I have created an enhanced Bash script that combines and expands the previous RouterVulnScan.sh and WebVulnScan.sh into a comprehensive, all-in-one penetration testing script for network and web vulnerability scanning, with a focus on router vulnerabilities and web interfaces. The script integrates additional tools (Gobuster for directory brute-forcing and OpenVAS for broader vulnerability scanning) and includes a manual verification step to guide testers in confirming findings. This script is designed for ethical and authorized use only on networks or devices you have explicit permission to test. Unauthorized scanning or exploitation is illegal and unethical.AssumptionsYou have permission to scan the target network or device.

The following tools are installed and accessible in your PATH:

Nmap (https://nmap.org/) for network discovery and port scanning.

Metasploit Framework (https://www.metasploit.com/) for vulnerability exploitation.

RouterSploit (https://github.com/threat9/routersploit) for router-specific exploits.

Nikto (https://github.com/sullo/nikto) for web server vulnerability scanning.

Wapiti (https://wapiti-scanner.github.io/) for web application vulnerability scanning.

Gobuster (https://github.com/OJ/gobuster) for directory and file brute-forcing.

OpenVAS (https://www.openvas.org/) for comprehensive vulnerability scanning.

The script runs on a Linux-based system (e.g., Kali Linux, Ubuntu).

You have sufficient privileges (e.g., run with sudo for Nmap, Metasploit, and OpenVAS).

Python 3, Perl, and required dependencies are installed.

A wordlist for Gobuster (e.g., /usr/share/wordlists/dirb/common.txt) is available.

Manual Verification:

The manual_verification function provides actionable steps for confirming findings, including:Accessing router admin panels to test credentials and firmware versions.

Researching CVEs for exploit details.

Testing XSS/SQLi payloads from Wapiti results.

Investigating directories/files found by Gobuster.

General advice for using tools like curl or Burp Suite for deeper analysis.

Recommendations are logged to guide testers in validating automated findings.

Improved Scanning:

Nmap: Combines host discovery (-sn) and detailed service scanning with vulnerability scripts.

Metasploit: Added dlink_dir850l_rce exploit module for broader coverage.

RouterSploit: Uses autopwn for automated router exploit checks.

Nikto: Scans for web server misconfigurations and vulnerabilities.

Wapiti: Targets XSS, SQL injection, and command execution.

Gobuster: Uses a wordlist to find hidden directories/files.

OpenVAS: Provides a broad vulnerability scan, though it requires a running OpenVAS server.

How to Use

Prerequisites:

Nmap: sudo apt install nmap

Metasploit: Follow https://www.metasploit.com/, initialize database (msfdb init).

RouterSploit: Clone https://github.com/threat9/routersploit, install dependencies (pip install -r requirements.txt).

Nikto: sudo apt install nikto

Wapiti: pip install wapiti3

Gobuster: sudo apt install gobuster

OpenVAS: Follow https://www.openvas.org/, set up server (openvas-setup).

Ensure Python 3, Perl, and a wordlist (e.g., /usr/share/wordlists/dirb/common.txt) are available.

Run with sudo for Nmap, Metasploit, and OpenVAS.

Obtain explicit permission to scan the target.

Running the Script:Save as AllInOnePenTest.sh and make executable:bash

chmod +x AllInOnePenTest.sh

Run with a target (IP or range):bash

sudo ./AllInOnePenTest.sh -t 192.168.1.0/24

orbash

sudo ./AllInOnePenTest.sh -t 192.168.1.1 -o custom_output -l /path/to/wordlist.txt

Results are saved to a timestamped directory (e.g., PenTest_20250707_233045).

What the Script Does:

Nmap: Discovers live hosts, identifies routers, and scans for vulnerabilities (e.g., default credentials, CVEs).

Metasploit: Tests router-specific exploits and vulnerabilities.

RouterSploit: Runs automated router exploit checks.

Nikto: Scans web servers for misconfigurations and known vulnerabilities.

Wapiti: Tests for web application vulnerabilities (XSS, SQLi, etc.).

Gobuster: Brute-forces directories and files on web servers.

OpenVAS: Performs comprehensive vulnerability scans.

Manual Verification: Provides steps to confirm findings manually.

Logs results to scan_log.txt and generates tool-specific outputs (e.g., Nmap XML, Wapiti HTML).

Example Output

[2025-07-07 23:30:45] Starting Nmap scan on 192.168.1.0/24...

[2025-07-07 23:30:50] Found 5 live hosts.

[2025-07-07 23:30:51] Analyzing 192.168.1.1...

[2025-07-07 23:30:55] Device at 192.168.1.1 appears to be a router (based on HTTP title).

[2025-07-07 23:30:55] Open ports on 192.168.1.1: 80 443

[2025-07-07 23:30:55] Potential default credentials found on 192.168.1.1: admin:admin

[2025-07-07 23:30:55] Potential CVEs found on 192.168.1.1: CVE-2018-13379

[2025-07-07 23:30:55] Warning: Telnet is open on 192.168.1.1. This is insecure and should be disabled.

[2025-07-07 23:31:00] Running Metasploit scan on 192.168.1.1...

[2025-07-07 23:31:10] Metasploit found potential vulnerabilities on 192.168.1.1. See PenTest_20250707_233045/metasploit_192.168.1.1.txt for details.

[2025-07-07 23:31:10] [+] D-Link DIR-615H information disclosure detected.

[2025-07-07 23:31:15] Running RouterSploit scan on 192.168.1.1...

[2025-07-07 23:31:20] RouterSploit found potential vulnerabilities on 192.168.1.1. See PenTest_20250707_233045/routersploit_192.168.1.1.txt for details.

[2025-07-07 23:31:20] [+] Exploit: D-Link DIR-615H default credentials (admin:admin) successful.

[2025-07-07 23:31:25] Running OpenVAS scan on 192.168.1.1...

[2025-07-07 23:31:35] OpenVAS found potential vulnerabilities on 192.168.1.1. See PenTest_20250707_233045/openvas_192.168.1.1.xml for details.

[2025-07-07 23:31:40] Analyzing web server at 192.168.1.1:80 (http)

[2025-07-07 23:31:40] Device at 192.168.1.1:80 appears to be a router (based on HTTP title: D-Link Web Management).

[2025-07-07 23:31:45] Running Nikto scan on 192.168.1.1:80 (http)...

[2025-07-07 23:31:50] Nikto found potential vulnerabilities on 192.168.1.1:80. See PenTest_20250707_233045/nikto_192.168.1.1_80.txt for details.

[2025-07-07 23:31:50] + OSVDB-12345: Default credentials (admin:admin) detected.

[2025-07-07 23:31:55] Running Wapiti scan on 192.168.1.1:80 (http)...

[2025-07-07 23:32:05] Wapiti found potential vulnerabilities on 192.168.1.1:80. See PenTest_20250707_233045/wapiti_192.168.1.1_80.html for details.

[2025-07-07 23:32:05] Vulnerability found: XSS in /login.php?input=...

[2025-07-07 23:32:10] Running Gobuster scan on 192.168.1.1:80 (http)...

[2025-07-07 23:32:15] Gobuster found directories/files on 192.168.1.1:80. See PenTest_20250707_233045/gobuster_192.168.1.1_80.txt for details.

[2025-07-07 23:32:15] /admin (Status: 200)

[2025-07-07 23:32:15] Manual verification steps for 192.168.1.1:80 (http)...

[2025-07-07 23:32:15] Recommendation: Access http://192.168.1.1:80 in a browser to verify if it's a router admin panel.

[2025-07-07 23:32:15] - Test common credentials (e.g., admin:admin, admin:password, root:root).

[2025-07-07 23:32:15] - Check for firmware version in the admin interface and compare with known vulnerable versions.

[2025-07-07 23:32:15] Recommendation: Verify default credentials (admin:admin) on http://192.168.1.1:80/login.

[2025-07-07 23:32:15] Recommendation: Research CVEs (CVE-2018-13379) for exploit details and test manually (e.g., using curl or Metasploit).

[2025-07-07 23:32:15] Recommendation: Manually test for XSS/SQLi on http://192.168.1.1:80 using payloads from PenTest_20250707_233045/wapiti_192.168.1.1_80.html.

[2025-07-07 23:32:15] Recommendation: Investigate directories/files in PenTest_20250707_233045/gobuster_192.168.1.1_80.txt using a browser or curl.

[2025-07-07 23:32:20] Scan completed. Results saved to PenTest_20250707_233045.

Important Notes

Legal and Ethical Use: Unauthorized scanning or exploitation violates laws (e.g., CFAA in the U.S.). Only scan targets you are authorized to test.

Tool Setup:Ensure Metasploit's database is initialized (msfdb init).

RouterSploit requires Python 3 and dependencies (pip install -r requirements.txt).

OpenVAS requires a running server; configure with openvas-setup and ensure openvas command is accessible.

Update tool paths with -n, -m, -s, -k, -w, -g, -v if needed.

Ensure the wordlist for Gobuster exists.

Limitations:

OpenVAS scans are resource-intensive and require a properly configured server.

False positives/negatives are possible, especially for non-standard routers or web apps.

Manual verification is critical for confirming automated findings.

Customization:

Add more Metasploit modules (e.g., exploit/multi/http/tplink_wdr7400_rce) for specific routers.

Extend RouterSploit with additional modules (e.g., exploits/routers/tplink/wdr7400_rce).

Adjust Gobuster options (e.g., -x php,html for file extensions).

Expand Wapiti modules (e.g., --module all).

Add Nmap scripts for other CVEs.

Next Steps

Manual Verification:

Follow the logged recommendations to test credentials, CVEs, and web vulnerabilities using tools like curl, Burp Suite, or a browser.

Expand Tools: Integrate tools like sqlmap for deeper SQL injection testing or OWASP ZAP for web app analysis.

Secure Output: Store the output directory securely, as it contains sensitive information.

Update Tools: Regularly update all tools to ensure the latest vulnerability databases.

*** I have since added several of my day to day pentest scripts creating an easy to clone git. ***

ALL plain text files (.txt) are Ducky Script or some sort of variation.

MOST PowerShell scripts are compiled from other sources.

Also there are GitLab Snippets: https://gitlab.com/dashboard/snippets (mainly for personal use)