# Web Directory Vuln Scanner (Kali Linux)

A practical tool to **automate web directory enumeration, HTTP status analysis, technology fingerprinting, and visualization** for pentesting practice on Kali Linux.

---

## ✨ Features

✅ Enumerates web directories using `gobuster`.  
✅ Fetches HTTP status codes, titles, and server banners for each path using `curl`.  
✅ Uses `whatweb` for technology fingerprinting.  
✅ Generates structured CSV reports for analysis.  
✅ Automatically creates a visual `.png` graph summarizing HTTP status codes.  
✅ Helps organize your pentesting workflow for HTB, TryHackMe, or personal labs.

---

## 🚩 Requirements

- **Kali Linux** or any Linux with:
  - `bash`
  - `gobuster`
  - `curl`
  - `whatweb`
  - `python3`
  - Python libraries: `pandas`, `matplotlib`

**Install dependencies:**
```bash
sudo apt update
sudo apt install gobuster curl whatweb python3-pandas python3-matplotlib -y
```

---

## 📦 Installation

Clone the repository:
```bash
git clone https://github.com/Fantaaad/Web-Directory-Vuln-Scanner.git
cd Web-Directory-Vuln-Scanner
chmod +x web_scan.sh
chmod +x generate_web_graph.py
```

---

## 🚀 Usage

Run:
```bash
./web_scan.sh <URL> <WORDLIST>
```

**Example:**
```bash
./web_scan.sh http://10.10.10.10 /usr/share/wordlists/dirb/common.txt
```

This will:
✅ Enumerate directories on the target URL.  
✅ Collect HTTP status codes, server banners, and page titles.  
✅ Run `whatweb` for fingerprinting.  
✅ Save results in a structured CSV.  
✅ Generate a PNG graph summarizing HTTP status codes.

---

## 🖼️ Viewing the Graph

Open the generated PNG file to visualize HTTP status code distribution:
```bash
xdg-open web_scan_<target>.png
```

---

## 🗂️ Folder Structure

- `web_scan.sh`: Main scanner script.
- `generate_web_graph.py`: Visualization script.
- `web_scan_<target>.csv`: CSV report.
- `web_scan_<target>.png`: Graph summarizing HTTP status codes.
- `whatweb_<target>.txt`: Technology fingerprinting report.

---

## 📜 License

MIT License.

---

## 🤝 Contributing

This tool is for **personal pentesting workflow structuring, training, and organized practice**. Feel free to fork, adapt, and improve it for your labs and learning workflow.

---

🚀 **Streamline your pentesting practice on Kali Linux while building your structured portfolio for HTB, TryHackMe, and real-world web assessments.**