AcuAutomate - Unofficial Acunetix CLI Tool For Automated Pentesting And Bug Hunting Across Large Scopes
AcuAutomate is an unofficial Acunetix CLI tool that simplifies automated pentesting and bug hunting across extensive targets. It's a valuable aid during large-scale pentests, enabling the easy launch or stoppage of multiple Acunetix scans simultaneously. Additionally, its versatile functionality seamlessly integrates into enumeration wrappers or one-liners, offering efficient control through its pipeline capabilities.
Installation
git clone https://github.com/danialhalo/AcuAutomate.gitcd AcuAutomatechmod +x AcuAutomate.pypip3 install -r requirements.txtConfiguration (config.json)
Before using AcuAutomate, you need to set up the configuration file config.json inside the AcuAutomate folder:
{ "url": "https://localhost", "port": 3443, "api_key": "API_KEY"}- The URL and PORT parameter is set to default acunetix settings, However this can be changed depending on acunetix configurations.
- Replace the API_KEY with your acunetix api key. The key can be obtained from user profiles at https://localhost:3443/#/profile
Usage
The help parameter (-h) can be used for accessing more detailed help for specific actions
__ _ ___ ____ ________ ______ ___ / /_(_) __ _____/ (_) / __ `/ ___/ / / / __ \/ _ \/ __/ / |/_/_____/ ___/ / / / /_/ / /__/ /_/ / / / / __/ /_/ /> </_____/ /__/ / / \__,_/\___/\__,_/_/ /_/\___/\__/_/_/|_| \___/_/_/ -: By Danial Halo :- usage: AcuAutomate.py [-h] {scan,stop} ...Launch or stop a scan using Acunetix APIpositional arguments: {scan,stop} Action to perform scan Launch a scan use scan -h stop Stop a scanoptions: -h, --help show this help message and exitScan Actions
For launching the scan you need to use the scan actions:
xubuntu:~/AcuAutomate$ ./AcuAutomate.py scan -h usage: AcuAutomate.py scan [-h] [-p] [-d DOMAIN] [-f FILE] [-t {full,high,weak,crawl,xss,sql}]options: -h, --help show this help message and exit -p, --pipe Read from pipe -d DOMAIN, --domain DOMAIN Domain to scan -f FILE, --file FILE File containing list of URLs to scan -t {full,high,weak,crawl,xss,sql}, --type {full,high,weak,crawl,xss,sql} High Risk Vulnerabilities Scan, Weak Password Scan, Crawl Only, XSS Scan, SQL Injection Scan, Full Scan (by default)Scanning Single Target
The domain can be provided with -d flag for single site scan:
./AcuAutomate.py scan -d https://www.google.comScanning Multiple Targets
For scanning multiple domains the domains need to be added into the file and then specify the file name with -f flag:
./AcuAutomate.py scan -f domains.txtPipeline
The AcuAutomate can also worked with the pipeline input with -p flag:
cat domain.txt | ./AcuAutomate.py scan -pThis is Great as it can enable the AcuAutomate to work with other tools. For example we can use the subfinder , httpx and then pipe the output to AcuAutomate for mass scanning with acunetix:
subfinder -silent -d google.com | httpx -silent | ./AcuAutomate.py scan -pscan type
The -t flag can be used to define the scan type. For example the following scan will only detect the SQL vulnerabilities:
./AcuAutomate.py scan -d https://www.google.com -t sqlNote
AcuAutomate only accept the domains with http:// or https://
Stop Action
The stop action can be used for stoping the scan either with -d flag for stoping scan by specifing the domain or with -a flage for stopping all running scans.
xubuntu:~/AcuAutomate$ ./AcuAutomate.py stop -h __ _ ___ ____ ________ ______ ___ / /_(_) __ _____/ (_) / __ `/ ___/ / / / __ \/ _ \/ __/ / |/_/_____/ ___/ / / / /_/ / /__/ /_/ / / / / __/ /_/ /> </_____/ /__/ / / \__,_/\___/\__,_/_/ /_/\___/\__/_/_/|_| \___/_/_/ -: By Danial Halo :- usage: AcuAutomate.py stop [-h] [-d DOMAIN] [-a]options: -h, --help show this help message and exit -d DOMAIN, --domain DOMAIN Domain of the scan to stop -a, --all Stop all Running ScansContact
Please submit any bugs, issues, questions, or feature requests under "Issues" or send them to me on Twitter. @DanialHalo
Via: www.kitploit.com
Reviewed by Zion3R
on
16:00
Rating:
