th3Collect0r is a Go program designed to automate the process of scanning a list of domains for security vulnerabilities using various tools. It combines the outputs of waybackurls, katana, gau, and hakrawler, and performs fuzzing scans using custom Nuclei templates to identify potential security issues.
Before running th3Collect0r, ensure you have the following prerequisites:
- Go installed on your system (tested with Go 1.16).
- The following tools must be installed and available in your PATH:
waybackurls
katana
gau
hakrawler
nuclei
-
Clone this repository to your local machine:
git clone https://github.com/hithmast/script_collect.git
-
Change into the project directory:
cd th3Collect0r
-
Build the program:
go build th3Collect0r.go
./th3Collect0r [OPTIONS] FILE_PATH
Scan a list of domains for security vulnerabilities using various tools.
Options:
-p PARALLEL
: Number of processes to run in parallel. Default: 4.-nf FLAGS
: Custom Nuclei flags to use for all scans.-t TEMPLATE
: Specify the custom Nuclei template for the first scan.-t TEMPLATE
: Specify the custom Nuclei template for the second scan.-t TEMPLATE
: Specify the custom Nuclei template for the third scan.-t TEMPLATE
: Specify the custom Nuclei template for the fourth scan.-t TEMPLATE
: Specify the custom Nuclei template for the fifth scan.-s
: Run th3Collect0r in silent mode. No output will be displayed.-d DOMAIN
: Perform scans on a single target domain.
Keep in mind That all template you picked must be inside ~/nuclei-templates
-
Basic usage with a list of domains in a file:
./th3Collect0r -p 4 domains.txt
-
Run th3Collect0r in silent mode:
./th3Collect0r -s -p 4 domains.txt
-
Perform scans on a single target domain:
./th3Collect0r -d example.com
-
Customize the Nuclei flags and templates:
./th3Collect0r -nf "-sa -rl 50" -t /nuclei-templates/path/to/custom-template.yaml domains.txt -f domains.txt
This project is licensed under the MIT License.
th3Collect0r is provided for educational and research purposes only. Use this program responsibly and ensure you have proper authorization to scan the domains.
Contributions are welcome! If you find any issues or have suggestions for improvements, please open an issue or create a pull request.
- Mohamed Ashraf - Elcapitano07x
- Ali Emara - Hithmast