{"id":25530822,"url":"https://github.com/heinrihs-s/vulnstorm","last_synced_at":"2026-01-16T00:30:15.675Z","repository":{"id":277313891,"uuid":"932028279","full_name":"heinrihs-s/VulnStorm","owner":"heinrihs-s","description":"VulnStorm is an all-in-one, automated vulnerability scanning tool that combines multiple reconnaissance and scanning utilities into one streamlined Bash script.","archived":false,"fork":false,"pushed_at":"2025-02-13T08:51:10.000Z","size":0,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-13T09:33:35.629Z","etag":null,"topics":["shell","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"https://securit.lv","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/heinrihs-s.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-02-13T08:47:47.000Z","updated_at":"2025-02-13T08:52:45.000Z","dependencies_parsed_at":"2025-02-13T09:43:46.093Z","dependency_job_id":null,"html_url":"https://github.com/heinrihs-s/VulnStorm","commit_stats":null,"previous_names":["heinrihs-s/vulnstrom"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heinrihs-s%2FVulnStorm","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heinrihs-s%2FVulnStorm/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heinrihs-s%2FVulnStorm/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/heinrihs-s%2FVulnStorm/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/heinrihs-s","download_url":"https://codeload.github.com/heinrihs-s/VulnStorm/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239753974,"owners_count":19691220,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["shell","vulnerability-scanners"],"created_at":"2025-02-20T00:22:11.480Z","updated_at":"2026-01-16T00:30:15.597Z","avatar_url":"https://github.com/heinrihs-s.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# VulnStorm: Unleash the Storm of Vulnerabilities!\n\nVulnStorm is an all-in-one, automated vulnerability scanning tool that combines multiple reconnaissance and scanning utilities into one streamlined Bash script. Unleash a storm of scans against your target—subdomain enumeration, port scanning, web vulnerability testing, and more!\n\n\u003e **Disclaimer:** This tool is for **educational and authorized testing purposes only**. Always obtain explicit permission before scanning any domain or IP that you do not own.\n\n## Features\n\n- **Subdomain Enumeration:**  \n  Combines [Amass](https://github.com/OWASP/Amass) and [Sublist3r](https://github.com/aboul3la/Sublist3r) for thorough asset discovery.\n- **Port Scanning:**  \n  Uses [Nmap](https://nmap.org/) to scan ports and detect running services.\n- **Web Vulnerability Scanning:**  \n  Leverages [Nikto](https://cirt.net/Nikto2) for common web vulnerabilities.\n- **SQL Injection Testing:**  \n  Automates SQL injection tests with [SQLMap](https://github.com/sqlmapproject/sqlmap).\n- **Directory Brute-forcing:**  \n  Brute-forces web directories using [Gobuster](https://github.com/OJ/gobuster) and [Dirsearch](https://github.com/maurosoria/dirsearch).\n- **SSL/TLS Analysis:**  \n  Checks for SSL/TLS vulnerabilities with [SSLScan](https://github.com/rbsec/sslscan).\n- **Comprehensive Vulnerability Scanning:**  \n  Integrates with [OpenVAS](https://www.openvas.org/) (via `gvm-cli`) for an in-depth scan.\n\n## Installation\n\n1. **Clone the Repository:**\n   ```bash\n   git clone https://github.com/heinrihs-s/VulnStorm.git\n   cd vulnstorm\n   ```\n\n2. **Install Dependencies:**\n\n   Make sure the following tools are installed and in your $PATH:\n   - amass\n   - sublist3r\n   - nmap\n   - nikto\n   - sqlmap\n   - gobuster\n   - dirsearch\n   - sslscan\n   - gvm-cli\n\n   Optional (for faster scans):\n   - parallel\n   - httprobe (to filter live subdomains)\n\n3. **Make the Script Executable:**\n   ```bash\n   chmod +x vulnstorm.sh\n   ```\n\n## Usage\n\n```bash\n./vulnstorm.sh [OPTIONS] \u003cdomain_or_ip\u003e\n```\n\n### Options:\n- `-w, --wordlist \u003cpath\u003e`: Use a custom wordlist for directory brute-forcing. (Default: /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt)\n- `-p, --parallel`: Enable parallel scanning (requires GNU Parallel).\n- `-h, --help`: Display help and usage instructions.\n\n### Example:\n```bash\n./vulnstorm.sh -p example.com\n```\nThis command starts the full automated scan against example.com with parallel scanning enabled.\n\n### Output Example\nAfter running VulnStorm, you'll see outputs like:\n\n```bash\n[+] Starting full automation for vulnerability scanning on: example.com\n[+] All results will be saved in: example.com_scan_results\n\n[+] Running Amass for subdomain enumeration...\n[+] Running Sublist3r for subdomain enumeration...\n[+] Combining subdomain results and checking for live hosts...\n[+] Total subdomains found: 15\n\n[+] Running Nmap for port scanning and service detection...\n# Nmap scan report for sub.example.com (93.184.216.34)\n...\nNmap done: 15 IP addresses (14 hosts up) scanned in 35.68 seconds\n\n[+] Running Nikto for web vulnerability scanning...\n[+] Running SQLMap to test for SQL Injection vulnerabilities...\n[+] Running Gobuster to brute-force directories...\n[+] Running Dirsearch for additional directory brute-forcing...\n[+] Running SSLScan for SSL/TLS vulnerability scanning...\n[+] Running OpenVAS (gvm-cli) for comprehensive vulnerability scanning...\n\n[+] Full vulnerability scanning automation completed for example.com.\n[+] Results are in the example.com_scan_results directory.\n[!] Remember to only test domains you have permission to test.\n```\n\nEach scan's result is saved in the output directory (e.g., example.com_scan_results) with clearly named files for easy review.\n\n## Contributing\n\nWe welcome contributions! If you have ideas to improve VulnStorm, please fork the repository and submit a pull request. Also, feel free to report issues or feature requests.\n\n1. Fork the repository.\n2. Create your feature branch: `git checkout -b feature/my-new-feature`\n3. Commit your changes: `git commit -am 'Add some feature'`\n4. Push to the branch: `git push origin feature/my-new-feature`\n5. Open a pull request.\n\n## License\n\nThis project is licensed under the MIT License.\n\n## Follow \u0026 Share\n\nIf you find VulnStorm useful, give it a star on GitHub and share it with your network!\n\n**Use VulnStorm responsibly and always ensure you have explicit permission before scanning any target.**\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheinrihs-s%2Fvulnstorm","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fheinrihs-s%2Fvulnstorm","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fheinrihs-s%2Fvulnstorm/lists"}