DORM is a high-performance, concurrent, and modular vulnerability scanner written in Go. Designed for Red Teams and Bug Bounty hunters, it combines passive reconnaissance with active, aggressive exploitation techniques.
Unlike traditional scanners, DORM features a hybrid engine that utilizes Headless Chrome (DOM XSS), Smart Fuzzing, and In-Memory Exploit-DB integration.
Real-time monitoring and advanced vulnerability detection capabilities.
- High Concurrency: Scans multiple targets and ports simultaneously using Go routines.
- Smart Port Discovery: Automatically detects web, database, and cloud services.
- Real-Time Dashboard: Web-based UI (SSE) to monitor scan progress live.
- 🕷️ Web Spider: Recursively crawls the target to map the attack surface.
- 💣 Smart Fuzzer: Mutation-based fuzzer to detect 0-Day anomalies (DoS/SQLi).
- 🕸️ DOM XSS Scanner: Uses Headless Chrome to detect JavaScript-based vulnerabilities in SPA (React/Vue).
- 📚 Exploit-DB Integration: Loads the entire Exploit Database into RAM for instant service version matching.
- 🔓 Brute Force (Mini-Hydra): Supports dictionary attacks on SSH and FTP.
DORM comes with over 80 specialized plugins including:
- Injection: SQLi (Blind/Time), XSS (Reflected/DOM), SSTI, CRLF, Host Header.
- Cloud & DevOps: Docker API, Kubernetes Kubelet, AWS/Google Key Leaks, S3 Buckets.
- Critical CVEs: Log4Shell, Spring4Shell, Drupalgeddon2, F5 BIG-IP TMUI.
- Misconfig: CORS, Git/Env Exposure, Open Redirects, Subdomain Takeover.
DORM requires Go 1.21+ and Google Chrome (for DOM Scanner).
# 1. Clone the repository
git clone https://github.com/MrEx-Right/DORM.git
cd DORM
# 2. Initialize the module
go mod init DORM
# 3. Install dependencies
go get [github.com/chromedp/chromedp](https://github.com/chromedp/chromedp)
go get [github.com/jlaffaye/ftp](https://github.com/jlaffaye/ftp)
go get golang.org/x/crypto/ssh
go get github.com/google/uuid
# 4. Run DORM
go run .