BCHackTool
š„ Professional Penetration Testing Framework v4.0 - Automated subdomain enumeration, vulnerability scanning with Nuclei, port scanning, and comprehensive HTML reports. Features parallel scanning, resume capability, and real-time progress tracking.
Install / Use
/learn @ByCh4n/BCHackToolREADME
<div align="center">
<img src="Pictures/logo.png" alt="BCHackTool Logo" width="600">
<br><br>
Professional Penetration Testing Framework v4.0
š Table of Contents
- Overview
- What's New in v4.0
- Features
- Installation
- Usage
- Scan Modes
- Pipeline Architecture
- Configuration
- Tools Integrated
- Output & Reports
- API Integration
- Notifications
- Troubleshooting
- Contributing
- License
šÆ Overview
BCHackTool is a comprehensive, professional-grade penetration testing framework designed for security researchers, bug bounty hunters, and penetration testers. Built with bash, it orchestrates multiple industry-standard security tools into a streamlined, automated workflow.
Key Highlights
- šØ Modern UI/UX - Emoji-rich interface with real-time vulnerability display
- š Parallel Scanning - 10x faster with concurrent tool execution
- šÆ Smart Targeting - Intelligent subdomain enumeration and service discovery
- š Deep Vulnerability Scanning - Live detailed findings with Nuclei (9000+ templates)
- š Professional Reports - Clean TXT reports with human-readable vulnerability findings
- ā” Resume Capability - Continue interrupted scans automatically
- š Notifications - Real-time alerts via Telegram/Discord/Slack
- š ļø Modular Architecture - Easy to extend and customize
š What's New in v4.0
Major Features
1. Modern UI/UX Design šØ
Emoji-rich interface with real-time vulnerability display and clean visual hierarchy!
Features:
- šÆ Emoji Navigation - Intuitive menu system with visual indicators
- š Real-time Vulnerability Display - Live detailed findings as Nuclei discovers them
- šØ Color-coded Severity - Instant visual feedback (š“ Critical, š High, š” Medium, š¢ Low, ā¹ļø Info)
- āØ Clean Spacing Design - No box-drawing characters for universal terminal compatibility
- š Clean TXT Reports - Human-readable vulnerability reports in current directory
- š Current Directory Output - All results saved in BCHackTool_Results/ folder
Live Vulnerability Display:
[ā¶] Starting vulnerability scan...
š“ [CRITICAL] CVE-2024-1234-RCE
āā Target: https://demo.xooi.com/api
š [HIGH] SQL Injection Found
āā Target: https://our.xooi.com/login
š” [MEDIUM] XSS Vulnerability Detected
āā Target: https://app.xooi.com/search
š¢ [LOW] Information Disclosure
āā Target: https://api.xooi.com/debug
ā¹ļø [INFO] Missing Security Headers
āā Target: https://www.xooi.com
2. Subdomain List Input Mode (Option 3) šÆ
Skip the reconnaissance phase entirely and jump straight to vulnerability scanning!
# Use pre-collected subdomains
sudo bash bchacktool.sh
> 3 # Subdomain List option
Enter subdomain list file path: /path/to/subdomains.txt
Mode> ALL
Benefits:
- ā±ļø Save 30-50% scan time
- š Integrate with external recon tools
- šÆ Test specific subdomains only
- š Use results from previous scans
File Format:
example.com
www.example.com
api.example.com
mail.example.com
3. Full Nuclei Severity Scanning š
Now scans ALL severity levels instead of just medium+
Before v4.0:
- ā Info level: Filtered
- ā Low level: Filtered
- ā Medium: Included
- ā High: Included
- ā Critical: Included
v4.0:
- ā Info: Version disclosure, tech stack detection
- ā Low: Weak headers, minor misconfigurations
- ā Medium: CSRF, open redirects
- ā High: SQL injection, XSS
- ā Critical: RCE, authentication bypass
Impact:
- š 3-5x more findings
- šÆ Complete security picture
- š Better compliance reporting
3. Real-time Vulnerability Display š
Live detailed findings as vulnerabilities are discovered
[ā¶] Starting vulnerability scan...
š“ [CRITICAL] CVE-2024-1234-RCE
āā Target: https://api.example.com/admin
š [HIGH] SQL Injection - Authentication Bypass
āā Target: https://login.example.com
š” [MEDIUM] Cross-Site Scripting (XSS)
āā Target: https://search.example.com?q=test
Features:
- Instant vulnerability notifications as they're found
- Detailed template identification
- Exact target URLs for each finding
- Color-coded severity for quick assessment
- No waiting for scan completion to see results
Improvements from v3.1
- ā Parallel scanning with up to 10 concurrent jobs
- ā Checkpoint system for resume capability
- ā Enhanced error handling and retry logic
- ā JSON structured output for all tools
- ā Clean TXT reports with parsed vulnerability data
- ā API key integration (Shodan, VirusTotal, etc.)
- ā Multi-platform notification support
- ā Detailed logging system
āØ Features
š Reconnaissance
- 7 Parallel Subdomain Enumeration Tools
- Subfinder (Passive OSINT)
- Assetfinder (Web scraping)
- Findomain (Multi-source API)
- Wayback Machine (Archive.org)
- GAU (GetAllUrls)
- Crt.sh (Certificate logs)
- Anubis (Passive DNS)
š Port Scanning
- Fast SYN scanning with Naabu
- Top 1000 ports by default
- CDN exclusion for accurate results
- Rate limiting (300 req/sec - stealth mode)
š Web Probing
- HTTP/HTTPS service detection
- Technology stack identification
- Status code validation
- Title extraction
- Redirect following
šÆ Vulnerability Scanning
- Template-based detection with Nuclei v3.6+
- 9000+ vulnerability templates (updated automatically)
- CVE database integration
- Custom template support
- All severity levels (info to critical)
- Real-time detailed vulnerability display
- Live findings as they're discovered
š Reporting
- Clean TXT reports with:
- Vulnerability breakdown by severity
- Subdomain discovery results
- Live service inventory
- Human-readable format
- JSON output for automation
- JSONL format for streaming
- All results saved in current directory (BCHackTool_Results/)
š Notifications
- Telegram bot integration
- Discord webhook support
- Slack webhook support
- Scan completion alerts
- Error notifications
ā” Performance
- Parallel tool execution (10 concurrent jobs)
- Optimized vulnerability counting (80% faster)
- Timeout management
- Resource optimization
- Stealth mode rate limiting (300 req/sec)
- Clean, efficient output (no overhead)
š ļø Advanced Features
- Resume interrupted scans
- Checkpoint system
- API key management
- Automatic tool updates
- Template auto-updates
- Comprehensive logging
š¦ Installation
Prerequisites
- Operating System: Linux (Ubuntu 20.04+, Debian 10+, Kali Linux)
- Root Access: Required for some tools
- Internet Connection: For tool installation and updates
Quick Install
# Download
git clone https://github.com/ByCh4n/BCHackTool.git
cd BCHackTool
# Run (auto-installs dependencies)
sudo bash bchacktool.sh
Manual Installation
# 1. Install system dependencies
sudo apt-get update
sudo apt-get install -y git curl jq python3 perl unzip pv gcc make libpcap-dev
# 2. Install Go (if not present)
wget https://go.dev/dl/go1.22.0.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.22.0.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
# 3. Run BCHackTool
sudo bash bchacktool.sh
# Tools will be installed automatically on first run
Installed Tools
The script automatically installs:
Go-based tools:
- subfinder
- naabu
- httpx
- nuclei
- notify
- assetfinder
- waybackurls
- gau
Binary tools:
- findomain
š Usage
<div align="center"> <img src="Pictures/ToolScreenShot.png" alt="BCHackTool Main Menu" width="500"> <br> <em>BCHackTool Main Menu Interface</em> </div> <br>Basic Usage
# Start BCHackTool
sudo bash bchacktool.sh
# Select scan type from menu
1. Single Domain Scan # Scan one domain
2. Multiple Domains # Scan domains from file
3. Subdomain List # Use pre-collected subdomains (NEW!)
4. Configure API Keys # Setup API integrations
5. Setup Notifications # Configure alerts
6. View Previous Scans # Browse scan history
T. Update Nuclei Templates # Update vulnerability templates
U. Update All Tools # Update all tools to latest
H. Help & Wiki # Detailed documentation
L. View Logs # Check error logs
0. Exit # Close tool
Example Workflows
1. Single Domain Scan (Full Pipeline)
sudo bash bchacktool.sh
> 1 # Single Domain Scan
Enter target domain: example.com
Mode> ALL # Comprehensive scan
# Output:
# ā 247 subdomains discovered
# ā 89 open ports found
# ā 34 live web services
# ā 12 vulnerabilities detected
# Report: BCHackTool_Results/example_com_20260108_123456/vulnerabilities.txt
2. Multiple Domains
# Create domains.txt
echo "example.com" > domains.txt
echo "test.com" >> domains.txt
sudo bash bchacktool.sh
> 2 # Multiple Domains
Enter file path: /path/to/domains.txt
Mode> A # Web scan only
3. Subdomain List (Skip Recon) - NEW!
# Already have subdomains from external tool
cat subdomains.txt
# example.com
# www.example.com
# api.example.com
sudo bash bchacktool.sh
> 3 # Subdomain List
Enter subdomain list file path: /path/to/subdomains.txt
Mode> ALL
# Skips reconnaissance phase
# Starts directly with port scanning
4. Resume Interrupted Scan
# If scan is interrupted (Ctrl+C or netw
Related Skills
imsg
341.0kiMessage/SMS CLI for listing chats, history, and sending messages via Messages.app.
node-connect
341.0kDiagnose OpenClaw node connection and pairing failures for Android, iOS, and macOS companion apps
oracle
341.0kBest practices for using the oracle CLI (prompt + file bundling, engines, sessions, and file attachment patterns).
lobster
341.0kLobster Lobster executes multi-step workflows with approval checkpoints. Use it when: - User wants a repeatable automation (triage, monitor, sync) - Actions need human approval before executing (s
