blackhatethicalhacking / TerminatorZ

TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in your web applications.
GNU General Public License v3.0
255 stars 35 forks source link
bugbounty bugbounty-tool hacking offensive-security penetration-testing pentesting redteam

BHEH's TerminatorZ

BHEH

TerminatorZ is written by Chris "SaintDruG" Abou-Chabke from Black Hat Ethical Hacking and is designed for Offensive Security attacks.

Black Hat Ethical Hacking



Description

TerminatorZ is a highly sophisticated and efficient web security tool that scans for potential vulnerabilities in your web applications. It uses a combination of advanced techniques, including using popular tools like waybackurls and curl, to scan your web applications and highlight any potential vulnerabilities but in a passive and quick way for a quick look. The results are displayed in an easy-to-read format in the terminal, and only vulnerable results are saved for further investigation. With its lightweight and fast nature, TerminatorZ is the perfect tool for any RED Teamer.

What Makes TerminatorZ Unique:

TerminatorZ is special because it's a highly customized for quick and speed high priority known CVES. The script then reads each URL from urls.txt and checks for various vulnerabilities including RCE, CSRF, LFI, open redirect, Log4J, RFI, path traversal, and SQL injection. For each vulnerability, the script performs a test by sending a specific HTTP request and looking for a specific response.

If the vulnerability is detected, the script will write a message to the domain.txt file indicating that the URL is vulnerable. If the vulnerability is not detected, the script will write a message indicating that the URL is not vulnerable.

Total POCs it will check so far after v2: 24

It is also Special well, because:

giphy

The Flow & Methodology

The tool starts by asking the user to input the domain they wish to scan. It then creates a folder to store the results and starts the scan. The scan utilizes curl to make HTTP requests to the target domain and checks for various vulnerabilities by injecting known payloads. The tool then checks the responses for indicators of exploitation and validates the results to determine if the target is vulnerable.

The tool's methodology is carefully designed to ensure that each type of vulnerability is checked specifically and thoroughly. The tool employs a highly analytical and methodical approach to the scanning process, which results in the identification of even the most elusive vulnerabilities. The tool's logic is designed to be highly efficient and effective, making it the ultimate choice for red team security experts and web security professionals.

In conclusion, TerminatorZ offers a combination of technology, methodology, and expert logic makes it the ultimate tool for identifying and mitigating web application vulnerabilities. Speed is sometimes needed, if you want more tools that do not focus on speed, please make sure to check our other ones :)

Features:

Scans for various web application vulnerabilities, including:

Screenshot

One Two Three

Expansion

Feel free to expand more Pocs, and integrate it, the idea is speed, and sending 1 curl, send a push!

Requirements:

Installation

git clone https://github.com/blackhatethicalhacking/TerminatorZ.git

cd TerminatorZ

chmod +x TerminatorZ.sh

./TerminatorZ.sh

Compatibility:

This tool has been tested on Kali Linux, Ubuntu and MacOS.

Latest Version & Updates:

Version 2.0:

Version 1.1:

To Do

A lot will be done and added to it, this is the starting point. If you want to contribute, send me a commit explaining what more / better you are doing, and will credit you if it fits the model of design in mind!

Disclaimer

This tool is provided for educational and research purpose only. The author of this project are no way responsible for any misuse of this tool. We use it to test under NDA agreements with clients and their consents for pentesting purposes and we never encourage to misuse or take responsibility for any damage caused !

BHEH Official Merch

Introducing our Merch Store, designed for the Offensive Security community. Explore a curated collection of apparel and drinkware, perfect for both professionals and enthusiasts. Our selection includes premium t-shirts, hoodies, and mugs, each featuring bold hacking-themed slogans and graphics that embody the spirit of red teaming and offensive security. Hack with style and showcase your dedication to hacker culture with gear that’s as dynamic and resilient as you are. 😊