search

sethsec / celerystalk

An asynchronous enumeration & vulnerability scanner. Run all the tools on all the hosts.
https://sethsec.github.io/celerystalk/
MIT License
397 stars 69 forks source link

Subdomain Tools & Open Redirection Tool #123

Open attacker34 opened 4 years ago

attacker34 commented 4 years ago

Hi @sethsec

I've just saw that only two tools are being used for retrieving subdomains. I would like you to Check these Tools 

https://github.com/Anonymous1807/Subdomain-Scanner.git
https://github.com/shmilylty/OneForAll

Please add this Tool for ==Open Redirection== Checking:

https://github.com/ak1t4/open-redirect-scanner/

Here are some more vectors related to open redirection:


https://github.com/cujanovic/Open-Redirect-Payloads/blob/master/Open-Redirect-payloads.txt
https://github.com/payloadbox/open-redirect-payload-list
https://pentester.land/cheatsheets/2018/11/02/open-redirect-cheatsheet.html
sethsec commented 4 years ago

Thanks for this @attacker34! Adding the open redirect tools should be easy. For the subdomain tools, it might be more complicated. Currently I have very basic parsing of subdomain tools. If the tool can output a subdomain per line, and nothing else, I can handle it. If the tool spits out a lot of other information, my lame parser chokes on it. I'll play around with all of these suggested tools soon and see if i can get them added. thanks for the suggestions!

If you know the right command line flags to get the output to be like below, I can add them more quickly (and you can test it on your own in the config.ini without any celerystalk modifications: 

subdomain1.com
subdomain2.com

let me know what you find!