A tool for performing an initial information-gathering scan on a target URL before beginning a web application penetration test. Useful for bug bounty hunting as well.
In my work as a web application penetration tester, I found myself running the same collection of tools before beginning each test as a way to gather information on the target and inform further in-depth manual testing. I created initial-scan as a way to easily install, update, and run these tools automatically. I periodically add new tools as I come across them, and pull requests are welcome.
./initial-scan.sh [URL] [TARGET]
A full URL including the scheme and/or port is required, as well as a target name. An output directory will be created using the target name along with a timestamp for each run of the script, so no output will be overwritten.
Certain tools like Breacher won't work on file paths, like index.html, so make sure to use a directory path, like /some/path/directory/, as well as including a trailing slash, if you want to use Breacher.
Examples:
./initial-scan.sh https://www.example.com example./initial-scan.sh https://www.example.com/some/path/directory/ example
All tools can be installed into the ~/tools directory (created as needed) by running ./initial-scan.sh install. Existing tools will be removed and re-pulled from Github. This acts as an updater as well.
Custom paths can be used by updating the path location variables for each tool.
Initial Scan uses the following tools:
- nmap (Installed via Kali package)
- whatweb (Installed via Kali package)
- nikto (Installed via Kali package)
- ffuf (Binary downloaded from Github repo)
- gobuster (Installed via Kali package)
- Breacher (Clone Github repo and add path to script)
- bfac (Clone Github repo and add path to script)
- wafw00f (Installed via Kali package)
- sslscan (Installed via Kali package)
- twa (Clone Github repo and add path to script)