-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathbb-tools.md.save
41 lines (36 loc) · 1.72 KB
/
bb-tools.md.save
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# URLS
--------------------------------------------
galer : get urls/endpoints/links from URL
> galer -u <list-or-url> -o <output> -c <int> -e <only-extension> --in-scope
gau -o <output> -p <proxy-url> -subs [include subs]
waybackurls -get-versions [check same URL at diff. dates]
p3 /root/bugbounty/urls/WayRobots/wayrobots.py -i <host> -o <out> -y <2c014-2019>
---------------------------------------------------------
# HTCAP : dom/ajax request hunter , first - crawl
p2 /root/bugbounty/urls/htcap/htcap.py crawl http://satan.666 satan.db (creates a db)
# second : scan, i.e. run sqlmap x 10 concurrent like this (r: req types, n: threads, p: proxy):
htcap.py scan -r xhr -n 10 sqlmap satan.db
# util (report | lsvuln | lsajax)
htcap.py util report target.db target.html
htcap.py util lsvuln target.db
# chain cmds with '\;'
htcap.py crawl https://htcap.org htcap.db \; scan native \; scan sqlmap
---------------------------------------------------------------
# 403 bypass madness :
403sum <URL>
----------------------------------------------------------
# Screenshot tools
>GOSTARE
go-stare -t <url or urls.txt>
subfinder -d <DOMAIN.com> -silent | httpx -silent | go-stare -o ./out
gau <DOMAIN.com> | go-stare -o ./out -q 50
>EYEWITNESS
eyewitness -f <urls.txt> --web
options: -x <nmap.xml> --resolve --prepend-https (if just domains.com) --add-http-ports 8018,8088 --add-https-ports 9433 --only-ports 1488,666
> aquatone
cat urls.txt | aquatone -ports (small,medium,large,xlarge) -proxy <url>
> eyeballer - for large scopes, it analyzes your screenshots
eyeballer train
eyeballer.py --weights YOUR_WEIGHTS.h5 evaluate
eyeballer.py --weights YOUR_WEIGHTS.h5 predict YOUR_FILE.png
eyeballer.py --weights YOUR_WEIGHTS.h5 predict PATH_TO/YOUR_FILES/