-
Notifications
You must be signed in to change notification settings - Fork 1
/
config.json
91 lines (91 loc) · 5.96 KB
/
config.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
{
"subdomain_enum": {
"subfinder": ["subfinder", "-d", "{target}", "-silent"],
"assetfinder": ["assetfinder", "-subs-only", "{target}"],
"findomain": ["findomain", "-t", "{target}", "--quiet"],
"sublist3r": ["sublist3r", "-d", "{target}", "-o", "sublist3r_output.txt"],
"oneliners": [
"curl -s \"https://rapiddns.io/subdomain/{target}?full=1#result\" | grep \"<td><a\" | cut -d '\"' -f 2 | grep http | cut -d '/' -f3 | sed 's/#results//g' | sort -u",
"curl -s https://dns.bufferover.run/dns?q=.{target} | jq -r '.FDNS_A[]' | cut -d',' -f2 | sort -u",
"curl -s \"https://riddler.io/search/exportcsv?q=pld:{target}\" | grep -Po '([\\w.-]+\\.{target})' | sort -u",
"curl -s \"https://www.virustotal.com/ui/domains/{target}/subdomains?limit=40\" | jq -r '.data[].id' | sort -u",
"curl -s \"https://certspotter.com/api/v1/issuances?domain={target}&include_subdomains=true&expand=dns_names\" | jq -r '.[].dns_names[]' | sed 's/\\\\*\\.//g' | sort -u",
"curl -s \"https://jldc.me/anubis/subdomains/{target}\" | jq -r '.[]' | sort -u",
"curl -s \"https://securitytrails.com/list/apex_domain/{target}\" | grep -Po '([\\w.-]+\\.{target})' | sort -u",
"curl --silent https://sonar.omnisint.io/subdomains/{target} | jq -r '.[]' | sort -u",
"curl --silent -X POST https://synapsint.com/report.php -d \"name=https%3A%2F%2F{target}\" | grep -oE '[a-zA-Z0-9._-]+\\.{target}' | sort -u",
"curl -s \"https://crt.sh/?q=%25.{target}&output=json\" | jq -r '.[].name_value' | sed 's/\\\\*\\.//g' | sort -u",
"curl -s \"https://api.hackertarget.com/hostsearch/?q={target}\" | cut -d',' -f1 | sort -u",
"curl -s \"https://urlscan.io/api/v1/search/?q=domain:{target}\" | jq -r '.results[].page.domain' | sort -u",
"curl -s \"https://otx.alienvault.com/api/v1/indicators/domain/{target}/passive_dns\" | jq -r '.passive_dns[].hostname' | sort -u",
"curl -s \"https://tls.bufferover.run/dns?q={target}\" | jq -r '.FDNS_A[]' | cut -d',' -f2 | sort -u",
"curl -s \"https://api.threatminer.org/v2/domain.php?q={target}&rt=5\" | jq -r '.results[]' | sort -u",
"curl -s \"https://api.threatcrowd.org/v2/domain/report/?domain={target}\" | jq -r '.subdomains[]' | sort -u",
"curl -s \"https://api.viewdns.info/reverseip/?host={target}&apikey=<API_KEY>&output=json\" | jq -r '.response.domains[]' | sort -u",
"curl -s \"https://api.certshark.de/domain/{target}/subdomains\" | jq -r '.domains[]' | sort -u",
"curl -s \"https://web.archive.org/cdx/search/cdx?url=*.{target}/*&output=text&fl=original&collapse=urlkey\" | cut -d '/' -f3 | uniq | sort -u",
"curl -s \"https://index.commoncrawl.org/CC-MAIN-2023-14-index?url=*.{target}&output=json\" | jq -r '.url' | cut -d '/' -f3 | uniq | sort -u",
"curl -s \"https://publicwww.com/websites/%22.{target}%22/\" | grep -oP 'href=\"https?://.*?\"' | cut -d '\"' -f2 | cut -d '/' -f3 | sort -u",
"curl -s \"https://api.censys.io/v1/search/certificates?q={target}\" -u <API_KEY>:<API_SECRET> | jq -r '.results[].parsed.extensions.subject_alt_name.dns_names[]' | grep '{target}' | sed 's/\\\\*\\.//g' | sort -u",
"curl -s \"https://sublist3r.com/search.php?domain={target}\" | jq -r '.subdomains[]' | sort -u",
"curl -s \"https://api.dnsdb.info/lookup/rrset/name/{target}?limit=1000\" -H \"X-API-Key: <API_KEY>\" | jq -r '.[].rdata[]' | sort -u",
"curl -s \"https://api.whoxy.com/?key=<API_KEY>&reverse=whois&search={target}\" | jq -r '.search_result[].domain' | sort -u",
"curl -s \"https://www.threatminer.org/api.php?q={target}&api=true&rt=2\" | jq -r '.results[]' | sort -u",
"curl -s \"https://api.bing.com/osjson.aspx?query=site:{target}\" | jq -r '.[1][]' | grep '{target}' | sort -u"
]
},
"port_scan": {
"nmap": ["nmap", "-p-", "--min-rate=1000", "-T4", "{target}"],
"masscan": ["masscan", "-p1-65535", "--rate=1000", "{target}"],
"rustscan": ["rustscan", "-a", "{target}", "--ulimit", "5000", "--", "-sV", "-sC"],
"naabu": ["naabu", "-host", "{target}", "-p", "-"],
"unicornscan": ["unicornscan", "-mT", "{target}"]
},
"probe": {
"httpx": ["httpx", "-silent", "-threads", "50", "-follow-redirects"],
"httprobe": ["httprobe", "-c", "50"],
"aquatone": ["aquatone", "-threads", "50"],
"eyewitness": ["eyewitness", "--web", "-f", "domains.txt", "--timeout", "30"]
},
"vuln_scan": {
"xss": {
"nuclei": ["nuclei", "-t", "xss.yaml", "-target", "{target}"],
"dalfox": ["dalfox", "url", "{target}", "--silence"],
"xsstrike": ["python3", "xsstrike.py", "-u", "{target}"],
"kxss": ["kxss", "{target}"]
},
"sqli": {
"sqlmap": ["sqlmap", "-u", "{target}", "--batch", "--random-agent"],
"nuclei": ["nuclei", "-t", "sqli.yaml", "-target", "{target}"],
"nosqlmap": ["python3", "nosqlmap.py", "-u", "{target}"]
},
"ssrf": {
"nuclei": ["nuclei", "-t", "ssrf.yaml", "-target", "{target}"],
"ssrfdetector": ["python3", "ssrfdetector.py", "-u", "{target}"]
},
"open_redirect": {
"nuclei": ["nuclei", "-t", "open-redirect.yaml", "-target", "{target}"],
"oralyzer": ["python3", "oralyzer.py", "-u", "{target}"]
},
"crlf": {
"nuclei": ["nuclei", "-t", "crlf.yaml", "-target", "{target}"],
"crlfuzz": ["crlfuzz", "-u", "{target}"]
},
"all": {
"nuclei": ["nuclei", "-t", "/path/to/nuclei-templates", "-target", "{target}"],
"nmap": ["nmap", "-sV", "-sC", "--script", "vuln", "{target}"]
}
},
"crawler": {
"gospider": ["gospider", "-s", "{target}", "-d", "{depth}", "-c", "10", "-t", "20"],
"hakrawler": ["hakrawler", "-url", "{target}", "-depth", "{depth}"],
"gau": ["gau", "--threads", "10", "{target}"]
},
"paramfuzz": {
"arjun": ["arjun", "-u", "{target}", "-t", "10", "--json"],
"x8": ["x8", "{target}"],
"paramspider": ["python3", "paramspider.py", "-d", "{target}", "--level", "3", "-o", "output_{target}.txt"],
"param-miner": ["param-miner", "-u", "{target}", "--depth", "2", "-p", "20"],
"unfurl": ["unfurl", "--unique", "keys", "{target}"]
}
}