BoxScanner is a basic Bash script that automates common Hack The Box reconnaissance tasks. It scans for open ports and vulnerabilities, enumerates web directories and subdomains, and organizes the output neatly into structured folders, including a notes file for your personal observations.
The script performs the following steps:
- Checks if the target is online.
- Runs Nmap to detect open ports and potential vulnerabilities.
- Uses Gobuster to find web directories and subdomains.
- Automatically adds unresolved hostnames to /etc/hosts.
- Creates a structured output folder: nmap/ → Full Nmap scans and neatly formatted results gobuster/ → DNS and web enumeration results. notes.txt → empty file for jotting down personal notes.
Make sure you have the following installed:
- Bash
- Nmap (sudo apt install nmap)
- Gobuster (sudo apt install gobuster) version 3.8 recommended for proper DNS pretty print
- Wordlists (seclists recommended)
Clone the repository and enter the folder
git clone https://github.com/LeucoByte/BoxScanner.git
cd BoxScannerMake the script executable
chmod +x boxscanner.shQuick help about how to use
bash boxscanner.sh --helpSimple example usage for beginners:
bash boxscanner.sh --target 10.10.11.79 --dns-wordlist /path/to/your/dns/wordlist/wordlist.txt --web-wordlist /path/to/your/web/wordlist/other_wordlist.txt -o output_name