v2.4.0

What's Changed in NucleiFuzzer (Version 2.4.0)

New Features:

Enhanced Help Menu:

• Introduced a comprehensive help menu accessible via the -h or --help flag.
• Provides clear guidance on script usage, available options, and functionalities.

Output Folder Specification:

• Added the ability to specify a custom output folder for scan results using the -o or --output flag.
• Enables better organization and management of scan outputs.

Prerequisite Checks:

• Automatically checks for required tools and installs missing ones:
  • nuclei, httpx, uro, katana, waybackurls, gauplus, and hakrawler.
• Ensures a seamless setup process for users.

Repository Cloning:

• Automatically clones necessary repositories (ParamSpider and nuclei-templates) if not already available.
• Simplifies setup for first-time users.

Error Handling and Input Validation:

• Validates input domains and URLs to prevent errors during the scanning process.
• Handles invalid or missing inputs gracefully with clear error messages.

Excluded Extensions:

• Predefined exclusions for file extensions like images, scripts, and fonts, ensuring irrelevant resources are skipped.

Enhancements:

Robust URL Collection:

• Integrates tools like ParamSpider, Waybackurls, Gauplus, Hakrawler, and Katana for comprehensive URL enumeration.
• Combines outputs and eliminates duplicates using uro for efficient processing.

Improved URL Validation:

• Introduced a validation step to filter out invalid URLs before initiating scans.
• Guarantees only actionable targets are processed.

Advanced Nuclei Integration:

• Runs nuclei templates on validated URLs, leveraging httpx to filter targets with specific HTTP status codes (e.g., 200, 204, 301).
• Outputs results to a designated file for easy reference.

User-Friendly Messaging:

• Added color-coded (red and green) status messages to improve readability and provide clear updates.
• Concise and informative messages ensure users are well-informed during the process.

Performance Optimizations:

• Enhanced script efficiency with sorting and deduplication of URLs.
• Streamlined processes to reduce runtime and resource usage.

Summary:

The NucleiFuzzer v2.4.0 introduces a highly user-friendly, robust, and efficient experience, providing comprehensive web vulnerability scanning with minimal manual intervention. It’s designed to simplify setup, enhance performance, and improve usability, making it an essential tool for cybersecurity professionals.

v2.0.1

What's Changed:

• Help Menu (-h or --help flag): The new script includes a help menu that can be accessed using the -h or --help flag. This provides users with a clear understanding of the script's usage, options, and functionalities.
• Output Folder Specification (-o or --output flag): The new script allows users to specify a custom output folder for scan results using the -o or --output flag. This enhances flexibility and organization for users who prefer to manage their scan outputs in a designated location.
• Error Handling and Input Validation: The new script incorporates error handling and input validation mechanisms. It checks for the presence of a domain or file input and ensures that collected URLs are valid before proceeding with the scanning process. This improves the script's robustness and prevents potential errors.
• Concise and Informative Messages: The new script employs color-coded messages (red and green) to highlight crucial information and enhance readability for users. Additionally, messages are more concise and informative, providing clear status updates throughout the scanning process.

Enhancements:

• Code Structure and Readability: The new script likely adheres to best practices for code structure and readability, making it easier for users to understand and potentially modify the script if needed.
• Potential Performance Optimizations: While the code snippets provided aren't exhaustive, the use of sort and uro for URL sorting and deduplication suggests potential performance optimizations compared to the older version.
• Overall, the new NucleiFuzzer script (v2.1.0) offers a more user-friendly, robust, and informative experience compared to the previous version (v1.0.3).

v1.0.3

What's Changed

• The -f (file) option is now working with multiple domains and removed unnecessary lines of code @0xKayala

v1.0.2

What's Changed

• Added the deduplication feature to remove the duplicate URLs from the output before passing them to the Nuclei tool by @0xKayala
• The Output for a single target and multiple targets will be saved in a separate file.
• Removed Unnecessary lines of code

v1.0.1

What's Changed

• Added multiple domains support with -f option by @0xKayala
• The Paramspider output of each domain is appended into a single file and passed to the Nuclei tool
• Make sure to follow the below syntax:
• nf -d example.com
• nf -f asset.txt