An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
Updated Content: Reflects the addition of new tools and updates to existing ones.
Closed Issue: #14
2. install.sh
Tool and Configuration Checks: Added checks for the presence of tools, wordlists, and configurations before attempting installations or updates. @h4r5h1t @mr-vill4in
Closes Issue: #3
Tool Installation Commands:
Updated the installation commands for most tools to ensure compatibility and efficiency.
Consolidated tools by replacing gau/gauplus and waybackurls with waymore for enhanced URL discovery capabilities.
Reintroduced gau following discontinuation of gauplus.
Path Updates: @0x71rex
Updated paths for lfi.txt payload and gf patterns within the Garud tool.
Version Updates: @0x71rex
Updated the installation command for amass_linux_i386 to the latest version (currently commented out).
3. webcopilot
Tool Changes:
Add uro tool to filter out duplicate endpoints, which addresses and closes Issue #8 @0x71rex
Switches: @0x71rex
Switched from Sublist3r to SUBLIST3R_V2.0.
Replaced gauplus with gau.
Substituted gau/gauplus and waybackurls with waymore.
Flag Updates:
Introduced -v flag for checking tool versions.
Added -f flag to specify a file containing subdomains, which addresses and closes Issues #1 and #4
Deprecated the -s flag; Subdomain enumeration is now the default behavior.
Implemented -a flag to initiate complete enumeration by default; previously, the tool would default to only subdomain enumeration, which addresses and closed issue #16
Pull Request Details
1. README.md
2. install.sh
lfi.txt
payload andgf
patterns within the Garud tool.amass_linux_i386
to the latest version (currently commented out).3. webcopilot
-v
flag for checking tool versions.-f
flag to specify a file containing subdomains, which addresses and closes Issues #1 and #4-s
flag; Subdomain enumeration is now the default behavior.-a
flag to initiate complete enumeration by default; previously, the tool would default to only subdomain enumeration, which addresses and closed issue #16