Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details

R0X4R / Garud

Licence: mit

An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.

Programming Languages

shell

77523 projects

golang

3204 projects

Labels

penetration-testing bugbounty bash-script reconnaissance

Projects that are alternatives of or similar to Garud

Reconky-Automated Bash Script

Reconky is an great Content Discovery bash script for bug bounty hunters which automate lot of task and organized in the well mannered form which help them to look forward.

Stars: ✭ 167 (-8.74%)

Mutual labels: penetration-testing, bugbounty, bash-script, reconnaissance

Rengine

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…

Stars: ✭ 3,439 (+1779.23%)

Mutual labels: reconnaissance, penetration-testing, bugbounty

tugarecon

Pentest: Subdomains enumeration tool for penetration testers.

Stars: ✭ 142 (-22.4%)

Mutual labels: penetration-testing, bugbounty, reconnaissance

Awesome Bbht

A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.

Stars: ✭ 190 (+3.83%)

Mutual labels: penetration-testing, reconnaissance, bugbounty

Osmedeus

Fully automated offensive security framework for reconnaissance and vulnerability scanning

Stars: ✭ 3,391 (+1753.01%)

Mutual labels: penetration-testing, reconnaissance, bugbounty

AttackSurfaceManagement

Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty

Stars: ✭ 45 (-75.41%)

Mutual labels: penetration-testing, bugbounty, reconnaissance

3klcon

Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.

Stars: ✭ 189 (+3.28%)

Mutual labels: penetration-testing, reconnaissance, bugbounty

webrecon

Automated Web Recon Shell Scripts

Stars: ✭ 48 (-73.77%)

Mutual labels: penetration-testing, bash-script, reconnaissance

aquatone

A Tool for Domain Flyovers

Stars: ✭ 43 (-76.5%)

Mutual labels: penetration-testing, bugbounty, reconnaissance

Hosthunter

HostHunter a recon tool for discovering hostnames using OSINT techniques.

Stars: ✭ 427 (+133.33%)

Mutual labels: penetration-testing, reconnaissance, bugbounty

Pentest Guide

Penetration tests guide based on OWASP including test cases, resources and examples.

Stars: ✭ 1,316 (+619.13%)

Mutual labels: penetration-testing, bugbounty

Reconcat

A small Php application to fetch archive url snapshots from archive.org. using it you can fetch complete list of snapshot urls of any year or complete list of all years possible. Made Specially for penetration testing purpose.

Stars: ✭ 66 (-63.93%)

Mutual labels: penetration-testing, reconnaissance

Resources

A Storehouse of resources related to Bug Bounty Hunting collected from different sources. Latest guides, tools, methodology, platforms tips, and tricks curated by us.

Stars: ✭ 62 (-66.12%)

Mutual labels: penetration-testing, bugbounty

Halive

A fast http and https prober, to check which URLs are alive

Stars: ✭ 47 (-74.32%)

Mutual labels: reconnaissance, bugbounty

Recsech

Recsech is a tool for doing Footprinting and Reconnaissance on the target web. Recsech collects information such as DNS Information, Sub Domains, HoneySpot Detected, Subdomain takeovers, Reconnaissance On Github and much more you can see in Features in tools .

Stars: ✭ 173 (-5.46%)

Mutual labels: penetration-testing, reconnaissance

Keye

Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.

Stars: ✭ 101 (-44.81%)

Mutual labels: penetration-testing, reconnaissance

Awesome Vulnerable Apps

Awesome Vulnerable Applications

Stars: ✭ 180 (-1.64%)

Mutual labels: penetration-testing, bugbounty

Quickxss

Automating XSS using Bash

Stars: ✭ 113 (-38.25%)

Mutual labels: bash-script, bugbounty

Scilla

🏴‍☠️ Information Gathering tool 🏴‍☠️ DNS / Subdomains / Ports / Directories enumeration

Stars: ✭ 116 (-36.61%)

Mutual labels: penetration-testing, reconnaissance

Awsbucketdump

Security Tool to Look For Interesting Files in S3 Buckets

Stars: ✭ 1,021 (+457.92%)

Mutual labels: penetration-testing, bugbounty

View All Similar Projects ➔

Garud

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

Requirements: Go Language, Python 2.7 or Python 3.
System requirements: Recommended to run on vps with 1VCPU and 2GB ram.
Tools used - You must need to install these tools to use this script
- SubFinder
- Sublist3r
- GF Patterns
- Get Title
- Takeover.py
- Subzy
- Subjack
- Assetfinder
- HTTPX
- Kxss
- QSreplace
- FFuF
- Nuclei
- Dalfox
- Dirsearch
- ANEW
- ParamSpider
- Notify
- Aquatone
- hakrawler

Installation - Make sure you're root before installing the tool

git clone https://github.com/R0X4R/Garud.git && cd Garud/ && chmod +x garud install.sh && mv garud /usr/bin/ && ./install.sh

Usage

█▀▀ ▄▀█ █▀█ █░█ █▀▄
█▄█ █▀█ █▀▄ █▄█ █▄▀

coded by R0X4R with <3

Usage: -d       target you want to scan (target.com)
Usage: -f       output directory where you want to save file (~/target-output/)
Usage: -x       Exclude out of scope domains (~/out-domains.txt)
garud -d target.com -f target-output

Slack Bot
```
wget https://raw.githubusercontent.com/R0X4R/Garud/master/slack-bot.py ~/slack-bot.py
pip3 install slackclient slacker
```
Add your slack token in slack-bot.py file.
- Slack bot tutorial: https://www.freecodecamp.org/news/how-to-build-a-basic-slackbot-a-beginners-guide-6b40507db5c5/
- Slack Webhook for notify: https://slack.com/intl/en-it/help/articles/115005265063-Incoming-webhooks-for-Slack
- Configure Notify: https://github.com/projectdiscovery/notify#config-file

About Garud

I made this tool to automate my recon and save my time. It really give me headache always type such command and then wait to complete one command and I type other command. So I collected some of the tools which is widely used in the bugbounty field. In this script I used Assetfinder, get-titles, httprobe, subjack, subzy, sublister, gau and gf patterns and then it uses ffuf, dalfox, nuclei and kxss to find some low hanging fruits.

The script first enumerates all the subdomains of the give target domain using assetfinder and sublister then filters all live domains from the whole subdomain list then it extarct titles of the subdomains using get-title then it scans for subdomain takeover using subjack and subzy. Then it uses gau to extract paramters of the given subdomains then it use gf patterns to filters xss, ssti, ssrf, sqli params from that given subdomains and then it scans for low hanging fruits as well. Then it'll save all the output in a text file like target-xss.txt.

Thanks to the authors of the tools used in this script.

@aboul3la @tomnomnom @lc @LukaSikic @haccer @hahwul @projectdiscovery @maurosoria @shelld3v @devanshbatham @michenriksen @hakluke

Warning: This code was originally created for personal use, it generates a substantial amount of traffic, please use with caution.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 183

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗