search

R0X4R / Garud

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.
MIT License
768 stars 176 forks source link

Payload file name mismatch? #35

Closed frost19k closed 2 years ago

frost19k commented 2 years ago

Lines 11 & 12 in install.sh read as:

mv payloads/lfi.txt ~/tools/payloads/
mv payloads/ssti.txt ~/tools/payloads/

However lines 199 & 200 in garud read:

cat ~/tools/payloads/sstipayloads.txt | while read -r line; do cat domains/patterns/ssti.txt | qsreplace "$line" 2> /dev/null | anew -q temporary/ssti.txt;done
cat ~/tools/payloads/lfipayloads.txt | while read -r line; do cat domains/patterns/lfi.txt | qsreplace "$line" 2> /dev/null | anew -q temporary/lfi.txt;done

This produces a file not found error.

Not sure if it's a file name mismatch or whether lfipayloads.txt & sstipayloads.txt are distinct from lfi.txt & ssti.txt

R0X4R commented 2 years ago

Hii @frost19k,

Thanks for raising the issue. I have fixed it in the latest commit do update your garud code.

Regards, R0X4R

frost19k commented 2 years ago

No worries. While we're at it... line 215 in garud will fail with a ']' expected error. There's a space missing after "nuclei/critical.txt".

I'm working on a Docker container for your script, been running each line to make sure everything works. :-)

R0X4R commented 2 years ago

ok fixed it :)