New Tool Requests - Githubissues

SolomonSklash / chomp-scan

A scripted pipeline of tools to streamline the bug bounty/penetration test reconnaissance phase, so you can focus on chomping bugs.

https://www.solomonsklash.io/chomp-scan-update.html

GNU General Public License v3.0

393 stars 76 forks source link

New Tool Requests #68

Open SolomonSklash opened 5 years ago

SolomonSklash commented 5 years ago

Please leave a comment here with requests for new tools. Make sure to include a link to the tool and a description of what the tool does and how you see it fitting into Chomp Scan.

securibee commented 5 years ago

Interlace Haven't looked if all tools are multi threaded but in case they're not I recently discovered https://github.com/codingo/Interlace

Easily turn single threaded command line applications into a fast, multi-threaded application with CIDR and glob support.

VHostScan https://github.com/codingo/VHostScan

A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages.

Sy3Omda commented 5 years ago

parameth must be included Link https://github.com/maK-/parameth i could suggest the future function would something like mkdir "$WORKING_DIR"/parameth; then cat "$WORKING_DIR"/$ALL_RESOLVED | while read url; do python parameth.py -u https://"$url" -p lists/all.txt -o parameth/$url.txt -T 10 -t 40 -x 404,500,503; done then if you want to filter GET request parameters cat "$WORKING_DIR"/parameth/*.txt | grep -E -o "http.*s$" >parameth-get.txt

singhparveen commented 4 years ago

Sublist3r is not being maintained for now by anybody and it started giving out some "IndexError: list index out of range" errors on Ubuntu machine. I noticed another project taking over forked sublist3r and is working on improving the tool.

https://github.com/fleetcaptain/Turbolist3r

I tried modifying line 95, leaving everything untouched, it works pretty much same.

Line95: SUBLIST3R=$TOOL_PATH/Turbolist3r/turbolist3r.py;

Let me know if we make this small change.

singhparveen commented 4 years ago

Would you like to add crt.sh as well in order to find subdomains that are already out there as well along with brute-forcing? We'd missing out to gather existing available information otherwise. Got this handy command from nahamsec that cleans up the result from crt.sh query and only gives out IP address

curl -s https://crt.sh/\?q\=\%.$i\&output\=json | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u | tee -a all.txt

Maybe both files output can be compared and cleaned out after combining them if brute-force leave any subdomain for any possible reason!