saberzaid
commented
4 years ago this will be great to add the above list , i use them too
Closed S3ntago closed 3 years ago
saberzaid
commented
4 years ago this will be great to add the above list , i use them too
aoprea1982
commented
4 years ago Use also for listing the application queryStrings
https://github.com/tomnomnom/unfurl
Query String Key/Value Pairs
cat urls.txt | unfurl keypairs
id=123
name=Sam
org=ExCo
yogeshojha
commented
3 years ago Finally done 🚀
Also, you get this badge on urls
Can't wait to release.
S3ntago
commented
3 years ago Man, this is so great,,,,, awesome job
yogeshojha
commented
3 years ago Added badge for gf results
yogeshojha
commented
3 years ago Released in 1.0, thanks
Find below list of features that will make the tool perfect in my opinion:
1. Javascript files enumeration https://github.com/KathanP19/JSFScan.sh A JSfiles enumeration module to extract hidden endpoints and secrets such as APIs keys will be an awesome module. i'm using a tool called JSFScan which is a combine of multiple tools that take a list of subdomains.txt file and do the below:
2. Parameter Discovery https://github.com/s0md3v/Arjun Parameter Discovery module will be a very nice addition to the framework personally i use Arjun.
3. SSRF - SQLi - IDORs - RCE patterns using GF-Patterns tool and gf from Tomnomnom https://github.com/1ndianl33t/Gf-Patterns
I use Gf-pattern/gf to help me on grep all suspicious parameters from url that helps in (SSRF/SQLi/IDORs/RCE/Openredirect..etc), its combine of multiple tools such as gf and waybackurls and gives a results of txt file contains results based in what you chose, below example for SSRF, this module is very helpful.
▶ cat subdomains.txt | waybackurls | sort -u >> waybackdata | gf ssrf | tee -a ssfrparams.txt
▶ cat waybackdata | gf redirect | tee -a redirect.txt