Vulny is a multi-tool web vulnerability scanner written in Go. It automates the process of running multiple open-source security tools to identify vulnerabilities in web applications and servers.
- Runs a suite of popular security tools (Nmap, WPScan, JoomScan, Droopescan, SSLScan, Amass, Nikto, Dalfox, WAFW00F, and more)
- Aggregates and summarizes vulnerability findings
- Generates detailed vulnerability and debug reports
- Supports skipping specific tools
- Update checker and self-updater
- Colorful, user-friendly CLI output
- Go 1.21 or higher
- External tools:
host,nmap,wpscan,joomscan,droopescan,sslscan,amass,nikto,dalfox,wafw00f - On Debian/Ubuntu, you can install dependencies using:
sudo apt install dnsutils nmap ruby-dev joomscan python3-pip sslscan amass nikto sudo gem install wpscan pip3 install droopescan # Install dalfox and wafw00f as needed
_
/\ /\_ _| |_ __ _ _
\ \ / / | | | | '_ \| | | |
\ V /| |_| | | | | | |_| |
\_/ \__,_|_|_| |_|\__, |
|___/
vulny [options]-target <url>: Target URL to scan (e.g., example.com)-skip <tools>: Comma-separated list of tools to skip (e.g., host,nmap)-update: Check for updates and update the tool-no-spinner: Disable loading spinner during scan-help: Show help message
vulny -target example.com
vulny -target example.com -skip host,nmap
vulny -update
vulny -help- Vulnerability and debug reports are generated in the current directory after each scan.
- Temporary files are cleaned up automatically.
To update Vulny to the latest version:
vulny -update