Welcome to the script_collect wiki!

Version: v1.0.1

Authors: Mohamed Ashraf & Ali Emara

Th3 Collect0r is a versatile security scanning tool designed to help security professionals and researchers scan a list of domains for potential vulnerabilities using various scanning techniques and custom Nuclei templates. The tool automates the process of running multiple scanning tools, consolidates the results, and generates an organized HTML report for comprehensive analysis. Th3 Collect0r supports parallel processing to expedite the scanning process and offers customizable options to adapt to your specific scanning needs.

To utilize Th3 Collect0r effectively, follow the instructions below:

1. Clone the repository and navigate to the tool's directory:

   git clone https://github.com/username/th3-collect0r.git
   cd th3-collect0r

2. Ensure that you have the necessary external tools (e.g., waybackurls, gau, katana, hakrawler, and nuclei) installed and accessible in your system's PATH.

3. Run the tool with the desired options to initiate scanning:

   go run th3collect0r.go -f FILE_PATH [OPTIONS]

   Example:

   go run th3collect0r.go -f domains.txt -p 4 -nf "-t cves.yaml" -t1 custom-template1.yaml -t2 custom-template2.yaml

• -f FILE_PATH: Specifies the path to the file containing a list of domains to be scanned.
• -p PARALLEL: Sets the number of parallel processes to execute using GNU Parallel. Default: 4.
• -nf FLAGS: Provides the ability to apply custom Nuclei flags for all scans.
• -t TEMPLATE: Specifies the custom Nuclei template for the first scan. Default: /fuzzing-templates/lfi.
• -t TEMPLATE: Specifies the custom Nuclei template for the second scan. Default: /fuzzing-templates/xss/reflected-xss.yaml.
• -t TEMPLATE: Specifies the custom Nuclei template for the third scan. Default: /fuzzing-templates/sqli/error-based.yaml.
• -t TEMPLATE: Specifies the custom Nuclei template for the fourth scan. Default: /fuzzing-templates/redirect.
• -t TEMPLATE: Specifies the custom Nuclei template for the fifth scan. Default: /fuzzing-templates/ssrf.
• -tp TEMPLATES_PATH: Specifies the path to the directory containing custom Nuclei templates. Default: /fuzzing-templates/.
• -h, --help: Displays detailed usage information, including available options and their descriptions.

1. Run Th3 Collect0r with a list of domains from a file and perform Nuclei scans using default templates:

   go run th3collect0r.go -f domains.txt

2. Run Th3 Collect0r with a list of domains from a file, using custom Nuclei flags, and specifying custom templates:

   go run th3collect0r.go -f domains.txt -p 8 -nf "-t cves.yaml" -t1 custom-template1.yaml -t2 custom-template2.yaml

3. Run Th3 Collect0r for a single domain and perform Nuclei scans using default templates:

   go run th3collect0r.go -d example.com

4. Generate an HTML report for a list of domains using the default templates:

   go run th3collect0r.go -f domains.txt -tp custom-templates/ -p 6

5. Display detailed usage information:

   go run th3collect0r.go -h

• Automatic URL Collection: Th3 Collect0r gathers URLs from various sources using external tools such as waybackurls, gau, katana, and hakrawler, facilitating a comprehensive scanning scope.

• Customizable Nuclei Scans: The tool allows you to run Nuclei scans with customized templates and flags, enabling tailored vulnerability assessment.

• Parallel Processing: Th3 Collect0r supports parallel processing, enhancing scanning efficiency by executing multiple tasks concurrently.

• Detailed HTML Report: The tool generates a structured HTML report for each domain and template combination, offering a clear overview of the scan results.

• Ensure that you have obtained proper authorization before conducting security scans on any target domains.
• Th3 Collect0r provides flexibility for customization and expansion. You can modify existing templates and create new ones within the fuzzing-templates directory.

Th3 Collect0r is the result of collaborative efforts by Mohamed Ashraf and Ali Emara. We appreciate the ongoing support and contributions from the security community to enhance the tool's capabilities.

Disclaimer: Always use Th3 Collect0r responsibly and in compliance with applicable laws and regulations. The authors of Th3 Collect0r are not liable for any misuse or damage resulting from the tool's usage. Prior authorization is essential before conducting security scans on any target.

For more information and updates, visit the official repository: https://github.com/hithmast/script_collect