Subfinder -> HTTP Probe -> wayback/gau -> GF patterns -> Valid URL's -> Hunting
1-Subfinder-
go get -u -v github.com/projectdiscovery/subfinder/cmd/subfinder
Single Domain's output-
subfinder -d domain.txt -o output.txt
Multiple Domain's output-
subfinder -dL domains.txt -oD output
2-HTTP Probe-
go get -u github.com/tomnomnom/httprobe
type domain_output.txt | httprobe -p http:80 -p htpps:443 -p https:8443 -c 50 -t 20000 >httprobe_output.txt
Prefer HTTPS- Sometimes you don't care about checking HTTP if HTTPS is working. You can do that with the --prefer-https flag: tyoe domains.txt | httprobe --prefer-https
3-Waybackurls-
go get github.com/tomnomnom/waybackurls
type httprobe_output.txt | waybackurls >wayback_url_httprobe.txt
4-Install GF (Use XSS, SSRF, Redirect..etc patterns)-
https://github.com/tomnomnom/gf
- cat wayback_url_httprobe.txt | gf xss | tee gf_xss.txt
- cat gf_xss.txt | parallel -j 10 curl --proxy "http://127.0.0.1:8080" -sk > /dev/null
5-Find interesting URL's with vulnerable parameters and start Hunting.
Happy Hunting!!!!
Comments
Post a Comment