Enhanced Interactive Vulnerability Scanner

A lightweight, interactive vulnerability scanner that combines passive reconnaissance with active vulnerability testing. Designed as a faster alternative to heavy enterprise tools like Nessus.

Features

✅ Interactive Interface - Simple prompts guide you through the scanning process
✅ Multiple Scan Modes - Passive, Active, and Aggressive scanning options
✅ Organized Output - Clean results saved to timestamped directories
✅ Exploitation Testing - Optional safe exploitation with user confirmation
✅ Comprehensive Reporting - JSON and Markdown reports generated automatically

Quick Start

python3 vuln_scanner.py

The scanner will interactively prompt you for:

1. Target (URL or IP address)
2. Scan Mode (Passive/Active/Aggressive)
3. Exploitation (if Aggressive mode selected)

Scan Modes

🔍 Passive Mode

• Safe, quiet intelligence gathering
• SSL/TLS analysis
• DNS record enumeration
• Security headers analysis
• Subdomain discovery
• Technology detection

🎯 Active Mode

• All passive features PLUS:
• Port scanning
• Web vulnerability scanning
• Nuclei template scanning
• Configuration issue detection

💥 Aggressive Mode

• All active features PLUS:
• SQL injection testing
• XSS vulnerability testing
• Directory traversal testing
• ⚠️ WARNING: Only use on systems you own!

Example Usage

$ python3 vuln_scanner.py

======================================================================
  🔍 Enhanced Interactive Vulnerability Scanner
======================================================================

🎯 Enter target (URL or IP): example.com
✓ Target set: https://example.com
✓ Domain: example.com

🔍 Scan Modes:
  1) Passive - Intelligence gathering only (safe, quiet)
  2) Active - Full vulnerability scanning (detectable)
  3) Aggressive - Active + exploitation attempts (risky)

Select scan mode [1-3]: 2
✓ Active mode selected - Full vulnerability scanning

🚀 STARTING SCAN
Target: https://example.com
Mode: Active
Output: scan_results/example.com_20241201_143022

Output Structure

Results are saved to scan_results/[domain]_[timestamp]/:

• scan_results.json - Detailed JSON results
• scan_report.md - Human-readable markdown report
• nuclei_results.json - Nuclei findings (if available)

Dependencies

Required

• Python 3.6+
• requests
• urllib3

Optional (for enhanced features)

• subfinder - Subdomain enumeration
• nuclei - Vulnerability template scanning
• dnspython - DNS analysis

Install Optional Dependencies

# Install Python packages
pip3 install dnspython

# Install Go tools (if you have Go installed)
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest

Security Notes

⚠️ Important: This tool is designed for defensive security testing of systems you own or have explicit permission to test.

• Passive mode is generally safe and quiet
• Active mode sends requests that may be logged by security systems
• Aggressive mode attempts exploitation and should only be used on your own systems

Comparison to Original Scanners

Feature	Original vuln-aio.py	New vuln_scanner.py
Interactive	Limited	Full interactive
Output Organization	Scattered files	Organized directories
Scan Modes	No clear distinction	Clear Passive/Active/Aggressive
Exploitation	Mixed with scanning	Separate with confirmation
Reporting	Basic markdown	JSON + Markdown reports
User Experience	Command-line args	Guided prompts

Tips

• Start with Passive mode to gather intelligence safely
• Use Active mode for comprehensive vulnerability assessment
• Only use Aggressive mode on systems you own or have permission to test
• Review the generated reports for detailed findings and recommendations

---

Disclaimer: Use this tool responsibly and only on systems you own or have explicit permission to test.