Skip to content
View yxanul's full-sized avatar
0 followers Β· 1 following

Block or report yxanul

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
yxanul/README.md

🌐 yxanul: The Ultimate Web Scanning Toolkit

yxanul is a powerful, all-in-one web scanning toolkit designed to streamline reconnaissance and vulnerability assessment. Built with Go, it integrates cutting-edge tools for WAF detection, crawling, and scanning, making it a must-have for penetration testers, bug bounty hunters, and security enthusiasts.

πŸš€ Features

  • πŸ” WAF Detection: Automatically detect Web Application Firewalls (WAFs) using wafw00f.
  • πŸ•ΈοΈ Intelligent Crawling: Traverse JavaScript-heavy websites and extract actionable URLs with Katana.
  • 🌐 Live Host Probing: Validate and filter live URLs using HTTPX.
  • πŸ›‘οΈ Vulnerability Scanning: Unleash the power of Nuclei with template-based vulnerability detection.
  • βš™οΈ Flexible Modes: Choose between aggressive and standard scanning modes based on your needs.

πŸ“¦ Installation

Prerequisites

Ensure the following tools are installed on your system:

Clone and Build

  1. Clone the repository:

    git clone https://github.com/yxanul/yxanul.git
cd yxanul

  2. Build the binary:

    go build -o yxanul

  3. Verify the binary is ready:

    ./yxanul -h

πŸ’» Usage

Run yxanul with the following options:

Basic Usage

./yxanul -url <target-url>

Aggressive Mode

For faster scans:

./yxanul -url <target-url> -a

πŸ› οΈ How It Works

  1. Step 1: Detects WAF presence on the target website using wafw00f.
  2. Step 2: Crawls the site using Katana, extracting JavaScript-heavy links, sitemaps, and robots.txt.
  3. Step 3: Probes discovered URLs using HTTPX to identify live hosts.
  4. Step 4: Scans live URLs for vulnerabilities with Nuclei, leveraging its powerful template engine.

βš™οΈ Configuration

Customize the behavior of yxanul by modifying the integrated tool configurations:

  • Adjust crawling depth, concurrency, or rate-limiting in Katana.
  • Tune Nuclei to load custom templates with -nt or -as for specific scans.

πŸ“– Example

Scanning the OWASP Juice Shop:

./yxanul -url https://juice-shop.herokuapp.com -a

Sample output:

WAF Detected: No WAF detected
Running Katana for crawling...
Running HTTPX to probe URLs...
Running Nuclei on probed URLs...
Scan completed successfully!

🧩 Contributing

Contributions are welcome! If you find a bug or have an idea for improvement:

  1. Fork the repository.
  2. Create a new branch (feature/my-feature).
  3. Commit your changes.
  4. Push the branch and create a pull request.

πŸ›‘οΈ License

This project is licensed under the MIT License. See the LICENSE file for details.

✨ Acknowledgments

🌟 Support

If you enjoy using yxanul, feel free to ⭐ the repo and share it with the community!

Let me know if you’d like to modify anything further! πŸš€

  • πŸ’¬ Ask me about ...
  • πŸ“« How to reach me: ...
  • πŸ˜„ Pronouns: ...
  • ⚑ Fun fact: ... -->

Popular repositories Loading

  1. yxanul yxanul Public

    A web scanning toolkit with WAF detection, crawling, and vulnerability scanning.

    Go 1