Garud – An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters
An automation software that scans sub-domains, sub-area takeover and then filters out xss, ssti, ssrf and much more injection level parameters.
- Requirements: Go Language, Python 2.7 or Python 3.
- Method requirements: Recommended to run on vps with 1VCPU and 2GB ram.
- Resources employed – You have to require to install these resources to use this script
- SubFinder
- Sublist3r
- GF Styles
- Gau
- Subzy
- Subjack: preserve fingerprints.json file into ~/applications/ directory.
- Assetfinder
- HTTPX
- Waybackurls
- Set up
git clone https://github.com/R0X4R/Garud.git && cd Garud/ && chmod +x garud && mv garud /usr/neighborhood/bin/- Use
garud -d focus on.com -f filenameAbout Garud
I designed this instrument to automate my recon and preserve my time. It seriously give me headache always form such command and then wait around to complete one particular command and I variety other command. So I gathered some of the tools which is widely employed in the bugbounty industry. In this script I employed Assetfinder, get-titles, httprobe, subjack, subzy, sublister, gau and gf designs.
The script to start with enumerates all the subdomains of the give target area making use of assetfinder and sublister then filters all reside domains from the whole subdomain record then it extarct titles of the subdomains applying get-title then it scans for subdomain takeover utilizing subjack and subzy. Then it employs gau to extract paramters of the offered subdomains then it use gf styles to filters xss, ssti, ssrf, sqli params from that specified subdomains. Then it’ll save all the output in a textual content file like concentrate on-xss.txt.
Many thanks to the authors of the applications utilized in this script.
@aboul3la @tomnomnom @lc @LukaSikic @haccer
Warning: This code was initially created for personal use, it generates a considerable amount of visitors, please use with caution.
