create a target list or select one target, scans then exploits, done!
Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells



LFI Scanners > Coming soon
XSS Scanners > Working
SQLI injection scanners > Working
Domain Scanner > Using hackerone API/finds subdoamins
CMS detector > Working
Server detector > Working
Common vulnerable files Scanner > Working
Directory Spider/Scanner > Working
Dorker > Working/Uses Googles search engine/ auto exploits
Autodorker > Working takes a list full of dorks (Dont recommend using)
Vulnscan > Scans one target
Vulnauto > Scans a list of target's
WordPress version detectors
WordPress theme detectors
WordPress user detectors
Over 50 upload wordpress plugin exploits
Over 40 LFI wordpress plugins exploits
Over 20 upload joomla exploits
Over 30 LFI joomla exploits
Complexx cms detection
Alot more o just have no time to write it all down

git clone
pip3 install -r requirements.txt


Credits to Nano => Creator
Credits to VulnX Github Project, used CMS detector
Credits to hellsec => idk hes just cool boyo


also version of python is 3.8
if u get any error for bs4, or googlesearch run these commands

pip install bs4
pip install html5lib
pip install lxml
pip install google


Well really there was one reason into making this

I wanted it to be a a vulnerability scanner with the latest a greatest

exploits, mass endpoint scanners & exploiters, why? U may ask is because scanners/exploiters like this are costly because skids like to make a extra buck

I wanted this to be a free tool like xattacker 3.0 anyone could use to pentest there site, this project i will never give up on and i will continue working on it,

everyday il try to push a update or update the src and then il push it to github at the end of the week, requiring u to update.
thanks for using vullnr have a nice day!