========================================== SkUlLY – Exploit & Vulnerability Tester Author: K0NxT3D Version: 1.0 Original File: skully.py ========================================== DESCRIPTION: ------------ SkUlLY is a CLI-based exploit scanner and vulnerability testing utility. It can optionally be routed through torsocks and is built to obfuscate traffic using two layers of anonymity: 1. Tor IP rotation (via torsocks) 2. 1,132 rotating User-Agent strings Output is stored as SQLite databases inside: X-Files/{url}.db WHY SKULLY IS DIFFICULT TO BLOCK: --------------------------------- Most scanners are detected because they reuse the same browser signature and originate from a known IP range. SkUlLY breaks both heuristics. (1) Tor Circuit / Torsocks Routing Every request may originate from a different Tor exit node. Blocking Tor entirely is possible, but it requires the target to block large numbers of global exit IPs. (2) User-Agent Rotation SkUlLY rotates through 1,132 different User-Agent strings. When paired with Tor rotation, every request appears to be coming from a different device somewhere on Earth. The result is: • No stable fingerprint • No consistent IP • No consistent platform signature • No behavioral pattern FEATURES: --------- • URL parsing and host extraction • Sends curated exploit payloads (WordPress, login forms, PeepSo, etc.) • Random User-Agent per request • Tor/torsocks compatible • HTML parsing for link extraction • SQLite3 database logging • Duplicate-safe inserts • CLI output showing request status and responses USAGE: ------ Run: torsocks ./skully You will be prompted for: Target URL (e.g., http://www.example.com/) SkUlLY sends each exploit template to the target, rotating User-Agents, and logging discovered links into X-Files/{url}.db. FILE OUTPUT: ------------ Directory: X-Files/ Files: {domain}.db (SQLite database) TECHNICAL: ---------- • Python standard libraries: os, re, time, socket, random, sqlite3 • HTML parsing via BeautifulSoup • Database engine: SQLite3 • Default port: 80 • CLI-based execution only LEGAL NOTICE: ------------- Use SkUlLY only on systems where you have explicit permission to test. Unauthorized scanning may violate U.S. federal law, EU GDPR, and international cybersecurity regulations.