear that’s as dynamic and resilient as you are. 😊\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n\n\u003cimg src=\"https://github.com/blackhatethicalhacking/blackhatethicalhacking/blob/main/Merch_Promo.gif\" width=\"540px\" height=\"540\"\u003e\n \u003c/p\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackhatethicalhacking%2Fterminatorz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fblackhatethicalhacking%2Fterminatorz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fblackhatethicalhacking%2Fterminatorz/lists"}