▗▄▖ ▗▖ ▗▖▗▄▄▄▖▗▄▖ ▗▄▖ ▗▄▄▖
▐▌ ▐▌▐▌ ▐▌ █ ▐▌ ▐▌▐▌ ▐▌▐▌ ▐▌
▐▛▀▜▌▐▌ ▐▌ █ ▐▌ ▐▌▐▛▀▜▌▐▛▀▚▖
▐▌ ▐▌▝▚▄▞▘ █ ▝▚▄▞▘▐▌ ▐▌▐▌ ▐▌
Features • Installation • Usage • Tools • Contributing
AutoAR is an advanced automation framework for bug bounty hunting and penetration testing. It combines powerful reconnaissance and vulnerability scanning tools into a streamlined workflow, making security testing more efficient and thorough.
-
🔍 Comprehensive Subdomain Enumeration
- Multiple sources and techniques
- Subdomain takeover checks
- Live subdomain filtering
-
🌐 URL Discovery & Analysis
- Endpoint crawling
- Parameter discovery
- JavaScript file analysis
-
🛡️ Vulnerability Scanning
- XSS Detection
- SQL Injection
- Nuclei Template Scanning
-
🔔 Real-time Notifications
- Discord integration
- Detailed scan progress
- Results reporting
- Clone the repository:
git clone https://github.com/h0tak88r/AutoAR.git
cd AutoAR
- Run the setup script:
chmod +x setup.sh
./setup.sh
- Make the main script executable:
chmod +x autoAr.sh
AutoAR depends on the following tools:
Tool | Purpose |
---|---|
subfinder | Subdomain discovery |
httpx | HTTP toolkit |
naabu | Port scanning |
nuclei | Vulnerability scanner |
ffuf | Web fuzzer |
kxss | XSS detection |
qsreplace | Query replacement |
paramx | Parameter discovery |
dalfox | XSS scanner |
urlfinder | URL discovery |
interlace | Process management |
./autoAr.sh -d example.com
./autoAr.sh -s subdomain.example.com
./autoAr.sh -d example.com \
--discord-webhook "YOUR_WEBHOOK_URL" \
--skip-port \
--skip-fuzzing \
-v
Option | Description |
---|---|
-d, --domain |
Target domain |
-s, --subdomain |
Single subdomain to scan |
-v, --verbose |
Enable verbose output |
--skip-port |
Skip port scanning |
--skip-fuzzing |
Skip fuzzing scans |
--skip-sqli |
Skip SQL injection scanning |
--skip-paramx |
Skip ParamX scanning |
--skip-dalfox |
Skip Dalfox XSS scanning |
--discord-webhook |
Discord webhook URL for notifications |
results/
└── domain.com/
├── subs/
│ ├── all-subs.txt
│ ├── apis-subs.txt
│ └── subfinder-subs.txt
├── urls/
│ ├── live.txt
│ └── all-urls.txt
├── vulnerabilities/
│ ├── xss/
│ ├── sqli/
│ ├── ssrf/
│ ├── ssti/
│ ├── lfi/
│ ├── rce/
│ └── idor/
├── fuzzing/
│ ├── ffufGet.txt
│ └── ffufPost.txt
└── ports/
└── ports.txt
-
Initial Reconnaissance
- Subdomain enumeration
- Live host detection
- Port scanning
-
Content Discovery
- URL crawling
- Directory fuzzing
- Parameter discovery
-
Vulnerability Assessment
- Active scanning
- Passive analysis
- Custom vulnerability checks
-
Reporting
- Organized results
- Discord notifications
- Detailed logs
Contributions are welcome! Here's how you can help:
- Fork the repository
- Create a new branch (
git checkout -b feature/improvement
) - Make your changes
- Commit your changes (
git commit -am 'Add new feature'
) - Push to the branch (
git push origin feature/improvement
) - Create a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
Created by h0tak88r
This tool is for educational purposes and authorized testing only. Users are responsible for obtaining proper authorization before scanning any systems.
Buy-me-coffee: https://Ko-fi.com/h0tak88r If you find AutoAR useful, please consider giving it a star ⭐ on GitHub!