discovery

Discovery - Web Application Security Assessment Tool

A comprehensive Go-based automation tool that runs all discovery tools and generates an interactive HTML dashboard.

Features

• Fully Automated: Runs all discovery tools with one command
• Progress Tracking: Shows which tool is running and completion status
• Comprehensive Coverage: Port scanning, directory enumeration, web crawling, vulnerability scanning
• Interactive Dashboard: Beautiful HTML dashboard with searchable results
• Organized Output: Timestamped results directory with all tool outputs
• Security Focused: Built specifically for security professionals and penetration testers

Prerequisites

Make sure you have the following tools installed:

• semgrep - Static analysis tool
• sslscan - SSL/TLS scanning
• trufflehog - Secret detection
• nuclei - Web vulnerability scanning
• whatweb - Technology stack detection

Installation

Quick Install (Go >= 1.21)

go install github.com/fractalized-cyber/discovery@latest

The binary will be installed to your GOPATH/bin (e.g., ~/go/bin/discovery). Ensure that directory is in your PATH.

Option 1: Clone and Build

# Clone the repository
git clone https://github.com/fractalized-cyber/discovery.git
cd discovery

# Build the binary
go build -o discovery main.go

# Make it executable (Linux/macOS)
chmod +x discovery

Option 2: Install Dependencies First

1. Install Go (if not already installed):

   # macOS
   brew install go
   
   # Linux
   sudo apt install golang-go
   

2. Install required security tools:

   # macOS
   brew install nmap ffuf katana nuclei whatweb
   
   # Linux (Ubuntu/Debian)
   sudo apt install nmap ffuf
   # Note: katana, nuclei, and whatweb may need manual installation
   

3. Build the project:

   go mod tidy
   go build -o discovery main.go
   

Usage

Basic Usage

# Using the built binary
./discovery <target_domain>

# Or using go run
go run main.go <target_domain>

Examples

# Scan a domain
./discovery example.com

# Scan an IP address
./discovery 192.168.1.1

# Scan a subdomain
./discovery api.example.com

# Scan with verbose output
./discovery -v example.com

Command Line Options

./discovery -h
# Shows help and available options

What Gets Discovered

The automation tool runs the following discovery techniques:

1. Port Scanning

   • Top TCP port scan

2. Web Application Discovery

   • Directory and file enumeration
   • Web application crawling with JavaScript support

3. Technology Stack

   • Web server identification
   • Framework detection
   • Technology fingerprinting

4. Security Assessment

   • Comprehensive vulnerability scanning with Nuclei
   • Information disclosure checks
   • HTTP security headers analysis

Dashboard

After completion, an interactive HTML dashboard is generated with:

• Overview Tab: Executive summary and key metrics
• Network Tab: Port scan results and discovered services
• Web Tab: Directory enumeration and crawling results
• Technology Tab: Technology stack and infrastructure
• Security Tab: Vulnerability scan results
• Raw Data Tab: Complete tool outputs
• Search Functionality: Search across all results

Output Structure

discovery_results_target_timestamp/
├── nmap_full_scan.txt          # Full port scan results
├── nmap_web_services.txt       # Web service enumeration
├── nmap_ssl_tls.txt           # SSL/TLS analysis
├── ffuf_dirs.txt              # Directory enumeration
├── ffuf_subdomains.txt        # Subdomain discovery
├── katana_crawl.txt           # Web crawling results
├── nuclei_scan.txt            # Vulnerability scan
├── whatweb_tech.txt           # Technology detection
├── manual_checks.txt          # HTTP headers analysis
└── dashboard/
    └── discovery_dashboard.html  # Interactive dashboard

Performance

• Concurrent Execution: Tools run sequentially to avoid overwhelming the target
• Progress Tracking: Real-time status updates for each tool
• Error Handling: Graceful handling of missing tools or failed scans
• Resource Management: Efficient file handling and memory usage

Requirements

• Go 1.21 or later
• All discovery tools must be in your PATH
• Sufficient disk space for results (typically 10-100MB)
• Network access to the target

Important Notes

• Authorization Required: Only use on targets you have permission to test
• Resource Usage: Some scans (especially full port scans) can be resource-intensive
• Network Impact: Be mindful of network bandwidth and target system load
• Legal Compliance: Ensure compliance with local laws and regulations

Troubleshooting

Common Issues

1. Tool Not Found: Ensure all required tools are installed and in your PATH
2. Permission Denied: Some tools may require sudo/root privileges
3. Network Issues: Check firewall settings and network connectivity
4. Disk Space: Ensure sufficient disk space for results

Getting Help

• Check that all tools are properly installed
• Verify network connectivity to the target
• Review tool-specific error messages
• Ensure sufficient system resources

Development

Building from Source

git clone https://github.com/fractalized-cyber/discovery.git
cd discovery
go mod tidy
go build -o discovery main.go

Running Tests

go test ./...

Contributing

Contributions are welcome! Please feel free to submit a Pull Request. For major changes, please open an issue first to discuss what you would like to change.

Development Setup

1. Fork the repository
2. Create your feature branch (git checkout -b feature/amazing-feature)
3. Commit your changes (git commit -m 'Add some amazing feature')
4. Push to the branch (git push origin feature/amazing-feature)
5. Open a Pull Request

License

This project is licensed under the MIT License - see the LICENSE file for details.

Disclaimer

This tool is designed for authorized security testing and research purposes only. Users are responsible for ensuring they have proper authorization before testing any systems. The authors are not responsible for any misuse of this tool.

Happy Discovery!