Vulneweb.py

import subprocess
import os

# 1. Subdomain Enumeration with Subfinder
def enumerate_subdomains(domain):
    print(f"Enumerating subdomains for {domain}...")
    subdomains = []
    # Run subfinder command to find subdomains
    result = subprocess.run(['subfinder', '-d', domain, '-o', 'subdomains.txt'], capture_output=True, text=True)
    if result.returncode == 0:
        with open('subdomains.txt', 'r') as file:
            subdomains = file.readlines()
    return subdomains

# 2. Check which subdomains are alive and gather tech/services with httpx
def check_alive_subdomains(subdomains):
    print("Checking for live subdomains...")
    live_subdomains = []
    for subdomain in subdomains:
        subdomain = subdomain.strip()
        # Run httpx command to check live subdomains and get services
        result = subprocess.run(['httpx', '-l', subdomain, '-o', 'alive_subdomains.txt'], capture_output=True, text=True)
        if result.returncode == 0:
            with open('alive_subdomains.txt', 'r') as file:
                live_subdomains = file.readlines()
    return live_subdomains

# 3. Vulnerability Scanning (WPScan for WordPress subdomains)
def scan_wordpress_vulnerabilities(subdomains):
    print("Scanning WordPress subdomains for vulnerabilities...")
    wordpress_subdomains = []
    for subdomain in subdomains:
        subdomain = subdomain.strip()
        if "wordpress" in subdomain:
            wordpress_subdomains.append(subdomain)
            result = subprocess.run(['wpscan', '--url', subdomain, '--disable-tls-checks'], capture_output=True, text=True)
            with open(f'wp_scan_results_{subdomain}.txt', 'w') as wp_result_file:
                wp_result_file.write(result.stdout)
    return wordpress_subdomains

# 4. Vulnerability Scanning for Other Technologies (PHP, SQL, Joomla, etc.)
def scan_other_technologies(subdomains):
    print("Scanning for other technologies (PHP, SQL, Joomla, etc.)...")
    php_subdomains = []
    sql_subdomains = []
    joomla_subdomains = []
    
    for subdomain in subdomains:
        subdomain = subdomain.strip()
        if "php" in subdomain:
            php_subdomains.append(subdomain)
            # Run a generic PHP scanner or check
            result = subprocess.run(['wpscan', '--url', subdomain, '--disable-tls-checks'], capture_output=True, text=True)
            with open(f'php_scan_results_{subdomain}.txt', 'w') as php_result_file:
                php_result_file.write(result.stdout)

        if "sql" in subdomain:
            sql_subdomains.append(subdomain)
            # SQL Injection test or other SQL related vulnerability checks
            result = subprocess.run(['sqlmap', '-u', subdomain, '--batch'], capture_output=True, text=True)
            with open(f'sql_scan_results_{subdomain}.txt', 'w') as sql_result_file:
                sql_result_file.write(result.stdout)

        if "joomla" in subdomain:
            joomla_subdomains.append(subdomain)
            # Run Joomla vulnerability scanner
            result = subprocess.run(['joomscan', '-u', subdomain], capture_output=True, text=True)
            with open(f'joomla_scan_results_{subdomain}.txt', 'w') as joomla_result_file:
                joomla_result_file.write(result.stdout)

    return php_subdomains, sql_subdomains, joomla_subdomains

# 5. Organize the Results
def organize_results(domain_file):
    print("Organizing results...")
    with open(domain_file, 'r') as file:
        domains = file.readlines()

    for domain in domains:
        domain = domain.strip()
        print(f"Processing domain: {domain}")

        subdomains = enumerate_subdomains(domain)
        live_subdomains = check_alive_subdomains(subdomains)

        # Scan WordPress vulnerabilities
        wordpress_subdomains = scan_wordpress_vulnerabilities(live_subdomains)

        # Scan for PHP, SQL, Joomla vulnerabilities
        php_subdomains, sql_subdomains, joomla_subdomains = scan_other_technologies(live_subdomains)

        # Save results to separate files
        if wordpress_subdomains:
            with open("wordpress_subdomains.txt", "w") as wp_file:
                wp_file.writelines(wordpress_subdomains)

        if php_subdomains:
            with open("php_subdomains.txt", "w") as php_file:
                php_file.writelines(php_subdomains)

        if sql_subdomains:
            with open("sql_subdomains.txt", "w") as sql_file:
                sql_file.writelines(sql_subdomains)

        if joomla_subdomains:
            with open("joomla_subdomains.txt", "w") as joomla_file:
                joomla_file.writelines(joomla_subdomains)

if __name__ == "__main__":
    # Input file with list of domains
    domain_file = input("Enter the path to the file containing the list of domains: ")
    organize_results(domain_file)