Web Vulnerability Scanning Script Guide

Prerequisites

Before running the script, make sure the following tools are installed:

nmap
nikto
whatweb
wpscan (for WordPress websites)

Install Tools on Debian-based Systems

sudo apt update
sudo apt install nmap nikto whatweb wpscan -y

Installing the Script on Linux & Termux

Follow the steps below to install the necessary tools and run the vulnerability scanning script on Linux or Termux environments:

First, ensure that the following tools are installed. For Linux, use the apt package manager, and for Termux, use pkg:

sudo apt install nmap nikto whatweb wpscan -y

pkg install nmap nikto whatweb wpscan -y

Download or create a new file named web_vuln_scan.sh and paste the script code into it.
Make the script executable by running the following command:
```
chmod +x web_vuln_scan.sh
```
Run the script with the domain you want to scan like this:
```
./web_vuln_scan.sh example.com
```

Bash Script Code

#!/bin/bash

# Check if the domain is provided as an argument
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <domain>"
    exit 1
fi

DOMAIN=$1
SUBDOMAINS="$DOMAIN-subdomains.txt"

# Finding subdomains using DNS enumeration with Nmap
echo "==> Finding subdomains for $DOMAIN using Nmap..."
nmap -p 80,443 --script dns-brute "$DOMAIN" | grep "A " | awk '{print $2}' > $SUBDOMAINS
echo "Subdomains saved to $SUBDOMAINS"

# Scan each subdomain for vulnerabilities
while read -r SUBDOMAIN; do
    echo "---------------------------------------------"
    echo "==> Scanning $SUBDOMAIN for vulnerabilities..."
    
    # Basic website information using WhatWeb
    echo "Running WhatWeb on $SUBDOMAIN..."
    whatweb "$SUBDOMAIN"
    
    # Scan for common vulnerabilities using Nikto
    echo "Running Nikto on $SUBDOMAIN..."
    nikto -host "$SUBDOMAIN"
    
    # Check if the site is a WordPress site, and run WPScan if it is
    echo "Checking if $SUBDOMAIN is a WordPress site..."
    whatweb "$SUBDOMAIN" | grep -q "WordPress"
    if [ $? -eq 0 ]; then
        echo "$SUBDOMAIN seems to be a WordPress site. Running WPScan..."
        wpscan --url "$SUBDOMAIN" --enumerate vp
    fi
done < $SUBDOMAINS

echo "==> Vulnerability scanning completed for $DOMAIN and its subdomains."

Script Explanation

Input: The main domain is provided as an argument to the script.
Subdomain Discovery: The script uses nmap for DNS enumeration to find subdomains of the given domain and saves the results in a file.
Vulnerability Scanning:

WhatWeb gathers initial information about the technologies used by the website.
Nikto scans for common vulnerabilities such as server misconfigurations and outdated software.
If the website is detected as a WordPress site, WPScan identifies vulnerable WordPress plugins.

How to Run the Script

Once you have saved the script (for example, as web_vuln_scan.sh), use the following commands to run it:

chmod +x web_vuln_scan.sh
./web_vuln_scan.sh example.com

Note: This script is designed for general websites and can be used for initial vulnerability detection. For deeper analysis, more advanced tools and additional steps are required. Always obtain permission from the website owner before performing any security tests.