SKULLR is a fully automated wrapper around FFUF designed to enhance web content discovery. It includes automatic installation, protocol detection, wordlist management, false-positive checks, structured reporting, and subdomain discovery—all in one command.
Made by URDev.
- One-command installer (
./skullr.sh install) - Global command (
skullr <target>) - Automatic HTTP/HTTPS detection
- Status code detection (200/301/302)
- False-positive validation
- Local SecLists integration
- Cleaned and optimized wordlists
- Directory, file, and extension fuzzing
- Subdomain discovery
- Organized report structure per scan
- Custom User-Agent
- ASCII skull banner because style matters
git clone https://github.com/URDev4ever/Skullr.git
chmod +x skullr.sh
./skullr.sh installThis will:
- Remove old installations
- Install or verify dependencies (ffuf, SecLists)
- Create the global command
skullrin/usr/local/bin - Copy the main script into the system
- Make everything executable
After this, you can run SKULLR from anywhere.
skullr example.comskullr https://target.com
skullr http://target.comskullrEvery scan creates its own timestamped directory:
~/scans/<target>_<timestamp>/
│
├── results/ # FFUF output files
├── wordlists/ # Cleaned copies of required lists
├── logs/ # Curl logs, copy logs, protocol detection
└── temp/ # Temp runtime data
This ensures organized storage and easy review of multiple targets.
SKULLR first tries:
https://target/http://target/
It selects whichever responds with a valid 2xx/3xx code.
It sends several random requests to detect wildcard responses (200 on non-existent paths).
If detected, SKULLR warns you before fuzzing.
For each essential SecLists file:
- Comments removed
- Empty lines removed
- Length capped for performance
- Licensing noise removed (DirBuster lists)
If a wordlist does not exist locally, SKULLR creates a minimal replacement.
Uses SecLists' subdomains-top1million-110000.txt,
or falls back to a built-in minimal list.
Directory fuzzing, file fuzzing, extension fuzzing, and more.
Results go into results/.
- bash
- ffuf (installed automatically on apt/pacman/brew systems)
- curl
- SecLists (auto-installed on apt)
Works on:
- Debian / Ubuntu / Kali
- Arch / Manjaro
- macOS
- Termux (manual SecLists required)
skullr testphp.vulnweb.comCreates:
~/scans/testphp.vulnweb_com_20250101_153300/
With all wordlists, logs, and results organized automatically.
- Root privileges are required only for installation (writes to
/usr/local/bin). - Scanning without authorization is illegal. Use SKULLR only on systems you own or have explicit permission to test.
- Scan 3/5 it's a MASSIVE scan, consider it will take a long time to test.
- SKULLR is tested primarily on Linux. macOS fully supported. Termux: use with adjusted paths.
made with <3 by URDev