GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Sachin-v3rma → Astra

Sachin-v3rma / Astra

Licence: other
Astra is a tool to find URLs and secrets inside a webpage/files

Programming Languages

python
139335 projects - #7 most used programming language

Labels

securityhackinginfosecpentestingbugbounty

Projects that are alternatives of or similar to Astra

goverview
goverview - Get an overview of the list of URLs
Stars: ✭ 93 (-50.27%)
Mutual labels:  infosec, bugbounty
h1-search
Tool that will request the public disclosures on a specific HackerOne program and show them in a localhost webserver.
Stars: ✭ 58 (-68.98%)
Mutual labels:  infosec, bugbounty
Contact.sh
An OSINT tool to find contacts in order to report security vulnerabilities.
Stars: ✭ 216 (+15.51%)
Mutual labels:  infosec, bugbounty
Basecrack
Decode All Bases - Base Scheme Decoder
Stars: ✭ 196 (+4.81%)
Mutual labels:  infosec, bugbounty
lit-bb-hack-tools
Little Bug Bounty & Hacking Tools⚔️
Stars: ✭ 180 (-3.74%)
Mutual labels:  infosec, bugbounty
Qsfuzz
qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
Stars: ✭ 201 (+7.49%)
Mutual labels:  infosec, bugbounty
fuzzmost
all manner of wordlists
Stars: ✭ 23 (-87.7%)
Mutual labels:  infosec, bugbounty
Proof Of Concepts
A little collection of fun and creative proof of concepts to demonstrate the potential impact of a security vulnerability.
Stars: ✭ 148 (-20.86%)
Mutual labels:  infosec, bugbounty
rejig
Turn your VPS into an attack box
Stars: ✭ 33 (-82.35%)
Mutual labels:  infosec, bugbounty
flydns
Related subdomains finder
Stars: ✭ 29 (-84.49%)
Mutual labels:  infosec, bugbounty
dora
Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found
Stars: ✭ 229 (+22.46%)
Mutual labels:  infosec, bugbounty
SuperLibrary
Information Security Library
Stars: ✭ 60 (-67.91%)
Mutual labels:  infosec, bugbounty
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-2.67%)
Mutual labels:  infosec, bugbounty
Can I Take Over Xyz
"Can I take over XYZ?" — a list of services and how to claim (sub)domains with dangling DNS records.
Stars: ✭ 2,808 (+1401.6%)
Mutual labels:  infosec, bugbounty
Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-12.83%)
Mutual labels:  infosec, bugbounty
py-scripts-other
A collection of some of my scripts
Stars: ✭ 79 (-57.75%)
Mutual labels:  infosec, bugbounty
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+942.25%)
Mutual labels:  infosec, bugbounty
Autosetup
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-25.13%)
Mutual labels:  infosec, bugbounty
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-24.06%)
Mutual labels:  infosec, bugbounty
magicRecon
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
Stars: ✭ 478 (+155.61%)
Mutual labels:  infosec, bugbounty
View All Similar Projects ➔

Astra finds urls, endpoints, aws buckets, api keys, tokens, etc from a given url/s. It combines the paths and endpoints with the given domain and gives full URL. We can use it on js, html, etc files. Astra uses asynchronous method to fetch URLs using python's aiohttp and asyncio. Its a combination of linkfinder and secretfinder. Uses Regex's from linkfinder, secretfinder and nuclei templates. Although None of them worked exactly because python's regex r way different. So basically everyone of them is modified by me.

Installation

git clone https://github.com/Sachin-v3rma/Astra && cd Astra
pip3 install -r requirements.txt

Usage

Takes Input from stdin, so easy to use in automation.

Flags :

-ns --> No Secretfinder. Only find urls and endpoints. Also increases the speed.
-t  --> Threads. Only increase if you have strong internet connection.

Example :

cat live_subdomains.txt | python3 astra.py
echo https://www.example.com | python3 astra.py -ns |tee astra_urls.txt
cat js_urls.txt | python3 astra.py -t 20 | anew urls_secrets.txt

Output :

If u wanna remove the counter comment out the line 174-177 or you can use head command to remove them. 
Use grep "\[IP\]" to grep IPs.
Use grep "\[$\]" to grep secrets.
Use grep "\[C\]" to grep aws buckets.
Use grep "^http" to grep URLs.

Also decrease the threads if your internet connection is weak (like i use mobile data :( ).

Creator

Made by Sachin Verma with <3
Twitter : sachin_vm

NO BANNER BECAUSE WHY ??

Buy Me A Coffee

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].