Currently, we have around 1200 lines of code in a single file which is probably not a good practice. Also, this will increase since we are going to continue to add more functions. So it would be good if we can move the functions out of the vault.py file and only keep it as an entry point and maybe perform basic checks on ip/url.

To call other functions we can have maybe a util directory where we can keep all the existing functions. This will increase the number of imports or number of files but it will definitely help us to keep everything clean in vault.py

We can use scrapy : https://scrapy.org/ to implement this.

We can extend all the features of Vault to generate a beautiful custom output, which can be in JSON or a simple text file.

Take the example of src/lib/others/info_gathering/finder/finding_comment.py and implement a similar e-mail finder.

Currently ip_start_range and ip_end_range in vault.py accepts any value, this gets passed to other modules, without proper validation this can break the code.
Suppose, IP is 192.168.0.1
The last part of IP is the range.
The following needs to be done :

• It should be an integer value.
• Start range should not be negative, i.e. > 0 and less than 255.
• End range should not be negative i.e > 0, greater than start range, and less than 255.
  Add anymore if necessary.

Currently port_scanner.py only prints the port found open, we can use a list of some common port name and their associated port number to enhance port scanner.

For eg. If Port -> 21 is found open, then apart from printing the port number, it can also check for most common names associated with that port, here print 'FTP'.

If the jQuery version is old then print the list of vulnerabilities that can be attacked.

Currently `src/payloads/xss_payloads.txt' contains insufficient payloads. We need to add more payloads.

Update the usage section of the README.md and add new updated screenshots, preferably GIFs demonstration of running Vault. Try using Recordit.

Currently pressing ctrl+c while scans are going on we get a big traceback.
It would be nice if we can handle that traceback and print something nice like Canceled by the user or something similar.

Read this to understand how to do it properly.

Implement a feature that would allow the user to generate a customized backdoor, that they can use in their own way.

Port Scanner uses Scapy to frame and send packets, running without root permission causes the failure of packet sending.
Take the example of def is_root() in src/lib/scanner/ip_scanner/arp_scanner.py and implement it in port_scanner.py.

In vault.py#L912 we are doing

 keyloggerObj = keylogger.Keylogger(interval=args.interval,

but instead it should be

 keyloggerObj = keylogger.keylogger(interval=args.interval,

Notice the lowercase k after = keylogger.

This is because the file name is utilities/keylogger

Currently Vault only supports XSS Scanning, we need to extend this support to SQLi, LFI, RFI.

Implement a MAC flood attack, use Scapy to implement this.

Instead of printing white text we can use beautiful combination of red and green to print error and success messages and so on.
Colorama would work great! :)

Currently, we are checking URL input for every type of option. It would be better if we can make sure that the user starts the vault.py with URL.

But we don't need URL for port scanning so the better solution for is to form a group between IP and URL input.
This will ensure that the user starts the tool with URL or IP given.

Implement a de-authentication attack, use Scapy to implement this.

The following features needs to be taken care of:

1. User can pass the interface name
2. If the interface name is valid then use airmon-ng to monitor & collect all the nearby available WiFi networks.
3. Start sending de-auth packets to the selected network.

There's a been a lot of refactoring, checking it again for PEP-8 issues would be a great idea.

Python nmap would be great to implement this.
https://pypi.org/project/python-nmap/

We need to make our code PEP-8 instructions based and add necessary documentation.

New usage options added to vault.py are currently not updated in README.md

This will Add cms detection feature to Vault.
It can detect all the popular CMS.

This feature will make vault to find open-redirect vulnerability.

User now need to run the scans individually, but we can implement a new feature which will allow the user to run the scans in one go:

A. python3 vault.py -u 'http://url.example.com' -all will perform

1. SSL Scan
2. XSS RFI LFI SQLi
3. Info gathering, comment finding, testing HTTP methods, Clickjacking
4. Fuzzing
5. Crawling

B. python3 vault.py -ip '10.0.2.15' -all will perform

1. IP Scanner
2. Port Scanner

Currently vault.py does not have a mechanism for validating whether the IP entered correct is not, and the value is passed to other modules without checking.

One idea is to use regex to check an IP.

flake8 testing of https://github.com/abhisharma404/vault_scanner on Python 3.7.1

$ flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics

./src/lib/website_scanner/xss/xss.py:29:9: F821 undefined name 'colors'
        colors.info('XSS Vulnerability Engine started...')
        ^
./src/lib/website_scanner/xss/scanner.py:29:21: F821 undefined name 'colors'
                    colors.error('No form found for : {}'.format(url))
                    ^
./src/lib/website_scanner/xss/scanner.py:43:17: F821 undefined name 'colors'
                colors.error('No form found for : {}'
                ^
./src/lib/website_scanner/xss/scanner.py:57:9: F821 undefined name 'colors'
        colors.info('Completed in {}'.format(t2-t1))
        ^
./src/lib/website_scanner/xss/scanner.py:76:17: F821 undefined name 'colors'
                colors.info('VULNERABILITY DETECTED!--> {}'
                ^
./src/lib/website_scanner/xss/scanner.py:78:17: F821 undefined name 'colors'
                colors.success('Link is : {} '.format(url))
                ^
./src/lib/website_scanner/xss/scanner.py:79:17: F821 undefined name 'colors'
                colors.info('Form Data')
                ^
./src/lib/website_scanner/xss/scanner.py:83:17: F821 undefined name 'colors'
                colors.success("OK , Payload : {} , URL : {}"
                ^
8     F821 undefined name 'colors'
8

Describe the bug
I try to beging a scan and it says: Please Check log file for information about any errors.

Screenshots

Desktop

• OS: Andrax
• Browser Chrome
• Version 2.0

Smartphone (please complete the following information):

• Device: Xiaomi redmi Note 6 Pro
• OS: MIUI 10.3.3
• Browser Chrome
• Version 10.3.3

Additional context
Add any other context about the problem here.

Instead of printing errors we can safely log them into a file.

We can beautify our README by adding some screenshots of the main program in action.

Implement a web crawler using Scrapy.

You can read about Scrapy here : https://scrapy.org/
Create a separate module for this, put it inside the src/lib/crawler folder and connect vault.py to it.

Currently user can pass URL as -u 'www.url...' in vault.py.
We do not modify or try to check the URL and the URL is straightly forwarded to other modules.

List of URLs passed by user that seem right but they result in error :

1. example.com
2. www.example.com

The correct form is:
http://www.example.com

We can implement an intelligence system that modifies the URL passed by the user accordingly.
This intelligence system is meant to be in the vault.py file itself.

The keylogger must log every key press, and send collected data over e-mail over a fixed time period by logging in through the provided credentials.

Later on, we will connect this keylogger with backdoor. Ask questions for any doubt.

Here is one I found, admin_panel payloads should be transferred to the payload folder and re-connected. Find any other if there is and make the changes.

We need to increase our code coverage, for initial we can start off by writing test cases for the following two simple functions :

1. check_url(url: str) in vault.py
2. check_ip(ip: str) in vault.py

This feature will help to find the admin panel of a website.

This will add Honeypot Detection feature in Vault.

Implement ping of death attack, use Scapy to implement this.