├── .github ├── FUNDING.yml ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md ├── auto_assign.yml ├── dependabot.yml └── workflows │ ├── codeql-analysis.yml │ ├── go.yml │ └── golangci-lint.yml ├── .gitignore ├── .golangci.yml ├── LICENSE ├── Makefile ├── README.md ├── bbscope ├── README.md └── main.go ├── bbtargets ├── README.md └── main.go ├── chainredir ├── README.md └── main.go ├── checkbypass ├── README.md └── main.go ├── cleanpath ├── README.md └── main.go ├── doomxss ├── README.md └── main.go ├── eae ├── README.md └── main.go ├── eah ├── README.md └── main.go ├── eap ├── README.md └── main.go ├── eaparam ├── README.md └── main.go ├── eapath ├── README.md └── main.go ├── earh ├── README.md └── main.go ├── eefjsf ├── README.md └── main.go ├── genscope ├── README.md └── main.go ├── gitdump ├── README.md └── gitdump ├── go.mod ├── go.sum ├── heacoll ├── README.md └── main.go ├── knoxssme ├── README.md └── main.go ├── kubemetrics ├── README.md └── main.go ├── nrp ├── README.md └── main.go ├── rapwp ├── README.md └── main.go ├── removehost ├── README.md └── main.go ├── removepro ├── README.md └── main.go ├── robotstxt ├── README.md └── main.go ├── rpfu ├── README.md └── main.go ├── subtake ├── README.md └── subtake └── tahm ├── README.md └── main.go /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: edoardottt 2 | liberapay: edoardottt 3 | patreon: edoardottt 4 | ko_fi: edoardottt 5 | open_collective: edoardottt 6 | custom: "https://www.paypal.me/edoardottt" 7 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Browser [e.g. chrome, safari] 29 | - Version [e.g. 22] 30 | 31 | **Smartphone (please complete the following information):** 32 | - Device: [e.g. iPhone6] 33 | - OS: [e.g. iOS8.1] 34 | - Browser [e.g. stock browser, safari] 35 | - Version [e.g. 22] 36 | 37 | **Additional context** 38 | Add any other context about the problem here. 39 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/auto_assign.yml: -------------------------------------------------------------------------------- 1 | # Set to true to add reviewers to pull requests 2 | addReviewers: true 3 | 4 | # A list of reviewers to be added to pull requests (GitHub user name) 5 | reviewers: 6 | - edoardottt 7 | 8 | # A list of keywords to be skipped the process that add reviewers if pull requests include it 9 | skipKeywords: 10 | - wip 11 | 12 | # A number of reviewers added to the pull request 13 | # Set 0 to add all the reviewers (default: 0) 14 | numberOfReviewers: 0 15 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | 4 | # Maintain dependencies for go modules 5 | - package-ecosystem: "gomod" 6 | directory: "/" 7 | schedule: 8 | interval: "weekly" 9 | target-branch: "devel" 10 | commit-message: 11 | prefix: "chore" 12 | include: "scope" 13 | labels: 14 | - "Type: Maintenance" 15 | -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | name: "CodeQL" 8 | 9 | on: 10 | push: 11 | branches: [ main ] 12 | pull_request: 13 | # The branches below must be a subset of the branches above 14 | branches: [ main ] 15 | schedule: 16 | - cron: '39 3 * * 4' 17 | 18 | jobs: 19 | analyze: 20 | name: Analyze 21 | runs-on: ubuntu-latest 22 | permissions: 23 | actions: read 24 | contents: read 25 | security-events: write 26 | 27 | strategy: 28 | fail-fast: false 29 | matrix: 30 | language: [ 'go' ] 31 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] 32 | # Learn more about CodeQL language support at https://git.io/codeql-language-support 33 | 34 | steps: 35 | - name: Checkout repository 36 | uses: actions/checkout@v3 37 | 38 | # Initializes the CodeQL tools for scanning. 39 | - name: Initialize CodeQL 40 | uses: github/codeql-action/init@v2 41 | with: 42 | languages: ${{ matrix.language }} 43 | # If you wish to specify custom queries, you can do so here or in a config file. 44 | # By default, queries listed here will override any specified in a config file. 45 | # Prefix the list here with "+" to use these queries and those in the config file. 46 | # queries: ./path/to/local/query, your-org/your-repo/queries@main 47 | 48 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 49 | # If this step fails, then you should remove it and run the build manually (see below) 50 | - name: Autobuild 51 | uses: github/codeql-action/autobuild@v2 52 | 53 | # ℹ️ Command-line programs to run using the OS shell. 54 | # 📚 https://git.io/JvXDl 55 | 56 | # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines 57 | # and modify them (or add more) to build your code if your project 58 | # uses a compiled language 59 | 60 | #- run: | 61 | # make bootstrap 62 | # make release 63 | 64 | - name: Perform CodeQL Analysis 65 | uses: github/codeql-action/analyze@v2 66 | -------------------------------------------------------------------------------- /.github/workflows/go.yml: -------------------------------------------------------------------------------- 1 | name: Go 2 | 3 | on: 4 | push: 5 | branches: [ main,devel ] 6 | pull_request: 7 | branches: [ main,devel ] 8 | 9 | jobs: 10 | 11 | build: 12 | runs-on: ubuntu-latest 13 | steps: 14 | - uses: actions/checkout@v2 15 | 16 | - name: Set up Go 17 | uses: actions/setup-go@v2 18 | with: 19 | go-version: 1.18 20 | 21 | - name: Build 22 | run: go build -v ./... 23 | 24 | - name: Test 25 | run: go test -v ./... -------------------------------------------------------------------------------- /.github/workflows/golangci-lint.yml: -------------------------------------------------------------------------------- 1 | name: golangci-lint 2 | on: 3 | push: 4 | tags: 5 | - v* 6 | branches: 7 | - devel 8 | - main 9 | pull_request: 10 | permissions: 11 | contents: read 12 | # Optional: allow read access to pull request. Use with `only-new-issues` option. 13 | # pull-requests: read 14 | jobs: 15 | golangci: 16 | name: lint 17 | runs-on: ubuntu-latest 18 | steps: 19 | - uses: actions/setup-go@v3 20 | with: 21 | go-version: 1.18 22 | - uses: actions/checkout@v3 23 | - name: golangci-lint 24 | uses: golangci/golangci-lint-action@v3 25 | with: 26 | # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version 27 | version: v1.49 28 | 29 | # Optional: working directory, useful for monorepos 30 | # working-directory: somedir 31 | 32 | # Optional: golangci-lint command line arguments. 33 | # args: --issues-exit-code=0 34 | 35 | # Optional: show only new issues if it's a pull request. The default value is `false`. 36 | # only-new-issues: true 37 | 38 | # Optional: if set to true then the all caching functionality will be complete disabled, 39 | # takes precedence over all other caching options. 40 | # skip-cache: true 41 | 42 | # Optional: if set to true then the action don't cache or restore ~/go/pkg. 43 | # skip-pkg-cache: true 44 | 45 | # Optional: if set to true then the action don't cache or restore ~/.cache/go-build. 46 | # skip-build-cache: true -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | **/genscope.json 2 | dedup/ 3 | rlc/ 4 | .vscode/ 5 | 6 | # Binaries for programs and plugins 7 | *.exe 8 | *.exe~ 9 | *.dll 10 | *.so 11 | *.dylib 12 | 13 | # Test binary, built with `go test -c` 14 | *.test 15 | 16 | # Output of the go coverage tool, specifically when used with LiteIDE 17 | *.out 18 | 19 | # Dependency directories (remove the comment below to include it) 20 | # vendor/ 21 | -------------------------------------------------------------------------------- /.golangci.yml: -------------------------------------------------------------------------------- 1 | linters: 2 | # Enable all available linters. 3 | # Default: false 4 | disable-all: true 5 | enable: 6 | - asciicheck 7 | - bodyclose 8 | - dogsled 9 | - dupl 10 | - errcheck 11 | - exhaustive 12 | - exportloopref 13 | - gochecknoinits 14 | - goconst 15 | - gocritic 16 | - godot 17 | - goheader 18 | - gomodguard 19 | - goprintffuncname 20 | - gosimple 21 | - govet 22 | - ineffassign 23 | - misspell 24 | - nakedret 25 | - nolintlint 26 | - prealloc 27 | - rowserrcheck 28 | - sqlclosecheck 29 | - staticcheck 30 | - stylecheck 31 | - testpackage 32 | - typecheck 33 | - unconvert 34 | - unparam 35 | - unused 36 | - whitespace 37 | - wsl 38 | 39 | linters-settings: 40 | wsl: 41 | strict-append: false 42 | enforce-err-cuddling: true -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | build: 2 | @echo "" 3 | @echo "=> https://github.com/edoardottt/lit-bb-hack-tools v1.3.5 <=" 4 | @echo "" 5 | @cd eae && go build -o eae && sudo mv eae /usr/local/bin && echo "[ + ] eae installed!" 6 | @cd heacoll && go build -o heacoll && sudo mv heacoll /usr/local/bin && echo "[ + ] heacoll installed!" 7 | @cd removepro && go build -o removepro && sudo mv removepro /usr/local/bin && echo "[ + ] removepro installed!" 8 | @cd subtake && chmod +x subtake && sudo cp subtake /usr/local/bin && echo "[ + ] subtake installed!" 9 | @cd eap && go build -o eap && sudo mv eap /usr/local/bin && echo "[ + ] eap installed!" 10 | @cd gitdump && chmod +x gitdump && sudo cp gitdump /usr/local/bin && echo "[ + ] gitdump installed!" 11 | @cd removehost && go build -o removehost && sudo mv removehost /usr/local/bin && echo "[ + ] removehost installed!" 12 | @cd chainredir && go build -o chainredir && sudo mv chainredir /usr/local/bin && echo "[ + ] chainredir installed!" 13 | @cd tahm && go build -o tahm && sudo mv tahm /usr/local/bin && echo "[ + ] tahm installed!" 14 | @cd robotstxt && go build -o robotstxt && sudo mv robotstxt /usr/local/bin && echo "[ + ] robotstxt installed!" 15 | @cd cleanpath && go build -o cleanpath && sudo mv cleanpath /usr/local/bin && echo "[ + ] cleanpath installed!" 16 | @cd eefjsf && go build -o eefjsf && sudo mv eefjsf /usr/local/bin && echo "[ + ] eefjsf installed!" 17 | @cd bbtargets && go build -o bbtargets && sudo mv bbtargets /usr/local/bin && echo "[ + ] bbtargets installed!" 18 | @cd nrp && go build -o nrp && sudo mv nrp /usr/local/bin && echo "[ + ] nrp installed!" 19 | @cd eah && go build -o eah && sudo mv eah /usr/local/bin && echo "[ + ] eah installed!" 20 | @cd doomxss && go build -o doomxss && sudo mv doomxss /usr/local/bin && echo "[ + ] doomxss installed!" 21 | @cd eaparam && go build -o eaparam && sudo mv eaparam /usr/local/bin && echo "[ + ] eaparam installed!" 22 | @cd bbscope && go build -o bbscope && sudo mv bbscope /usr/local/bin && echo "[ + ] bbscope installed!" 23 | @cd eapath && go build -o eapath && sudo mv eapath /usr/local/bin && echo "[ + ] eapath installed!" 24 | @cd rpfu && go build -o rpfu && sudo mv rpfu /usr/local/bin && echo "[ + ] rpfu installed!" 25 | @cd rapwp && go build -o rapwp && sudo mv rapwp /usr/local/bin && echo "[ + ] rapwp installed!" 26 | @cd checkbypass && go build -o checkbypass && sudo mv checkbypass /usr/local/bin && echo "[ + ] checkbypass installed!" 27 | @cd knoxssme && go build -o knoxssme && sudo mv knoxssme /usr/local/bin && echo "[ + ] knoxssme installed!" 28 | @cd genscope && go build -o genscope && sudo mv genscope /usr/local/bin && echo "[ + ] genscope installed!" 29 | @cd kubemetrics && go build -o kubemetrics && sudo mv kubemetrics /usr/local/bin && echo "[ + ] kubemetrics installed!" 30 | @cd earh && go build -o earh && sudo mv earh /usr/local/bin && echo "[ + ] earh installed!" 31 | @echo Done! 32 | 33 | clean: 34 | @sudo rm -rf /usr/local/bin/eae 35 | @sudo rm -rf /usr/local/bin/heacoll 36 | @sudo rm -rf /usr/local/bin/removepro 37 | @sudo rm -rf /usr/local/bin/subtake 38 | @sudo rm -rf /usr/local/bin/eap 39 | @sudo rm -rf /usr/local/bin/gitdump 40 | @sudo rm -rf /usr/local/bin/removehost 41 | @sudo rm -rf /usr/local/bin/chainredir 42 | @sudo rm -rf /usr/local/bin/tahm 43 | @sudo rm -rf /usr/local/bin/robotstxt 44 | @sudo rm -rf /usr/local/bin/cleanpath 45 | @sudo rm -rf /usr/local/bin/eefjsf 46 | @sudo rm -rf /usr/local/bin/bbtargets 47 | @sudo rm -rf /usr/local/bin/nrp 48 | @sudo rm -rf /usr/local/bin/eah 49 | @sudo rm -rf /usr/local/bin/doomxss 50 | @sudo rm -rf /usr/local/bin/eaparam 51 | @sudo rm -rf /usr/local/bin/bbscope 52 | @sudo rm -rf /usr/local/bin/eapath 53 | @sudo rm -rf /usr/local/bin/rpfu 54 | @sudo rm -rf /usr/local/bin/rapwp 55 | @sudo rm -rf /usr/local/bin/checkbypass 56 | @sudo rm -rf /usr/local/bin/knoxssme 57 | @sudo rm -rf /usr/local/bin/genscope 58 | @sudo rm -rf /usr/local/bin/kubemetrics 59 | @sudo rm -rf /usr/local/bin/earh 60 | @echo Cleaned everything! 61 | 62 | update: 63 | @git pull 64 | @make clean 65 | @make build 66 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

2 | 3 |

4 | 5 | Command Line tools useful during Bug Bounty / Penetration testing. Focused on Web targets. 6 | 7 | 8 | workflows 9 | 10 |
11 | 12 | Installation 📥 13 | ------- 14 | 15 | - `git clone https://github.com/edoardottt/lit-bb-hack-tools` 16 | - `cd lit-bb-hack-tools` 17 | - `make build` 18 | 19 | Then use the tools as described in the README in each tools folder. 20 | 21 | - `make clean` (uninstall) 22 | - `make update` (update) 23 | 24 | Tools list 📃 25 | ------- 26 | 27 | - [eae](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/eae) Take as input on stdin a list of urls and print on stdout all the extensions sorted. 28 | - [heacoll](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/heacoll) Take as input on stdin a list of urls and print on stdout all the unique headers found. 29 | - [removepro](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/removepro) Take as input on stdin a list of urls and print on stdout all the unique urls without protocols. 30 | - [subtake](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/subtake) Take as input on stdin a list of urls and print on stdout CNAME records found with `dig`. 31 | - [eap](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/eap) Take as input on stdin a list of urls and print on stdout all the protocols sorted. 32 | - [gitdump](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/gitdump) It prints all the matches in a git repository with a specified pattern. 33 | - [removehost](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/removehost) Take as input on stdin a list of urls and print on stdout all the unique queries without protocol and host. 34 | - [chainredir](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/chainredir) Take as input a URL and print on stdout all the redirects. 35 | - [tahm](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/tahm) Take as input on stdin a list of urls and print on stdout all the status codes and body sizes for HTTP methods. 36 | - [robotstxt](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/robotstxt) Take as input on stdin a list of urls and print on stdout all the unique paths found in the robots.txt file. 37 | - [cleanpath](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/cleanpath) Take as input on stdin a list of urls/paths and print on stdout all the unique paths (at any level). 38 | - [eefjsf](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/eefjsf) Take as input on stdin a list of js file urls and print on stdout all the unique endpoints found. 39 | - [bbtargets](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/bbtargets) Produce as output on stdout all the bug bounty targets found on Chaos list by Project Discovery. 40 | - [nrp](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/nrp) Take as input on stdin a list of domains and print on stdout all the unique domains without redirects. 41 | - [eah](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/eah) Take as input on stdin a list of urls and print on stdout all the hosts sorted. 42 | - [doomxss](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/doomxss) Take as input on stdin a list of html/js file urls and print on stdout all the possible DOM XSS sinks found. 43 | - [eaparam](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/eaparam) Take as input on stdin a list of urls and print on stdout all the unique parameters. 44 | - [bbscope](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/bbscope) Take as input on stdin a list of urls or subdomains and a BurpSuite Configuration file and print on stdout all in scope items. 45 | - [eapath](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/eapath) Take as input on stdin a list of urls and print on stdout all the unique urls without queries. 46 | - [rpfu](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/rpfu) Take as input on stdin a list of urls and print on stdout all the unique urls without ports (if 80 or 443). 47 | - [rapwp](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/rapwp) Take as input on stdin a list of urls and a payload and print on stdout all the unique urls with ready to use payloads. 48 | - [checkbypass](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/checkbypass) Take as input on stdin a payload and print on stdout all the successful WAF bypasses. 49 | - [knoxssme](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/knoxssme) Take as input on stdin a list of urls and print on stdout the results from Knoxss.me API. 50 | - [genscope](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/genscope) Take as input a file containing a list of (sub)domains (wildcards allowed) and produce a BurpSuite Configuration file. 51 | - [kubemetrics](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/kubemetrics) Take as input on stdin a list of urls and print on stdout all the unique paths and urls found in the /metrics endpoint. 52 | - [earh](https://github.com/edoardottt/lit-bb-hack-tools/tree/main/earh) Take as input on stdin a list of urls and print on stdout all the unique root hosts. 53 | 54 | Changelog 📌 55 | ------- 56 | 57 | Detailed changes for each release are documented in the [release notes](https://github.com/edoardottt/lit-bb-hack-tools/releases). 58 | 59 | Contributing 🤝 60 | ------ 61 | 62 | If you want to contribute to this project, you can start opening an [issue](https://github.com/edoardottt/lit-bb-hack-tools/issues). 63 | 64 | Before opening a pull request, download [golangci-lint](https://golangci-lint.run/usage/install/) and run 65 | 66 | ```bash 67 | golangci-lint run 68 | ``` 69 | 70 | If there aren't errors, go ahead :) 71 | 72 | License 📝 73 | ------- 74 | 75 | This repository is under [GNU General Public License v3.0](https://github.com/edoardottt/lit-bb-hack-tools/blob/main/LICENSE). 76 | [edoardottt.com](https://edoardottt.com/) to contact me. 77 | -------------------------------------------------------------------------------- /bbscope/README.md: -------------------------------------------------------------------------------- 1 | # bbscope 2 | 3 | **b**ug **b**ounty **scope** 4 | 5 | Take as input on stdin a list of urls or subdomains and a BurpSuite Configuration file and print on stdout all in scope items. 6 | 7 | ### Input (subs) 8 | 9 | ``` 10 | partners.shopify.com 11 | accounts.shopify.com 12 | 1.shopifykloud.com 13 | ``` 14 | 15 | ### Input (urls) 16 | 17 | ``` 18 | https://partners.shopify.com/ 19 | https://accounts.shopify.com/admin 20 | https://1.shopifykloud.com/1 21 | ``` 22 | 23 | ### Usage 24 | 25 | - `cat urls | bbscope url target-scope.json` 26 | - `cat subs | bbscope sub target-scope.json` 27 | 28 | ### Output 29 | 30 | ``` 31 | partners.shopify.com 32 | accounts.shopify.com 33 | 1.shopifykloud.com 34 | www.shopify.com 35 | www.shopifycloud.com 36 | ... 37 | ``` 38 | -------------------------------------------------------------------------------- /bbscope/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "encoding/json" 6 | "flag" 7 | "fmt" 8 | "io/ioutil" 9 | "net/url" 10 | "os" 11 | "regexp" 12 | "strings" 13 | 14 | "github.com/edoardottt/golazy" 15 | ) 16 | 17 | func main() { 18 | helpPtr := flag.Bool("h", false, "Show usage.") 19 | 20 | flag.Parse() 21 | 22 | if len(os.Args) < 2 || *helpPtr { 23 | help() 24 | } 25 | 26 | var result []string 27 | 28 | switch os.Args[1] { 29 | case "sub": 30 | input := ScanTargets() 31 | conf := ScanBurpConfFile() 32 | result = checkSubs(input, conf) 33 | case "url": 34 | input := ScanTargets() 35 | conf := ScanBurpConfFile() 36 | result = checkUrls(input, conf) 37 | default: 38 | help() 39 | } 40 | 41 | for _, elem := range result { 42 | fmt.Println(elem) 43 | } 44 | } 45 | 46 | // help shows the usage. 47 | func help() { 48 | var usage = `Take as input on stdin a list of urls or subdomains and a BurpSuite Configuration file and print on stdout all in scope items. 49 | $> cat urls | bbscope url target-scope.json 50 | $> cat subs | bbscope sub target-scope.json` 51 | 52 | fmt.Println() 53 | fmt.Println(usage) 54 | fmt.Println() 55 | os.Exit(0) 56 | } 57 | 58 | type BurpSuiteConfiguration struct { 59 | Target Target `json:"target"` 60 | } 61 | 62 | type Target struct { 63 | Scope Scope `json:"scope"` 64 | } 65 | 66 | type Scope struct { 67 | AdvancedMode bool `json:"advanced_mode"` 68 | Exclude []Domain `json:"exclude"` 69 | Include []Domain `json:"include"` 70 | } 71 | 72 | type Domain struct { 73 | Enabled bool `json:"enabled"` 74 | File string `json:"file"` 75 | Host string `json:"host"` 76 | Port string `json:"port"` 77 | Protocol string `json:"protocol"` 78 | } 79 | 80 | // ScanTargets returns the array of elements 81 | // taken as input on stdin. 82 | func ScanTargets() []string { 83 | var result []string 84 | // accept domains on stdin. 85 | sc := bufio.NewScanner(os.Stdin) 86 | 87 | for sc.Scan() { 88 | domain := strings.ToLower(sc.Text()) 89 | result = append(result, domain) 90 | } 91 | 92 | return golazy.RemoveDuplicateValues(result) 93 | } 94 | 95 | // ScanBurpConfFile returns the struct of the configuration file. 96 | func ScanBurpConfFile() BurpSuiteConfiguration { 97 | jsonFile, err := os.Open(os.Args[2]) 98 | if err != nil { 99 | fmt.Println(err) 100 | jsonFile.Close() 101 | os.Exit(1) 102 | } 103 | 104 | byteValue, err := ioutil.ReadAll(jsonFile) 105 | if err != nil { 106 | fmt.Println(err) 107 | jsonFile.Close() 108 | os.Exit(1) 109 | } 110 | 111 | var conf BurpSuiteConfiguration 112 | 113 | err = json.Unmarshal(byteValue, &conf) 114 | if err != nil { 115 | fmt.Println(err) 116 | jsonFile.Close() 117 | os.Exit(1) 118 | } 119 | 120 | jsonFile.Close() 121 | 122 | return conf 123 | } 124 | 125 | // GetProtocol. 126 | func GetProtocol(input string) string { 127 | res := strings.Index(input, "://") 128 | if res >= 0 { 129 | return input[:res] 130 | } else { 131 | return "" 132 | } 133 | } 134 | 135 | // checkSubs returns a slice of string containing only the in scope subdomains. 136 | func checkSubs(input []string, conf BurpSuiteConfiguration) []string { 137 | var result []string 138 | 139 | for _, item := range input { 140 | if GetProtocol(item) == "" { 141 | item = "http://" + item 142 | } 143 | 144 | u, err := url.Parse(item) 145 | if err != nil { 146 | continue 147 | } 148 | 149 | subdomain := u.Host 150 | 151 | for _, excluded := range conf.Target.Scope.Exclude { 152 | r, _ := regexp.Compile(excluded.Host) 153 | if r.MatchString(subdomain) { 154 | break 155 | } 156 | } 157 | 158 | for _, included := range conf.Target.Scope.Include { 159 | r, _ := regexp.Compile(included.Host) 160 | if r.MatchString(subdomain) { 161 | result = append(result, subdomain) 162 | break 163 | } 164 | } 165 | } 166 | 167 | return result 168 | } 169 | 170 | // checkUrls returns a slice of string containing only the in scope urls. 171 | func checkUrls(input []string, conf BurpSuiteConfiguration) []string { 172 | var result []string 173 | 174 | for _, item := range input { 175 | if GetProtocol(item) == "" { 176 | continue 177 | } 178 | 179 | u, err := url.Parse(item) 180 | if err != nil { 181 | continue 182 | } 183 | 184 | var excludedItem = false 185 | 186 | for _, excluded := range conf.Target.Scope.Exclude { 187 | rHost, _ := regexp.Compile(excluded.Host) 188 | rFile, _ := regexp.Compile(excluded.File) 189 | 190 | if rHost.MatchString(u.Host) && rFile.MatchString(u.Path) { 191 | excludedItem = true 192 | break 193 | } 194 | } 195 | 196 | if excludedItem { 197 | continue 198 | } 199 | 200 | for _, included := range conf.Target.Scope.Include { 201 | rHost, _ := regexp.Compile(included.Host) 202 | rFile, _ := regexp.Compile(included.File) 203 | 204 | if rHost.MatchString(u.Host) && rFile.MatchString(u.Path) { 205 | result = append(result, item) 206 | break 207 | } 208 | } 209 | } 210 | 211 | return result 212 | } 213 | -------------------------------------------------------------------------------- /bbtargets/README.md: -------------------------------------------------------------------------------- 1 | # bbtargets 2 | 3 | **b**ug **b**ounty **targets** 4 | 5 | Produce as output on stdout all the bug bounty targets found on Chaos list by Project Discovery. 6 | 7 | ### Usage 8 | 9 | - `bbtargets` 10 | 11 | ### Output 12 | 13 | ``` 14 | acorns.com 15 | byairbnb.com 16 | luckey.app 17 | withairbnb.com 18 | airbnbcitizen.com 19 | luckey.fr 20 | atairbnb.com 21 | airbnb.com 22 | hoteltonight-test.com 23 | muscache.com 24 | airbnb-aws.com 25 | airbnb.app 26 | luckey.in 27 | luckey.partners 28 | luxuryretreats.com 29 | luckeyhomes.com 30 | urbandoor.com 31 | ... 32 | ``` 33 | -------------------------------------------------------------------------------- /bbtargets/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "encoding/json" 6 | "flag" 7 | "fmt" 8 | "io/ioutil" 9 | "log" 10 | "net/http" 11 | "os" 12 | "strings" 13 | "time" 14 | 15 | "github.com/edoardottt/golazy" 16 | ) 17 | 18 | func main() { 19 | helpPtr := flag.Bool("h", false, "Show usage.") 20 | 21 | flag.Parse() 22 | 23 | if *helpPtr { 24 | help() 25 | } 26 | 27 | output := GetTargets() 28 | if len(output) == 0 { 29 | fmt.Println() 30 | fmt.Println("[ ! ] Error while retrieving targets.") 31 | fmt.Println() 32 | os.Exit(1) 33 | } 34 | 35 | for _, elem := range output { 36 | fmt.Println(elem) 37 | } 38 | } 39 | 40 | // help shows the usage. 41 | func help() { 42 | var usage = `Produce as output on stdout all the bug bounty targets found on Chaos list by Project Discovery. 43 | $> bbtargets` 44 | 45 | fmt.Println() 46 | fmt.Println(usage) 47 | fmt.Println() 48 | os.Exit(0) 49 | } 50 | 51 | // Target is a struct containing informations about 52 | // a single bug bounty program. 53 | type Target struct { 54 | Name string `json:"name"` 55 | URL string `json:"url"` 56 | Bounty bool `json:"bounty"` 57 | Domains []string `json:"domains"` 58 | } 59 | 60 | // Programs is a struct containing informations about 61 | // all the programs. 62 | type Programs struct { 63 | Targets []Target `json:"programs"` 64 | } 65 | 66 | // GetTargets is the function that actually retrieves 67 | // the json file containing the informations. 68 | func GetTargets() []string { 69 | client := http.Client{ 70 | Timeout: 30 * time.Second, 71 | } 72 | 73 | var results Programs 74 | 75 | url := "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json" 76 | resp, err := client.Get(url) 77 | 78 | if err != nil { 79 | return []string{} 80 | } 81 | 82 | defer resp.Body.Close() 83 | 84 | body, _ := ioutil.ReadAll(resp.Body) 85 | 86 | if err := json.Unmarshal(body, &results); err != nil { 87 | return []string{} 88 | } 89 | 90 | var output []string 91 | 92 | for _, res := range results.Targets { 93 | // only programs with bounty. 94 | if res.Bounty { 95 | if strings.Contains(res.URL, "hackerone") || strings.Contains(res.URL, "bugcrowd") || 96 | strings.Contains(res.URL, "intigriti") || strings.Contains(res.URL, "yeswehack") { 97 | output = append(output, cleanIgnored(res.Domains)...) 98 | } 99 | } 100 | } 101 | 102 | return output 103 | } 104 | 105 | // cleanIgnored is the function that clean the results 106 | // from ignored targets. 107 | func cleanIgnored(domains []string) []string { 108 | var ignoredsubs []string 109 | 110 | if _, err := os.Stat("ignored.txt"); err == nil { 111 | var ignored = readFile("ignored.txt") 112 | for _, domain := range domains { 113 | for _, forb := range ignored { 114 | if strings.Contains(domain, forb) { 115 | ignoredsubs = append(ignoredsubs, domain) 116 | } 117 | } 118 | } 119 | } 120 | 121 | return Difference(domains, ignoredsubs) 122 | } 123 | 124 | // Difference returns the elements in `a` that aren't in `b`. 125 | func Difference(a, b []string) []string { 126 | mb := make(map[string]struct{}, len(b)) 127 | 128 | for _, x := range b { 129 | mb[x] = struct{}{} 130 | } 131 | 132 | var diff []string 133 | 134 | for _, x := range a { 135 | if _, found := mb[x]; !found { 136 | diff = append(diff, x) 137 | } 138 | } 139 | 140 | return diff 141 | } 142 | 143 | // readFile. 144 | func readFile(inputFile string) []string { 145 | file, err := os.Open(inputFile) 146 | if err != nil { 147 | log.Fatalf("failed to open %s ", inputFile) 148 | } 149 | 150 | scanner := bufio.NewScanner(file) 151 | scanner.Split(bufio.ScanLines) 152 | 153 | var ( 154 | text = []string{} 155 | dir string 156 | ) 157 | 158 | for scanner.Scan() { 159 | dir = scanner.Text() 160 | if len(dir) > 0 { 161 | text = append(text, dir) 162 | } 163 | } 164 | 165 | file.Close() 166 | 167 | text = golazy.RemoveDuplicateValues(text) 168 | 169 | return text 170 | } 171 | -------------------------------------------------------------------------------- /chainredir/README.md: -------------------------------------------------------------------------------- 1 | # chainredir 2 | 3 | **chain** **redir**edicts 4 | 5 | Take as input a URL and print on stdout all the redirects. 6 | 7 | 8 | ### Usage 9 | 10 | `chainredir http://example.com` 11 | 12 | ### Output 13 | 14 | ``` 15 | 16 | [>] http://edoardottt.com 301 Moved Permanently 17 | 18 | [>] https://edoardottt.com/ 200 OK 19 | 20 | ``` 21 | -------------------------------------------------------------------------------- /chainredir/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | "fmt" 6 | "net/http" 7 | "net/url" 8 | "os" 9 | ) 10 | 11 | func main() { 12 | helpPtr := flag.Bool("h", false, "Show usage.") 13 | 14 | flag.Parse() 15 | 16 | if *helpPtr { 17 | help() 18 | } 19 | 20 | input := ScanTarget() 21 | if !IsURL(input) { 22 | fmt.Println("Please enter a valid url.") 23 | os.Exit(1) 24 | } 25 | 26 | redirects := ScanRedirects(input) 27 | 28 | fmt.Println() 29 | 30 | for _, elem := range redirects { 31 | fmt.Println("[>] " + elem.URL + " " + elem.Code) 32 | fmt.Println() 33 | } 34 | } 35 | 36 | // help shows the usage. 37 | func help() { 38 | fmt.Println() 39 | 40 | var usage = `Take as input a URL and print on stdout all the redirects. 41 | $> chainredir http://example.com` 42 | 43 | fmt.Println(usage) 44 | fmt.Println() 45 | os.Exit(0) 46 | } 47 | 48 | // ScanTarget return the element 49 | // taken as input. 50 | func ScanTarget() string { 51 | if len(os.Args) < 2 { 52 | fmt.Println("usage: chainredir ") 53 | os.Exit(1) 54 | } 55 | 56 | return os.Args[1] 57 | } 58 | 59 | // Redirect Struct. 60 | type Redirect struct { 61 | URL string 62 | Code string 63 | } 64 | 65 | // ScanRedirects. 66 | func ScanRedirects(input string) []Redirect { 67 | result := []Redirect{} 68 | nextURL := input 69 | 70 | var i int 71 | for i < 1000 { 72 | client := &http.Client{ 73 | CheckRedirect: func(req *http.Request, via []*http.Request) error { 74 | return http.ErrUseLastResponse 75 | }} 76 | 77 | if len(nextURL) == 0 { 78 | break 79 | } 80 | 81 | if nextURL[0] == '/' { 82 | nextURL = ExtractHost(result[len(result)-1].URL) + nextURL 83 | } 84 | 85 | resp, err := client.Get(nextURL) 86 | if err != nil { 87 | panic(err) 88 | } 89 | 90 | if resp.StatusCode == 200 { 91 | output := Redirect{URL: resp.Request.URL.String(), Code: resp.Status} 92 | result = append(result, output) 93 | 94 | break 95 | } else { 96 | nextURL = resp.Header.Get("Location") 97 | output := Redirect{URL: resp.Request.URL.String(), Code: resp.Status} 98 | result = append(result, output) 99 | i += 1 100 | } 101 | 102 | resp.Body.Close() 103 | } 104 | 105 | return result 106 | } 107 | 108 | // IsURL. 109 | func IsURL(input string) bool { 110 | u, err := url.Parse(input) 111 | if err != nil { 112 | panic(err) 113 | } 114 | 115 | if u.Scheme != "" && u.Host != "" { 116 | return true 117 | } 118 | 119 | return false 120 | } 121 | 122 | // ExtractHost. 123 | func ExtractHost(input string) string { 124 | u, err := url.Parse(input) 125 | if err != nil { 126 | return "" 127 | } 128 | 129 | return u.Scheme + u.Host 130 | } 131 | -------------------------------------------------------------------------------- /checkbypass/README.md: -------------------------------------------------------------------------------- 1 | # checkbypass 2 | 3 | **check** **bypass** 4 | 5 | Take as input on stdin a payload and print on stdout all the successful WAF bypasses. 6 | 7 | ### Usage 8 | 9 | - `checkbypass -p ""` 10 | 11 | ### Output 12 | 13 | ``` 14 | [ BYPASSED ] Cloudflare : https://www.cloudflare.com/?=test%3Dciaoooo 15 | [ BYPASSED ] Akamai : https://www.akamai.com/?=test%3Dciaoooo 16 | [ BYPASSED ] F5 : https://www.f5.com/?=test%3Dciaoooo 17 | [ BYPASSED ] CloudFront : https://docs.aws.amazon.com/?=test%3Dciaoooo 18 | [ BYPASSED ] Fortiweb : https://www.fortinet.com/?=test%3Dciaoooo 19 | [ BYPASSED ] Sucuri : https://sucuri.net/?=test%3Dciaoooo 20 | ``` 21 | -------------------------------------------------------------------------------- /checkbypass/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "flag" 5 | "fmt" 6 | "io/ioutil" 7 | "net/http" 8 | "net/url" 9 | "os" 10 | "runtime" 11 | "strings" 12 | "time" 13 | ) 14 | 15 | var Reset = "\033[0m" 16 | var Red = "\033[31m" 17 | var Green = "\033[32m" 18 | 19 | func main() { 20 | if runtime.GOOS == "windows" { 21 | Reset = "" 22 | Red = "" 23 | Green = "" 24 | } 25 | 26 | helpPtr := flag.Bool("h", false, "Show usage.") 27 | payloadPtr := flag.String("p", "", "Input payload.") 28 | 29 | flag.Parse() 30 | 31 | if *helpPtr { 32 | help() 33 | } 34 | 35 | if *payloadPtr != "" { 36 | TestWAF(*payloadPtr) 37 | } else { 38 | fmt.Println("Payload required.") 39 | os.Exit(1) 40 | } 41 | } 42 | 43 | // help shows the usage. 44 | func help() { 45 | var usage = `Take as input on stdin a payload and print on stdout all the successful WAF bypasses. 46 | $> checkbypass -p ""` 47 | 48 | fmt.Println() 49 | fmt.Println(usage) 50 | fmt.Println() 51 | os.Exit(0) 52 | } 53 | 54 | // ReplaceParameters. 55 | func ReplaceParameters(input string, payload string) string { 56 | u, err := url.Parse(input) 57 | if err != nil { 58 | return "" 59 | } 60 | 61 | decodedValue, err := url.QueryUnescape(u.RawQuery) 62 | if err != nil { 63 | return "" 64 | } 65 | 66 | var queryResult = "" 67 | 68 | couples := strings.Split(decodedValue, "&") 69 | for _, pair := range couples { 70 | values := strings.Split(pair, "=") 71 | queryResult += values[0] + "=" + url.QueryEscape(payload) + "&" 72 | } 73 | 74 | return u.Scheme + "://" + u.Host + u.Path + "?" + queryResult[:len(queryResult)-1] 75 | } 76 | 77 | // GetRequest performs a GET request. 78 | func GetRequest(target string) (string, error) { 79 | var netClient = &http.Client{ 80 | Timeout: time.Second * 20, 81 | } 82 | 83 | resp, err := netClient.Get(target) 84 | if err != nil { 85 | return "", err 86 | } 87 | 88 | defer resp.Body.Close() 89 | 90 | // We Read the response body on the line below. 91 | body, err := ioutil.ReadAll(resp.Body) 92 | if err != nil { 93 | return "", err 94 | } 95 | 96 | // Convert the body to type string. 97 | sb := string(body) 98 | 99 | return sb, nil 100 | } 101 | 102 | type WAF struct { 103 | Name string 104 | URL string 105 | BlockedString string 106 | } 107 | 108 | var wafs = []WAF{ 109 | {"Cloudflare", 110 | "https://www.cloudflare.com/", 111 | "you have been blocked"}, 112 | {"Akamai", 113 | "https://www.akamai.com/", 114 | "You don't have permission to access"}, 115 | {"F5", 116 | "https://www.f5.com/", 117 | "The requested URL was rejected. Please consult with your administrator."}, 118 | {"CloudFront", 119 | "https://docs.aws.amazon.com/", 120 | "Generated by cloudfront (CloudFront)"}, 121 | {"Imperva", 122 | "https://www.imperva.com/", 123 | "Request unsuccessful. Incapsula incident ID"}, 124 | {"Sucuri", 125 | "https://sucuri.net/", 126 | "Sucuri WebSite Firewall - Access Denied"}, 127 | /* 128 | Missing: 129 | - Fortiweb 130 | - Wordfence 131 | - Azure WAF 132 | - Barracuda 133 | */ 134 | /* 135 | {"Fortiweb", 136 | "https://www.fortinet.com/", // THIS IS NOT BEHIND FORTIWEB ! 137 | "Web Page Blocked"}, 138 | */ 139 | 140 | /* 141 | {"Wordfence", 142 | "https://www.wordfence.com/products/", // THIS IS NOT BEHIND WORDFENCE ! 143 | "Your access to this service has been limited. (HTTP response code 403)"},*/ 144 | } 145 | 146 | // TestWAF. 147 | func TestWAF(payload string) { 148 | var distance = 12 149 | 150 | for _, elem := range wafs { 151 | url := ReplaceParameters(elem.URL, "test="+payload) 152 | 153 | resp, err := GetRequest(url) 154 | if err != nil { 155 | fmt.Println(Red + "[ ERROR:-( ] " + Reset + err.Error()) 156 | continue 157 | } 158 | 159 | if strings.Contains(resp, elem.BlockedString) { 160 | fmt.Println(Red + "[ BLOCKED! ] " + Reset + elem.Name + strings.Repeat(" ", distance-len(elem.Name)) + " : " + url) 161 | continue 162 | } 163 | 164 | fmt.Println(Green + "[ BYPASSED ] " + Reset + elem.Name + strings.Repeat(" ", distance-len(elem.Name)) + " : " + url) 165 | } 166 | } 167 | -------------------------------------------------------------------------------- /cleanpath/README.md: -------------------------------------------------------------------------------- 1 | # cleanpath 2 | 3 | **clean** **path**s 4 | 5 | Take as input on stdin a list of urls/paths and print on stdout all the unique paths (at any level). 6 | 7 | ### Input 8 | 9 | ``` 10 | https://google.com/ 11 | https://example.com/api 12 | http://example.com/books/all 13 | https://example.com/books/all/1.pdf 14 | books/all/2.pdf 15 | http://noredirect.com/nor 16 | https://redirect-no.fr/blocked 17 | ``` 18 | 19 | ### Usage 20 | 21 | - `cat input | cleanpath` 22 | 23 | ### Output 24 | 25 | ``` 26 | api 27 | api/level1 28 | api/level1/level2 29 | static 30 | search 31 | search/advanced 32 | about 33 | books 34 | books/all 35 | books/all/1.pdf 36 | books/all/2.pdf 37 | trends 38 | trends/1 39 | trends/1/2 40 | trends/1/2/3 41 | ``` 42 | -------------------------------------------------------------------------------- /cleanpath/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "net/url" 8 | "os" 9 | "strings" 10 | 11 | "github.com/edoardottt/golazy" 12 | ) 13 | 14 | func main() { 15 | helpPtr := flag.Bool("h", false, "Show usage.") 16 | 17 | flag.Parse() 18 | 19 | if *helpPtr { 20 | help() 21 | } 22 | 23 | input := ScanTargets() 24 | output := GetPaths(golazy.RemoveDuplicateValues(input)) 25 | 26 | for _, elem := range output { 27 | fmt.Println(elem) 28 | } 29 | } 30 | 31 | // help shows the usage. 32 | func help() { 33 | var usage = `Take as input on stdin a list of urls/paths and print on stdout all the unique paths (at any level). 34 | $> cat input | cleanpath` 35 | 36 | fmt.Println() 37 | fmt.Println(usage) 38 | fmt.Println() 39 | os.Exit(0) 40 | } 41 | 42 | // ScanTargets return the array of elements 43 | // taken as input on stdin. 44 | func ScanTargets() []string { 45 | var result []string 46 | 47 | // accept domains on stdin 48 | sc := bufio.NewScanner(os.Stdin) 49 | for sc.Scan() { 50 | domain := strings.ToLower(sc.Text()) 51 | result = append(result, domain) 52 | } 53 | 54 | return result 55 | } 56 | 57 | // GetPaths. 58 | func GetPaths(s []string) []string { 59 | var result []string 60 | 61 | for _, elem := range s { 62 | if len(elem) != 0 { 63 | var paths []string 64 | 65 | if golazy.HasProtocol(elem) { 66 | if GetPath(elem) != "" { 67 | paths = GetAllLevelsPaths(GetPath(elem)) 68 | } 69 | } else { 70 | if elem[0] == '/' { 71 | elem = elem[1:] 72 | } 73 | paths = GetAllLevelsPaths(elem) 74 | } 75 | 76 | if len(paths) != 0 { 77 | result = append(result, paths...) 78 | } 79 | } 80 | } 81 | 82 | return golazy.RemoveDuplicateValues(result) 83 | } 84 | 85 | // RemoveProtocol. 86 | func RemoveProtocol(input string) string { 87 | res := strings.Index(input, "://") 88 | if res >= 0 { 89 | return input[res+3:] 90 | } else { 91 | return input 92 | } 93 | } 94 | 95 | // GetPath. 96 | func GetPath(input string) string { 97 | u, err := url.Parse(input) 98 | if err != nil { 99 | return "" 100 | } 101 | 102 | if len(u.Path) > 1 { 103 | return u.Path[1:] 104 | } else { 105 | return "" 106 | } 107 | } 108 | 109 | // GetAllLevelsPaths. 110 | func GetAllLevelsPaths(input string) []string { 111 | if input == "" { 112 | return []string{} 113 | } 114 | 115 | var result []string 116 | 117 | if input[len(input)-1] != '/' { 118 | input += "/" 119 | } 120 | 121 | var elems = strings.Split(input, "/") 122 | if len(elems) == 2 { 123 | return []string{elems[0]} 124 | } 125 | 126 | for i := range elems { 127 | if elems[i] == "*" { 128 | break 129 | } 130 | 131 | for j := 1; j < i; j++ { 132 | if strings.Contains(elems[j], "*") || elems[j] == "*" { 133 | break 134 | } 135 | 136 | resTemp := strings.Join(elems[:j+1], "/") 137 | result = append(result, resTemp) 138 | } 139 | } 140 | 141 | return golazy.RemoveDuplicateValues(result) 142 | } 143 | -------------------------------------------------------------------------------- /doomxss/README.md: -------------------------------------------------------------------------------- 1 | # doomxss 2 | 3 | **dom** **xss** sinks finder 4 | 5 | Take as input on stdin a list of html/js file urls and print on stdout all the possible DOM XSS sinks found. 6 | 7 | ### Input 8 | 9 | ``` 10 | https://example.com/main.js 11 | https://test2.test.com/user-display.js 12 | https://sub2.sub1.test.com/user-display.html 13 | https://example.com/script.js 14 | https://bersaglio.it/checks.html 15 | ... 16 | ``` 17 | 18 | ### Usage 19 | 20 | - `cat urls | doomxss` 21 | 22 | ### Output 23 | 24 | ``` 25 | [ location.href= ] https://example.com/script.js 26 | [ document.referrer= ] https://target.dom/alert.js 27 | [ eval( ] https://bersaglio.it/checks.html 28 | ``` 29 | -------------------------------------------------------------------------------- /doomxss/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "io/ioutil" 8 | "net/http" 9 | "os" 10 | "strings" 11 | "sync" 12 | 13 | "github.com/edoardottt/golazy" 14 | ) 15 | 16 | func main() { 17 | helpPtr := flag.Bool("h", false, "Show usage.") 18 | 19 | flag.Parse() 20 | 21 | if *helpPtr { 22 | help() 23 | } 24 | 25 | input := ScanTargets() 26 | results := RetrieveContents(golazy.RemoveDuplicateValues(input)) 27 | 28 | for _, elem := range results { 29 | fmt.Println("[ " + elem.Sink + " ] " + elem.URL) 30 | } 31 | } 32 | 33 | // help shows the usage. 34 | func help() { 35 | var usage = `Take as input on stdin a list of html/js file urls and print on stdout all the possible DOM XSS sinks found. 36 | $> cat urls | doomxss` 37 | 38 | fmt.Println() 39 | fmt.Println(usage) 40 | fmt.Println() 41 | os.Exit(0) 42 | } 43 | 44 | // ScanTargets return the array of elements 45 | // taken as input on stdin. 46 | func ScanTargets() []string { 47 | var result []string 48 | // accept domains on stdin. 49 | sc := bufio.NewScanner(os.Stdin) 50 | 51 | for sc.Scan() { 52 | domain := strings.ToLower(sc.Text()) 53 | result = append(result, domain) 54 | } 55 | 56 | return result 57 | } 58 | 59 | type Result struct { 60 | Sink string 61 | URL string 62 | } 63 | 64 | // RetrieveContents. 65 | func RetrieveContents(input []string) []Result { 66 | var ( 67 | result = []Result{} 68 | mutex = &sync.Mutex{} 69 | ) 70 | 71 | limiter := make(chan string, 10) // Limits simultaneous requests. 72 | wg := sync.WaitGroup{} // Needed to not prematurely exit before all requests have been finished. 73 | 74 | for _, domain := range input { 75 | limiter <- domain 76 | 77 | wg.Add(1) 78 | 79 | go func(domain string) { 80 | defer wg.Done() 81 | defer func() { <-limiter }() 82 | 83 | resp, err := http.Get(domain) 84 | 85 | mutex.Lock() 86 | 87 | if err == nil { 88 | body, err := ioutil.ReadAll(resp.Body) 89 | if err == nil && len(body) != 0 { 90 | // Convert the body to type string. 91 | sb := string(body) 92 | results := CheckSinks(sb, domain) 93 | result = append(result, results...) 94 | } 95 | 96 | resp.Body.Close() 97 | } 98 | mutex.Unlock() 99 | }(domain) 100 | } 101 | 102 | wg.Wait() 103 | 104 | return result 105 | } 106 | 107 | // CheckSinks returns a slice containing all 108 | // the probable sinks in the body. 109 | func CheckSinks(body string, url string) []Result { 110 | var result []Result 111 | 112 | toCheck := strings.ToLower(body) 113 | toCheck2 := strings.ReplaceAll(toCheck, " ", "") 114 | 115 | for _, sink := range sinks { 116 | if strings.Contains(toCheck2, sink) { 117 | res := Result{Sink: sink, URL: url} 118 | result = append(result, res) 119 | } 120 | } 121 | 122 | return result 123 | } 124 | 125 | var sinks = []string{ 126 | "document.url=", 127 | "document.documenturi=", 128 | "document.urlencoded=", 129 | "document.baseuri=", 130 | "location=", 131 | "location.href=", 132 | "location.search=", 133 | "location.hash=", 134 | "location.pathname=", 135 | "document.cookie=", 136 | "document.referrer=", 137 | "window.name=", 138 | "history.pushstate(", 139 | "history.replacestate(", 140 | "localstorage.setitem(", 141 | "localstorage.getitem(", 142 | "sessionstorage=", 143 | "document.write(", 144 | "document.writeIn(", 145 | "innerHTML=", 146 | "outerHTML=", 147 | "eval(", 148 | "setTimeout(", 149 | "setInterval(", 150 | "{{__html", // REACT 151 | } 152 | -------------------------------------------------------------------------------- /eae/README.md: -------------------------------------------------------------------------------- 1 | # eae 2 | 3 | **e**xtract **a**ll **e**xtensions 4 | 5 | Take as input on stdin a list of urls and print on stdout all the extensions sorted. 6 | 7 | ### Input 8 | 9 | ``` 10 | https://example.com/main.zip 11 | https://example.com/main.php 12 | https://test.it/main.bz2 13 | https://test.it/ 14 | ... 15 | ``` 16 | 17 | ### Usage 18 | 19 | `cat urls | eae` 20 | 21 | ### Output 22 | 23 | ``` 24 | [ 1434 ] .jpg 25 | [ 583 ] .png 26 | [ 571 ] .gif 27 | [ 27 ] .exe 28 | [ 24 ] .zip 29 | [ 18 ] .bz2 30 | [ 12 ] .html 31 | [ 10 ] .wav 32 | [ 7 ] .css 33 | [ 7 ] .cab 34 | [ 7 ] .pdf 35 | [ 6 ] .txt 36 | [ 5 ] .rar 37 | [ 4 ] .c 38 | [ 4 ] .mp3 39 | [ 3 ] .php 40 | [ 3 ] .avi 41 | [ 3 ] .reg 42 | [ 3 ] .wmv 43 | ``` 44 | -------------------------------------------------------------------------------- /eae/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "net/url" 8 | "os" 9 | "sort" 10 | "strings" 11 | 12 | "github.com/edoardottt/golazy" 13 | ) 14 | 15 | func main() { 16 | helpPtr := flag.Bool("h", false, "Show usage.") 17 | 18 | flag.Parse() 19 | 20 | if *helpPtr { 21 | help() 22 | } 23 | 24 | extractExtensions(ScanTargets()) 25 | } 26 | 27 | // help shows the usage. 28 | func help() { 29 | var usage = `Take as input on stdin a list of urls and print on stdout all the extensions sorted. 30 | $> cat urls | eae` 31 | 32 | fmt.Println() 33 | fmt.Println(usage) 34 | fmt.Println() 35 | os.Exit(0) 36 | } 37 | 38 | // ScanTargets return the array of elements 39 | // taken as input on stdin. 40 | func ScanTargets() []string { 41 | var result []string 42 | 43 | // accept domains on stdin. 44 | sc := bufio.NewScanner(os.Stdin) 45 | for sc.Scan() { 46 | domain := strings.ToLower(sc.Text()) 47 | result = append(result, domain) 48 | } 49 | 50 | return golazy.RemoveDuplicateValues(result) 51 | } 52 | 53 | // extractExtensions. 54 | func extractExtensions(input []string) { 55 | set := make(map[string]int) 56 | 57 | for _, elem := range input { 58 | u, err := url.Parse(elem) 59 | if err == nil { 60 | elem = u.Path 61 | 62 | firstIndex := strings.Index(elem, "?") 63 | if firstIndex > -1 { 64 | elem = elem[:firstIndex] 65 | } 66 | 67 | i := strings.LastIndex(elem, ".") 68 | if i >= 0 { 69 | extension := elem[i:] 70 | 71 | _, exists := set[extension] 72 | if exists { 73 | set[extension] += 1 74 | } else { 75 | set[extension] = 1 76 | } 77 | } 78 | } 79 | } 80 | 81 | // sort reverse. 82 | var ( 83 | n = map[int][]string{} 84 | a = []int{} 85 | ) 86 | 87 | for k, v := range set { 88 | n[v] = append(n[v], k) 89 | } 90 | 91 | for k := range n { 92 | a = append(a, k) 93 | } 94 | 95 | sort.Sort(sort.Reverse(sort.IntSlice(a))) 96 | 97 | for _, k := range a { 98 | for _, s := range n[k] { 99 | fmt.Printf("[ %d ] %s\n", k, s) 100 | } 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /eah/README.md: -------------------------------------------------------------------------------- 1 | # eah 2 | 3 | **e**xtract **a**ll **h**osts 4 | 5 | Take as input on stdin a list of urls and print on stdout all the hosts sorted. 6 | 7 | ### Input 8 | 9 | ``` 10 | https://example.com/file?p=1&id=1 11 | https://example.com/2?a="&page=!&url=1 12 | https://www.google.com/file?redir_url=2 13 | https://example.com/file?1=2?utm=cc 14 | https://example.com/2?d=2?hl=1 15 | https://www.google.com/file?hl=2 16 | ... 17 | ``` 18 | 19 | ### Usage 20 | 21 | `cat urls | eah` 22 | 23 | ### Output 24 | 25 | ``` 26 | [ 1148 ] www.google.com 27 | [ 934 ] linux.com 28 | [ 73 ] store.microsoft.com 29 | [ 21 ] hackerone.com 30 | ``` 31 | -------------------------------------------------------------------------------- /eah/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "net/url" 8 | "os" 9 | "sort" 10 | "strings" 11 | 12 | "github.com/edoardottt/golazy" 13 | ) 14 | 15 | func main() { 16 | helpPtr := flag.Bool("h", false, "Show usage.") 17 | 18 | flag.Parse() 19 | 20 | if *helpPtr { 21 | help() 22 | } 23 | 24 | set := make(map[string]int) 25 | 26 | input := ScanTargets() 27 | for _, elem := range input { 28 | host := GetHost(elem) 29 | if host != "" { 30 | _, exists := set[host] 31 | if exists { 32 | set[host] += 1 33 | } else { 34 | set[host] = 1 35 | } 36 | } 37 | } 38 | 39 | // sort reverse. 40 | var ( 41 | n = map[int][]string{} 42 | a = []int{} 43 | ) 44 | 45 | for k, v := range set { 46 | n[v] = append(n[v], k) 47 | } 48 | 49 | for k := range n { 50 | a = append(a, k) 51 | } 52 | 53 | sort.Sort(sort.Reverse(sort.IntSlice(a))) 54 | 55 | for _, k := range a { 56 | for _, s := range n[k] { 57 | fmt.Printf("[ %d ] %s\n", k, s) 58 | } 59 | } 60 | } 61 | 62 | // help shows the usage. 63 | func help() { 64 | var usage = `Take as input on stdin a list of urls and print on stdout all the hosts sorted. 65 | $> cat urls | eah` 66 | 67 | fmt.Println() 68 | fmt.Println(usage) 69 | fmt.Println() 70 | os.Exit(0) 71 | } 72 | 73 | // ScanTargets return the array of elements 74 | // taken as input on stdin. 75 | func ScanTargets() []string { 76 | var result []string 77 | 78 | // accept domains on stdin. 79 | sc := bufio.NewScanner(os.Stdin) 80 | for sc.Scan() { 81 | domain := strings.ToLower(sc.Text()) 82 | result = append(result, domain) 83 | } 84 | 85 | return golazy.RemoveDuplicateValues(result) 86 | } 87 | 88 | // GetHost. 89 | func GetHost(input string) string { 90 | u, err := url.Parse(input) 91 | if err != nil { 92 | return "" 93 | } 94 | 95 | return u.Host 96 | } 97 | -------------------------------------------------------------------------------- /eap/README.md: -------------------------------------------------------------------------------- 1 | # eap 2 | 3 | **e**xtract **a**ll **p**rotocols 4 | 5 | Take as input on stdin a list of urls and print on stdout all the protocols sorted by count. 6 | 7 | ### Input 8 | 9 | ``` 10 | https://example.com/file?p=1&id=1 11 | https://example.com/2?a="&page=!&url=1 12 | https://www.example.com/file?redir_url=2 13 | https://example.com/file?1=2?utm=cc 14 | https://example.com/2?d=2?hl=1 15 | https://www.example.com/file?hl=2 16 | ... 17 | ``` 18 | 19 | ### Usage 20 | 21 | `cat urls | eap` 22 | 23 | ### Output 24 | 25 | ``` 26 | [ 2458 ] http 27 | [ 314 ] https 28 | [ 21 ] ftp 29 | [ 2 ] s3 30 | ``` 31 | -------------------------------------------------------------------------------- /eap/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "os" 8 | "sort" 9 | "strings" 10 | 11 | "github.com/edoardottt/golazy" 12 | ) 13 | 14 | func main() { 15 | helpPtr := flag.Bool("h", false, "Show usage.") 16 | 17 | flag.Parse() 18 | 19 | if *helpPtr { 20 | help() 21 | } 22 | 23 | set := make(map[string]int) 24 | 25 | input := ScanTargets() 26 | for _, elem := range input { 27 | protocol := GetProtocol(elem) 28 | if protocol != "" { 29 | _, exists := set[protocol] 30 | if exists { 31 | set[protocol] += 1 32 | } else { 33 | set[protocol] = 1 34 | } 35 | } 36 | } 37 | 38 | // sort reverse. 39 | var ( 40 | n = map[int][]string{} 41 | a = []int{} 42 | ) 43 | 44 | for k, v := range set { 45 | n[v] = append(n[v], k) 46 | } 47 | 48 | for k := range n { 49 | a = append(a, k) 50 | } 51 | 52 | sort.Sort(sort.Reverse(sort.IntSlice(a))) 53 | 54 | for _, k := range a { 55 | for _, s := range n[k] { 56 | fmt.Printf("[ %d ] %s\n", k, s) 57 | } 58 | } 59 | } 60 | 61 | // help shows the usage. 62 | func help() { 63 | var usage = `Take as input on stdin a list of urls and print on stdout all the protocols sorted. 64 | $> cat urls | eap` 65 | 66 | fmt.Println() 67 | fmt.Println(usage) 68 | fmt.Println() 69 | os.Exit(0) 70 | } 71 | 72 | // ScanTargets return the array of elements 73 | // taken as input on stdin. 74 | func ScanTargets() []string { 75 | var result []string 76 | // accept domains on stdin. 77 | sc := bufio.NewScanner(os.Stdin) 78 | for sc.Scan() { 79 | domain := strings.ToLower(sc.Text()) 80 | result = append(result, domain) 81 | } 82 | 83 | return golazy.RemoveDuplicateValues(result) 84 | } 85 | 86 | // GetProtocol. 87 | func GetProtocol(input string) string { 88 | res := strings.Index(input, "://") 89 | if res >= 0 { 90 | return input[:res] 91 | } else { 92 | return "" 93 | } 94 | } 95 | -------------------------------------------------------------------------------- /eaparam/README.md: -------------------------------------------------------------------------------- 1 | # eaparam 2 | 3 | **e**xtract **a**ll **param**eters 4 | 5 | Take as input on stdin a list of urls and print on stdout all the unique parameters. 6 | 7 | ### Input 8 | 9 | ``` 10 | https://example.com/file?p=1&id=1 11 | https://example.com/2?a="&page=!&url=1 12 | https://www.example.com/file?redir_url=2 13 | https://example.com/file?1=2?utm=cc 14 | https://example.com/2?d=2?hl=1 15 | https://www.example.com/file?hl=2 16 | ``` 17 | 18 | ### Usage 19 | 20 | `cat urls | eaparam` 21 | 22 | ### Output 23 | 24 | ``` 25 | id 26 | page 27 | url 28 | redir_url 29 | utm 30 | hl 31 | ``` 32 | -------------------------------------------------------------------------------- /eaparam/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "net/url" 8 | "os" 9 | "strings" 10 | 11 | "github.com/edoardottt/golazy" 12 | ) 13 | 14 | func main() { 15 | helpPtr := flag.Bool("h", false, "Show usage.") 16 | 17 | flag.Parse() 18 | 19 | if *helpPtr { 20 | help() 21 | } 22 | 23 | input := ScanTargets() 24 | 25 | var result []string 26 | for _, elem := range input { 27 | result = append(result, ExtractParameters(elem)...) 28 | } 29 | 30 | for _, elem := range golazy.RemoveDuplicateValues(result) { 31 | fmt.Println(elem) 32 | } 33 | } 34 | 35 | // help shows the usage. 36 | func help() { 37 | var usage = `Take as input on stdin a list of urls and print on stdout all the unique parameters. 38 | $> cat urls | eaparam` 39 | 40 | fmt.Println() 41 | fmt.Println(usage) 42 | fmt.Println() 43 | os.Exit(0) 44 | } 45 | 46 | // ScanTargets return the array of elements 47 | // taken as input on stdin. 48 | func ScanTargets() []string { 49 | var result []string 50 | // accept domains on stdin. 51 | sc := bufio.NewScanner(os.Stdin) 52 | 53 | for sc.Scan() { 54 | domain := strings.ToLower(sc.Text()) 55 | result = append(result, domain) 56 | } 57 | 58 | return golazy.RemoveDuplicateValues(result) 59 | } 60 | 61 | // ExtractParameters. 62 | func ExtractParameters(input string) []string { 63 | var result []string 64 | 65 | u, err := url.Parse(input) 66 | if err != nil { 67 | return []string{} 68 | } 69 | 70 | decodedValue, err := url.QueryUnescape(u.RawQuery) 71 | if err != nil { 72 | return []string{} 73 | } 74 | 75 | couples := strings.Split(decodedValue, "&") 76 | for _, pair := range couples { 77 | values := strings.Split(pair, "=") 78 | if values[0] != "" && !strings.Contains(values[0], ";") && !strings.Contains(values[0], "{") && 79 | !strings.Contains(values[0], "}") && !strings.Contains(values[0], "$") && 80 | !strings.Contains(values[0], " ") && !strings.Contains(values[0], "?") && 81 | !strings.Contains(values[0], "/") && !strings.Contains(values[0], "@") && 82 | !strings.Contains(values[0], "(") && !strings.Contains(values[0], ")") && 83 | !strings.Contains(values[0], "\"") && !strings.Contains(values[0], ".") && 84 | !strings.Contains(values[0], "*") { 85 | result = append(result, values[0]) 86 | } 87 | } 88 | 89 | return result 90 | } 91 | -------------------------------------------------------------------------------- /eapath/README.md: -------------------------------------------------------------------------------- 1 | # eapath 2 | 3 | **e**xtract **a**ll **path**s 4 | 5 | Take as input on stdin a list of urls and print on stdout all the unique urls without queries. 6 | 7 | ### Input 8 | 9 | ``` 10 | https://example.com/file?p=1 11 | https://example.com/2?a=" 12 | https://www.example.com/file 13 | https://example.com/file?1=2 14 | https://example.com/2?d=2 15 | https://www.example.com/file 16 | ``` 17 | 18 | ### Usage 19 | 20 | `cat urls | eapath` 21 | 22 | ### Output 23 | 24 | ``` 25 | https://example.com/file 26 | https://example.com/2 27 | https://www.example.com/file 28 | ``` 29 | -------------------------------------------------------------------------------- /eapath/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "net/url" 8 | "os" 9 | "strings" 10 | 11 | "github.com/edoardottt/golazy" 12 | ) 13 | 14 | func main() { 15 | helpPtr := flag.Bool("h", false, "Show usage.") 16 | flag.Parse() 17 | 18 | if *helpPtr { 19 | help() 20 | } 21 | 22 | input := ScanTargets() 23 | 24 | var result []string 25 | 26 | for _, elem := range input { 27 | path := ExtractPath(elem) 28 | if path != "" { 29 | result = append(result, path) 30 | } 31 | } 32 | 33 | for _, elem := range golazy.RemoveDuplicateValues(result) { 34 | fmt.Println(elem) 35 | } 36 | } 37 | 38 | // help shows the usage. 39 | func help() { 40 | var usage = `Take as input on stdin a list of urls and print on stdout all the unique urls without queries. 41 | $> cat urls | eaparam` 42 | 43 | fmt.Println() 44 | fmt.Println(usage) 45 | fmt.Println() 46 | os.Exit(0) 47 | } 48 | 49 | // ScanTargets return the array of elements 50 | // taken as input on stdin. 51 | func ScanTargets() []string { 52 | var result []string 53 | // accept domains on stdin 54 | sc := bufio.NewScanner(os.Stdin) 55 | 56 | for sc.Scan() { 57 | domain := strings.ToLower(sc.Text()) 58 | result = append(result, domain) 59 | } 60 | 61 | return golazy.RemoveDuplicateValues(result) 62 | } 63 | 64 | // ExtractPath. 65 | func ExtractPath(input string) string { 66 | u, err := url.Parse(input) 67 | if err != nil { 68 | return "" 69 | } 70 | 71 | if u.Scheme == "" { 72 | u.Scheme = "http" 73 | } 74 | 75 | if u.Host == "" { 76 | return "" 77 | } 78 | 79 | return u.Scheme + "://" + u.Host + u.Path 80 | } 81 | -------------------------------------------------------------------------------- /earh/README.md: -------------------------------------------------------------------------------- 1 | # earh 2 | 3 | **e**xtract **a**ll **r**oot **h**osts 4 | 5 | Take as input on stdin a list of urls and print on stdout all the unique root hosts. 6 | 7 | ### Input 8 | 9 | ``` 10 | https://example.com/file?p=1&id=1 11 | https://example.com/2?a="&page=!&url=1 12 | https://www.example.com/file?redir_url=2 13 | https://example.com/file?1=2?utm=cc 14 | https://example.com/2?d=2?hl=1 15 | https://www.example.com/file?hl=2 16 | ... 17 | ``` 18 | 19 | ### Usage 20 | 21 | `cat urls | earh` 22 | 23 | ### Output 24 | 25 | ``` 26 | example.com 27 | ``` 28 | -------------------------------------------------------------------------------- /earh/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "errors" 6 | "flag" 7 | "fmt" 8 | "net/url" 9 | "os" 10 | "strings" 11 | 12 | "github.com/edoardottt/golazy" 13 | ) 14 | 15 | var ( 16 | ErrDomainFormat = errors.New("domain formatted in a bad way") 17 | ) 18 | 19 | func main() { 20 | helpPtr := flag.Bool("h", false, "Show usage.") 21 | 22 | flag.Parse() 23 | 24 | if *helpPtr { 25 | help() 26 | } 27 | 28 | set := make(map[string]bool) 29 | 30 | input := ScanTargets() 31 | for _, elem := range input { 32 | rootHost, err := GetRootHost(elem) 33 | if err == nil && rootHost != "" { 34 | _, exists := set[rootHost] 35 | if !exists { 36 | set[rootHost] = true 37 | } 38 | } 39 | } 40 | 41 | for k := range set { 42 | fmt.Println(k) 43 | } 44 | } 45 | 46 | // help shows the usage. 47 | func help() { 48 | var usage = `Take as input on stdin a list of urls and print on stdout all the unique root hosts. 49 | $> cat urls | earh` 50 | 51 | fmt.Println() 52 | fmt.Println(usage) 53 | fmt.Println() 54 | os.Exit(0) 55 | } 56 | 57 | // ScanTargets return the array of elements 58 | // taken as input on stdin. 59 | func ScanTargets() []string { 60 | var result []string 61 | // accept domains on stdin. 62 | sc := bufio.NewScanner(os.Stdin) 63 | for sc.Scan() { 64 | domain := strings.ToLower(sc.Text()) 65 | result = append(result, domain) 66 | } 67 | 68 | return golazy.RemoveDuplicateValues(result) 69 | } 70 | 71 | // GetRootHost takes as input a string and 72 | // tries to parse it as url, if it's a 73 | // well formatted url this function returns 74 | // the second level domain. 75 | func GetRootHost(input string) (string, error) { 76 | if !HasProtocol(input) { 77 | input = "http://" + input 78 | } 79 | 80 | u, err := url.Parse(input) 81 | if err != nil { 82 | return "", err 83 | } 84 | 85 | // divide host and port, then split by dot 86 | parts := strings.Split(strings.Split(u.Host, ":")[0], ".") 87 | // return the last two parts 88 | if len(parts) > 1 { 89 | return parts[len(parts)-2] + "." + parts[len(parts)-1], nil 90 | } 91 | 92 | return "", fmt.Errorf("%w", ErrDomainFormat) 93 | } 94 | 95 | // HasProtocol takes as input a string and 96 | // checks if it has a protocol ( like in a 97 | // URI/URL). 98 | func HasProtocol(input string) bool { 99 | res := strings.Index(input, "://") 100 | return res >= 0 101 | } 102 | -------------------------------------------------------------------------------- /eefjsf/README.md: -------------------------------------------------------------------------------- 1 | # eefjsf 2 | 3 | **e**xtract **e**ndpoints **f**rom **js** **f**iles 4 | 5 | Take as input on stdin a list of js file urls and print on stdout all the unique endpoints found. 6 | 7 | Thanks to [@renniepak](https://twitter.com/renniepak/status/1288371394401783809). 8 | 9 | ### Input 10 | 11 | ``` 12 | https://example.com/main.js 13 | https://test2.test.com/user-display.js 14 | ``` 15 | 16 | ### Usage 17 | 18 | - `cat js-urls | eefjsf` 19 | 20 | ### Output 21 | 22 | ``` 23 | /api 24 | /chat_panel/v2 25 | /embed/video/ 26 | /chat/v2/conversation/download 27 | /chat/v2 28 | /mychats 29 | /tunnel/UI/Login 30 | /hidden 31 | /hidden1 32 | ``` 33 | -------------------------------------------------------------------------------- /eefjsf/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "io/ioutil" 8 | "net/http" 9 | "os" 10 | "regexp" 11 | "strings" 12 | "sync" 13 | 14 | "github.com/edoardottt/golazy" 15 | ) 16 | 17 | func main() { 18 | helpPtr := flag.Bool("h", false, "Show usage.") 19 | 20 | flag.Parse() 21 | 22 | if *helpPtr { 23 | help() 24 | } 25 | 26 | input := ScanTargets() 27 | 28 | results := RetrieveContents(golazy.RemoveDuplicateValues(input), 10) 29 | for _, elem := range results { 30 | fmt.Println(elem[1 : len(elem)-1]) 31 | } 32 | } 33 | 34 | // help shows the usage. 35 | func help() { 36 | var usage = `Take as input on stdin a list of js file urls and print on stdout all the unique endpoints found. 37 | $> cat js-urls | eefjsf` 38 | 39 | fmt.Println() 40 | fmt.Println(usage) 41 | fmt.Println() 42 | os.Exit(0) 43 | } 44 | 45 | // ScanTargets return the array of elements 46 | // taken as input on stdin. 47 | func ScanTargets() []string { 48 | var result []string 49 | 50 | // accept domains on stdin. 51 | sc := bufio.NewScanner(os.Stdin) 52 | for sc.Scan() { 53 | domain := strings.ToLower(sc.Text()) 54 | result = append(result, domain) 55 | } 56 | 57 | return result 58 | } 59 | 60 | // RetrieveContents. 61 | func RetrieveContents(input []string, channels int) []string { 62 | var ( 63 | result = []string{} 64 | mutex = &sync.Mutex{} 65 | ) 66 | 67 | r := regexp.MustCompile(`\"\/[a-zA-Z0-9_\/?=&]*\"`) 68 | 69 | limiter := make(chan string, channels) // Limits simultaneous requests. 70 | wg := sync.WaitGroup{} // Needed to not prematurely exit before all requests have been finished. 71 | 72 | for _, domain := range input { 73 | limiter <- domain 74 | 75 | wg.Add(1) 76 | 77 | go func(domain string) { 78 | defer wg.Done() 79 | defer func() { <-limiter }() 80 | 81 | resp, err := http.Get(domain) 82 | 83 | mutex.Lock() 84 | 85 | if err == nil { 86 | body, err := ioutil.ReadAll(resp.Body) 87 | if err == nil && len(body) != 0 { 88 | // Convert the body to type string. 89 | sb := string(body) 90 | results := r.FindAllString(sb, -1) 91 | result = append(result, golazy.RemoveDuplicateValues(results)...) 92 | } 93 | 94 | resp.Body.Close() 95 | } 96 | mutex.Unlock() 97 | }(domain) 98 | } 99 | 100 | wg.Wait() 101 | 102 | return golazy.RemoveDuplicateValues(result) 103 | } 104 | -------------------------------------------------------------------------------- /genscope/README.md: -------------------------------------------------------------------------------- 1 | # genscope 2 | 3 | **gen**erate **scope** 4 | 5 | Take as input a file containing a list of (sub)domains (wildcards allowed) and produce a BurpSuite Configuration file. 6 | 7 | ### Input 8 | 9 | ``` 10 | example.com 11 | *.example2.com 12 | www.example3.com 13 | *.example4.com 14 | ``` 15 | 16 | ### Usage 17 | 18 | - `genscope domains.txt` -------------------------------------------------------------------------------- /genscope/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/json" 5 | "flag" 6 | "fmt" 7 | "io/ioutil" 8 | "os" 9 | "strings" 10 | 11 | "github.com/edoardottt/golazy" 12 | ) 13 | 14 | func main() { 15 | helpPtr := flag.Bool("h", false, "Show usage.") 16 | 17 | flag.Parse() 18 | 19 | if len(os.Args) < 2 || *helpPtr { 20 | help() 21 | } 22 | 23 | domains := golazy.RemoveDuplicateValues(golazy.ReadFileLineByLine(os.Args[1])) 24 | GenerateDomains(domains) 25 | } 26 | 27 | // help shows the usage. 28 | func help() { 29 | var usage = `Take as input a file containing a list of (sub)domains (wildcards allowed) and produce a BurpSuite Configuration file. 30 | $> genscope domains.txt` 31 | 32 | fmt.Println() 33 | fmt.Println(usage) 34 | fmt.Println() 35 | os.Exit(0) 36 | } 37 | 38 | type BurpSuiteConfiguration struct { 39 | Target Target `json:"target"` 40 | } 41 | 42 | type Target struct { 43 | Scope Scope `json:"scope"` 44 | } 45 | 46 | type Scope struct { 47 | AdvancedMode bool `json:"advanced_mode"` 48 | Exclude []Domain `json:"exclude"` 49 | Include []Domain `json:"include"` 50 | } 51 | 52 | type Domain struct { 53 | Enabled bool `json:"enabled"` 54 | File string `json:"file"` 55 | Host string `json:"host"` 56 | Port string `json:"port"` 57 | Protocol string `json:"protocol"` 58 | } 59 | 60 | // GenerateDomains. 61 | func GenerateDomains(input []string) { 62 | var domains = []Domain{} 63 | 64 | for _, elem := range input { 65 | domain := "^" + strings.ReplaceAll(strings.ReplaceAll(elem, ".", "\\."), "*", ".*") + "$" 66 | // Here add logic for hosts. 67 | dom80 := Domain{Enabled: true, File: "^/.*", Host: domain, Port: "^80$", Protocol: "http"} 68 | dom443 := Domain{Enabled: true, File: "^/.*", Host: domain, Port: "^443$", Protocol: "https"} 69 | domains = append(domains, dom80) 70 | domains = append(domains, dom443) 71 | } 72 | 73 | var result = BurpSuiteConfiguration{Target: Target{Scope: Scope{AdvancedMode: true, Exclude: []Domain{}, Include: domains}}} 74 | 75 | file, _ := json.MarshalIndent(result, "", " ") 76 | 77 | _ = ioutil.WriteFile("genscope.json", file, 0644) 78 | } 79 | -------------------------------------------------------------------------------- /gitdump/README.md: -------------------------------------------------------------------------------- 1 | # gitdump 2 | 3 | **git** **dump**er 4 | 5 | It prints all the matches in a git repository with a specified pattern. 6 | 7 | This is a @tomnomnom tool (https://twitter.com/tomnomnom/status/1133345832688857095). 8 | 9 | ### Install 10 | 11 | - `git clone https://github.com/edoardottt/lit-bb-hack-tools` 12 | - `cd lit-bb-hack-tools/gitdump` 13 | - `chmod +x gitdump` 14 | - `sudo cp gitdump /usr/bin` 15 | 16 | ### Usage 17 | 18 | - `(github-repo)>$ gitdump PATTERN-HERE` 19 | 20 | ### Output 21 | 22 | ``` 23 | (~/github/lit-bb-hack-tools)>$ gitdump func 24 | 25 | func AddHeaders(input string) string { 26 | func AddProtocol(input string) string { 27 | func extractExtensions(input []string) { 28 | func GetHeaders(target string, result map[string][]string) map[string][]string { 29 | func GetOnlySubs(input string) string { 30 | func GetProtocol(input string) string { 31 | func main() { 32 | func removeDuplicateValues(intSlice []string) []string { 33 | func removeDuplicateValues(strSlice []string) []string { 34 | func RemoveHeaders(input string) string { 35 | func RemovePort(input string) string { 36 | func RetrieveHeaders(input []string) { 37 | func ScanFlag() bool { 38 | func ScanTargets() []string { 39 | ``` 40 | -------------------------------------------------------------------------------- /gitdump/gitdump: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | print_usage() { 4 | printf "It prints all the matches in a git repository with a specified pattern.\n\t(github-repo)>$ gitdump PATTERN-HERE\n" 5 | exit 0 6 | } 7 | 8 | while getopts 'h' flag; do 9 | case "${flag}" in 10 | h) print_usage ;; 11 | *) print_usage 12 | exit 1 ;; 13 | esac 14 | done 15 | 16 | { find .git/objects/pack/ -name "*.idx"|while read i;do git show-index < "$i"|awk '{print $2}'; \ 17 | done;find .git/objects/ -type f|grep -v '/pack/'|awk -F'/' '{print $(NF-1)$NF}'; } \ 18 | |while read o;do git cat-file -p $o;done|grep -E $1 | sort | uniq -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/edoardottt/lit-bb-hack-tools 2 | 3 | go 1.18 4 | 5 | require ( 6 | github.com/edoardottt/golazy v0.1.4 7 | github.com/fatih/color v1.18.0 8 | github.com/rodaine/table v1.3.0 9 | ) 10 | 11 | require ( 12 | github.com/mattn/go-colorable v0.1.13 // indirect 13 | github.com/mattn/go-isatty v0.0.20 // indirect 14 | golang.org/x/sys v0.25.0 // indirect 15 | ) 16 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 2 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 3 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 4 | github.com/edoardottt/golazy v0.1.4 h1:TsRFfTpOabiyTyiB2Dm/aR4id5r+ILOxNjYOSkeq8ec= 5 | github.com/edoardottt/golazy v0.1.4/go.mod h1:uZRa3TRYvQSxmbAc7O9+3RelkMu+ACbKiUoy+uPsGVM= 6 | github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= 7 | github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= 8 | github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= 9 | github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= 10 | github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= 11 | github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= 12 | github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= 13 | github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= 14 | github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= 15 | github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= 16 | github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= 17 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 18 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 19 | github.com/rivo/uniseg v0.2.0 h1:S1pD9weZBuJdFmowNwbpi7BJ8TNftyUImj/0WQi72jY= 20 | github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= 21 | github.com/rodaine/table v1.3.0 h1:4/3S3SVkHnVZX91EHFvAMV7K42AnJ0XuymRR2C5HlGE= 22 | github.com/rodaine/table v1.3.0/go.mod h1:47zRsHar4zw0jgxGxL9YtFfs7EGN6B/TaS+/Dmk4WxU= 23 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 24 | github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= 25 | github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= 26 | github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= 27 | github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 28 | github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= 29 | github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= 30 | github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= 31 | github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= 32 | golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 33 | golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 34 | golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= 35 | golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 36 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 37 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 38 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 39 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 40 | -------------------------------------------------------------------------------- /heacoll/README.md: -------------------------------------------------------------------------------- 1 | # heacoll 2 | 3 | **hea**ders **coll**ector 4 | 5 | Take as input on stdin a list of urls and print on stdout all the unique headers found. 6 | 7 | ### Input 8 | 9 | ``` 10 | https://sub1.example.com/path1?param1=value1 11 | https://sub1.example.com/path2 12 | https://sub2.example.com/path3/subpath1/ 13 | https://sub3.example.com/ 14 | ``` 15 | 16 | ### Usage 17 | 18 | `cat urls | heacoll` 19 | 20 | ### Output 21 | 22 | ``` 23 | Date : [Sat, 08 May 2021 14:20:28 GMT Sat, 08 May 2021 14:20:29 GMT Sat, 08 May 2021 14:20:30 GMT] 24 | 25 | X-Content-Type-Options : [nosniff] 26 | 27 | X-Ua-Compatible : [IE=edge] 28 | 29 | Permissions-Policy : [ch-ua-full-version=*, ch-ua-platform=*, ch-ua-platform-version=*, ch-ua-arch=*, ch-ua-model=*] 30 | 31 | X-Frame-Options : [SAMEORIGIN] 32 | 33 | Alt-Svc : [h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"] 34 | 35 | Accept-Ch : [ect,rtt,downlink] 36 | 37 | P3p : [CP="This is not a P3P policy! See g.co/p3phelp for more info." CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=it for more info."] 38 | 39 | Set-Cookie : [CONSENT=PENDING+069; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure session-id=13xx1-xxxx-xx; Domain=.amazon.com; Expires=Sun, 08-May-2022 14:20:29 GMT; Path=/; Secure session-id-time=xxxxxx; Domain=.amazon.com; Expires=Sun, 08-May-2022 14:20:29 GMT; Path=/; Secure i18n-prefs=USD; Domain=.amazon.com; Expires=Sun, 08-May-2022 14:20:29 GMT; Path=/ sp-cdn="L5Z9:IT"; Version=1; Domain=.amazon.com; Max-Age=31536000; Expires=Sun, 08-May-2022 14:20:29 GMT; Path=/; Secure; HttpOnly skin=noskin; path=/; domain=.amazon.com Domain=.youtube.com; Path=/; Secure; HttpOnly; SameSite=none CONSENT=PENDING+120; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.youtube.com; Secure NID=215=xxcx; expires=Sun, 07-Nov-2021 14:20:30 GMT; path=/; domain=.google.it; HttpOnly CONSENT=PENDING+986; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.it; Secure] 40 | 41 | Cache-Control : [private, max-age=0 no-cache no-cache, no-store, max-age=0, must-revalidate] 42 | 43 | Server : [gws Server ESF] 44 | 45 | Vary : [Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-Agent] 46 | 47 | Pragma : [no-cache] 48 | 49 | Expires : [-1 Mon, 01 Jan 1990 00:00:00 GMT] 50 | 51 | X-Xss-Protection : [0 1;] 52 | 53 | Strict-Transport-Security : [max-age=47474747; includeSubDomains; preload max-age=31536000] 54 | 55 | X-Amz-Rid : [xxxxxxxxxxx] 56 | 57 | Content-Language : [en-US] 58 | 59 | Accept-Ch-Lifetime : [86400] 60 | 61 | Content-Type : [text/html; charset=ISO-8859-1 text/html;charset=UTF-8 text/html; charset=utf-8] 62 | 63 | ``` 64 | -------------------------------------------------------------------------------- /heacoll/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "net/http" 8 | "os" 9 | "strings" 10 | "sync" 11 | 12 | "github.com/edoardottt/golazy" 13 | ) 14 | 15 | func main() { 16 | helpPtr := flag.Bool("h", false, "Show usage.") 17 | 18 | flag.Parse() 19 | 20 | if *helpPtr { 21 | help() 22 | } 23 | 24 | RetrieveHeaders(ScanTargets()) 25 | } 26 | 27 | // help shows the usage. 28 | func help() { 29 | var usage = `Take as input on stdin a list of urls and print on stdout all the unique headers found. 30 | $> cat urls | heacoll` 31 | 32 | fmt.Println() 33 | fmt.Println(usage) 34 | fmt.Println() 35 | os.Exit(0) 36 | } 37 | 38 | // ScanTargets return the array of elements 39 | // taken as input on stdin. 40 | func ScanTargets() []string { 41 | var result []string 42 | 43 | // accept domains on stdin 44 | sc := bufio.NewScanner(os.Stdin) 45 | for sc.Scan() { 46 | domain := strings.ToLower(sc.Text()) 47 | result = append(result, domain) 48 | } 49 | 50 | return golazy.RemoveDuplicateValues(result) 51 | } 52 | 53 | // RetrieveHeaders. 54 | func RetrieveHeaders(input []string) { 55 | var ( 56 | result = make(map[string][]string) 57 | mutex = &sync.Mutex{} 58 | ) 59 | 60 | limiter := make(chan string, 10) // Limits simultaneous requests 61 | wg := sync.WaitGroup{} // Needed to not prematurely exit before all requests have been finished 62 | 63 | for _, domain := range input { 64 | limiter <- domain 65 | 66 | wg.Add(1) 67 | 68 | go func(domain string) { 69 | defer wg.Done() 70 | 71 | defer func() { <-limiter }() 72 | 73 | resp, err := http.Get(domain) 74 | 75 | mutex.Lock() 76 | 77 | if err == nil { 78 | for key, elem := range resp.Header { 79 | _, exists := result[key] 80 | if !exists { 81 | result[key] = golazy.RemoveDuplicateValues(elem) 82 | } else { 83 | var update = result[key] 84 | update = append(update, elem...) 85 | result[key] = golazy.RemoveDuplicateValues(update) 86 | } 87 | } 88 | 89 | resp.Body.Close() 90 | } 91 | mutex.Unlock() 92 | }(domain) 93 | } 94 | 95 | wg.Wait() 96 | 97 | for key, elem := range result { 98 | fmt.Printf("%s : %s\n", key, golazy.RemoveDuplicateValues(elem)) 99 | fmt.Println() 100 | } 101 | } 102 | -------------------------------------------------------------------------------- /knoxssme/README.md: -------------------------------------------------------------------------------- 1 | # knoxssme 2 | 3 | **knoxss.me** client 4 | 5 | Take as input on stdin a list of urls and print on stdout the results from Knoxss.me API. 6 | 7 | 8 | > **Note** 9 | > (Only for Linux) Create the configuration file `~/.config/knoxss/knoxss.key` and copy your API key there. 10 | 11 | ### Input 12 | 13 | ``` 14 | https://brutelogic.com.br/xsx.php 15 | https://brutelogic.com.br/xss.php 16 | ``` 17 | 18 | ### Usage 19 | 20 | - `cat urls | knoxssme` 21 | - `cat urls | knoxssme -k exampleapikey-wbfkwfiuwlahlflvug` 22 | - `cat urls | knoxssme -o output.txt` 23 | 24 | If you are on Linux and you configured correctly the configuration file you don't need the option `-k`. 25 | 26 | 27 | ### Output 28 | 29 | ``` 30 | [ SAFE ] https://brutelogic.com.br/xsx.php 31 | [ XSS! ] https://brutelogic.com.br/xss.php?a=1 32 | ``` 33 | -------------------------------------------------------------------------------- /knoxssme/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "bytes" 6 | "encoding/json" 7 | "errors" 8 | "flag" 9 | "fmt" 10 | "io/ioutil" 11 | "net/http" 12 | "os" 13 | "runtime" 14 | "strings" 15 | "time" 16 | 17 | "github.com/edoardottt/golazy" 18 | ) 19 | 20 | /* 21 | TODO: 22 | 23 | - Daily api calls check 24 | */ 25 | 26 | var Reset = "\033[0m" 27 | var Red = "\033[31m" 28 | var Green = "\033[32m" 29 | var Yellow = "\033[33m" 30 | 31 | // main. 32 | func main() { 33 | if runtime.GOOS == "windows" { 34 | Reset = "" 35 | Red = "" 36 | Green = "" 37 | Yellow = "" 38 | } 39 | 40 | helpPtr := flag.Bool("h", false, "Show usage.") 41 | keyPtr := flag.String("k", "", "API key (if not provided read it from config file).") 42 | outputPtr := flag.String("o", "", "Output file.") 43 | 44 | flag.Parse() 45 | 46 | if *helpPtr { 47 | help() 48 | } 49 | 50 | var apikey string 51 | if *keyPtr != "" { 52 | apikey = *keyPtr 53 | } else { 54 | apikey = ReadAPIKey() 55 | if apikey == "" { 56 | fmt.Println(Red + "[ ERR! ] API key cannot be blank." + Reset) 57 | os.Exit(1) 58 | } 59 | } 60 | 61 | if *outputPtr != "" { 62 | f, err := os.OpenFile(*outputPtr, os.O_CREATE|os.O_WRONLY, 0644) 63 | if err != nil { 64 | fmt.Println("Can't create output file.") 65 | os.Exit(1) 66 | } 67 | 68 | err = f.Truncate(0) 69 | if err != nil { 70 | fmt.Println("Can't create output file.") 71 | os.Exit(1) 72 | } 73 | 74 | f.Close() 75 | } 76 | 77 | input := ScanTargets() 78 | 79 | for _, elem := range golazy.RemoveDuplicateValues(input) { 80 | resp, _, err := KnoxssAPI(elem, apikey) 81 | if err != nil { 82 | if *outputPtr != "" { 83 | golazy.AppendOutputToTxt("[ ERR! ] "+elem, *outputPtr) 84 | golazy.AppendOutputToTxt(err.Error(), *outputPtr) 85 | } 86 | 87 | fmt.Println(Red + "[ ERR! ] " + Reset + elem) 88 | fmt.Println(err.Error()) 89 | 90 | continue 91 | } 92 | 93 | result, err := ReadResult(resp) 94 | 95 | switch { 96 | case err != nil: 97 | if *outputPtr != "" { 98 | golazy.AppendOutputToTxt("[ ERR! ] "+elem, *outputPtr) 99 | } 100 | 101 | fmt.Println(Red + "[ ERR! ] " + Reset + elem) 102 | fmt.Println(err.Error()) 103 | case result.XSS == "true": 104 | if *outputPtr != "" { 105 | golazy.AppendOutputToTxt("[ XSS! ] "+elem, *outputPtr) 106 | } 107 | 108 | fmt.Println(Green + "[ XSS! ] " + Reset + result.PoC) 109 | case result.XSS == "none" && result.Error != "": 110 | if *outputPtr != "" { 111 | golazy.AppendOutputToTxt("[ ERR! ] "+elem, *outputPtr) 112 | golazy.AppendOutputToTxt(result.Error, *outputPtr) 113 | } 114 | 115 | fmt.Println(Red + "[ ERR! ] " + Reset + elem) 116 | fmt.Println(result.Error) 117 | default: 118 | if *outputPtr != "" { 119 | golazy.AppendOutputToTxt("[ SAFE ] "+elem, *outputPtr) 120 | } 121 | 122 | fmt.Println(Yellow + "[ SAFE ] " + Reset + result.Target) 123 | } 124 | } 125 | } 126 | 127 | // help shows the usage. 128 | func help() { 129 | var usage = `Take as input on stdin a list of urls and print on stdout the results from Knoxss.me API. 130 | $> cat urls | knoxssme 131 | $> cat urls | knoxssme -h exampleapikeywbfkwfiuwlahlflvug 132 | $> cat urls | knoxssme -o output.txt` 133 | 134 | fmt.Println() 135 | fmt.Println(usage) 136 | fmt.Println() 137 | os.Exit(0) 138 | } 139 | 140 | // ScanTargets return the array of elements 141 | // taken as input on stdin. 142 | func ScanTargets() []string { 143 | var result []string 144 | 145 | // accept domains on stdin 146 | sc := bufio.NewScanner(os.Stdin) 147 | for sc.Scan() { 148 | if strings.TrimSpace(sc.Text()) != "" { 149 | domain := strings.ToLower(sc.Text()) 150 | result = append(result, domain) 151 | } 152 | } 153 | 154 | return result 155 | } 156 | 157 | // FilterAnd replaces all occurrences of & with %26. 158 | func FilterAnd(input string) string { 159 | return strings.ReplaceAll(input, "&", "%26") 160 | } 161 | 162 | // KnoxssAPI performs a POST request to knoxss API. 163 | func KnoxssAPI(url string, apikey string) (string, int, error) { 164 | postBody := FilterAnd("target=" + url) 165 | responseBody := bytes.NewBuffer([]byte(postBody)) 166 | client := &http.Client{ 167 | Timeout: time.Second * 1000, 168 | } 169 | 170 | var target = "https://knoxss.me/api/v3" 171 | 172 | req, err := http.NewRequest("POST", target, responseBody) 173 | if err != nil { 174 | return "", 0, err 175 | } 176 | 177 | req.Header.Set("X-API-KEY", apikey) 178 | req.Header.Set("Content-Type", "application/x-www-form-urlencoded") 179 | 180 | resp, err := client.Do(req) 181 | if err != nil { 182 | return "", 0, err 183 | } 184 | 185 | defer resp.Body.Close() 186 | 187 | // Read the response body. 188 | body, err := ioutil.ReadAll(resp.Body) 189 | if err != nil { 190 | return "", 0, err 191 | } 192 | 193 | sb := string(body) 194 | 195 | return sb, resp.StatusCode, nil 196 | } 197 | 198 | type Result struct { 199 | XSS string `json:"XSS"` 200 | PoC string `json:"PoC"` 201 | Target string `json:"Target"` 202 | PostData string `json:"POST Data"` 203 | Error string `json:"Error"` 204 | APICall string `json:"API Call"` 205 | TimeElapsed string `json:"Time Elapsed"` 206 | Timestamp string `json:"Timestamp"` 207 | } 208 | 209 | // ReadResult. 210 | func ReadResult(input string) (Result, error) { 211 | var ( 212 | result = Result{} 213 | err error 214 | ) 215 | 216 | switch { 217 | case strings.Contains(input, "{") && strings.Contains(input, "XSS"): 218 | err = json.Unmarshal([]byte(input), &result) 219 | case strings.Contains(input, "Error Code: HTTP 504"): 220 | err = errors.New("knoxss.me replied with HTTP 504: Backend or gateway connection timeout") 221 | case strings.Contains(input, "Incorrect API key"): 222 | fmt.Println(Red + "[ ERROR ] " + Reset + "Incorrect API key.") 223 | os.Exit(1) 224 | default: 225 | fmt.Println("something went wrong.") 226 | os.Exit(1) 227 | } 228 | 229 | return result, err 230 | } 231 | 232 | // ReadAPIKey. 233 | func ReadAPIKey() string { 234 | filename := "" 235 | 236 | if runtime.GOOS == "windows" { 237 | // Don't use colors 238 | fmt.Println("[ ERROR ] Use -k option to insert Api key.") 239 | os.Exit(1) 240 | } else { // linux 241 | home, err := os.UserHomeDir() 242 | if err != nil { 243 | fmt.Println(Red + "[ ERROR ] " + Reset + "Cannot read API Key from config file.") 244 | os.Exit(1) 245 | } 246 | filename = home + "/.config/knoxss/knoxss.key" 247 | } 248 | 249 | file, err := os.Open(filename) 250 | if err != nil { 251 | fmt.Println(Red + "[ ERROR ] " + Reset + "failed to open " + filename) 252 | os.Exit(1) 253 | } 254 | 255 | scanner := bufio.NewScanner(file) 256 | scanner.Split(bufio.ScanLines) 257 | 258 | var key string 259 | 260 | if scanner.Scan() { 261 | key = scanner.Text() 262 | } 263 | 264 | file.Close() 265 | 266 | return key 267 | } 268 | -------------------------------------------------------------------------------- /kubemetrics/README.md: -------------------------------------------------------------------------------- 1 | # kubemetrics 2 | 3 | **kubernetes** **metrics** 4 | 5 | Take as input on stdin a list of urls and print on stdout all the unique paths and urls found in the /metrics endpoint. 6 | 7 | Inspired by [@ITSecurityguard](https://twitter.com/ITSecurityguard/status/1510951340763136005), thanks to [@remonsec](https://twitter.com/remonsec). 8 | 9 | ### Input 10 | 11 | ``` 12 | https://example.com 13 | https://test.com 14 | ``` 15 | 16 | ### Usage 17 | 18 | - `cat urls | kubemetrics` 19 | 20 | ### Output 21 | 22 | ``` 23 | /search 24 | /search/about 25 | /search/static 26 | /sprint_xhtml 27 | db.example.com:81/conf.txt 28 | /sprint_wml 29 | /pqa 30 | /trends/beta 31 | /trends/topics 32 | ``` 33 | -------------------------------------------------------------------------------- /kubemetrics/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "io/ioutil" 8 | "net/http" 9 | "net/url" 10 | "os" 11 | "regexp" 12 | "strings" 13 | "sync" 14 | "time" 15 | 16 | "github.com/edoardottt/golazy" 17 | ) 18 | 19 | func main() { 20 | helpPtr := flag.Bool("h", false, "Show usage.") 21 | 22 | flag.Parse() 23 | 24 | if *helpPtr { 25 | help() 26 | } 27 | 28 | input := ScanTargets() 29 | 30 | result := GetMetrics(input) 31 | for _, elem := range result { 32 | fmt.Println(elem) 33 | } 34 | } 35 | 36 | // help shows the usage. 37 | func help() { 38 | var usage = `Take as input on stdin a list of urls and print on stdout all the unique paths and url found in the /metrics endpoint. 39 | $> cat urls | kubemetrics` 40 | 41 | fmt.Println() 42 | fmt.Println(usage) 43 | fmt.Println() 44 | os.Exit(0) 45 | } 46 | 47 | // ScanTargets return the array of elements 48 | // taken as input on stdin. 49 | func ScanTargets() []string { 50 | var result []string 51 | 52 | // accept domains on stdin. 53 | sc := bufio.NewScanner(os.Stdin) 54 | for sc.Scan() { 55 | domain := strings.ToLower(sc.Text()) 56 | if !golazy.HasProtocol(domain) { 57 | fmt.Println(domain + " has no protocol!") 58 | os.Exit(1) 59 | } 60 | 61 | result = append(result, RemovePath(domain)) 62 | } 63 | 64 | return golazy.RemoveDuplicateValues(result) 65 | } 66 | 67 | // GetMetrics. 68 | func GetMetrics(input []string) []string { 69 | var ( 70 | result = []string{} 71 | mutex = &sync.Mutex{} 72 | pathRe = `path\=\".*\"` 73 | urlRe = `url\=\".*\"` 74 | ) 75 | 76 | limiter := make(chan string, 10) // Limits simultaneous requests. 77 | wg := sync.WaitGroup{} // Needed to not prematurely exit before all requests have been finished. 78 | 79 | for _, elem := range input { 80 | limiter <- elem 81 | 82 | wg.Add(1) 83 | 84 | go func(domain string) { 85 | defer wg.Done() 86 | defer func() { <-limiter }() 87 | 88 | metrics := GetRequest(domain + "/metrics") 89 | 90 | mutex.Lock() 91 | 92 | if metrics != "" { 93 | if matched, err := regexp.Match(pathRe, []byte(metrics)); err == nil && matched { 94 | re := regexp.MustCompile(pathRe) 95 | 96 | matches := re.FindAllString(metrics, -1) 97 | for _, match := range matches { 98 | elem := strings.ReplaceAll(strings.ReplaceAll(strings.Split(match, ",")[0], "path=\"", ""), "\"", "") 99 | if elem != "/" && strings.Trim(elem, " ") != "" { 100 | result = append(result, elem) 101 | } 102 | } 103 | } 104 | 105 | if matched, err := regexp.Match(urlRe, []byte(metrics)); err == nil && matched { 106 | re := regexp.MustCompile(urlRe) 107 | 108 | matches := re.FindAllString(metrics, -1) 109 | for _, match := range matches { 110 | elem := strings.ReplaceAll(strings.ReplaceAll(strings.Split(match, ",")[0], "url=\"", ""), "\"", "") 111 | if elem != "/" && strings.Trim(elem, " ") != "" { 112 | result = append(result, elem) 113 | } 114 | } 115 | } 116 | } 117 | mutex.Unlock() 118 | }(elem) 119 | } 120 | 121 | wg.Wait() 122 | 123 | return golazy.RemoveDuplicateValues(result) 124 | } 125 | 126 | // GetRequest performs a GET request. 127 | func GetRequest(target string) string { 128 | client := http.Client{ 129 | Timeout: 5 * time.Second, 130 | } 131 | 132 | resp, err := client.Get(target) 133 | if err != nil { 134 | return "" 135 | } 136 | 137 | defer resp.Body.Close() 138 | 139 | // We Read the response body on the line below. 140 | body, err := ioutil.ReadAll(resp.Body) 141 | if err != nil { 142 | return "" 143 | } 144 | 145 | // Convert the body to type string. 146 | sb := string(body) 147 | 148 | return sb 149 | } 150 | 151 | // RemovePath. 152 | func RemovePath(input string) string { 153 | u, err := url.Parse(input) 154 | if err != nil { 155 | fmt.Println(err) 156 | os.Exit(1) 157 | } 158 | 159 | return u.Scheme + "://" + u.Host 160 | } 161 | -------------------------------------------------------------------------------- /nrp/README.md: -------------------------------------------------------------------------------- 1 | # nrp 2 | 3 | **n**o **r**edirect **p**lease 4 | 5 | Take as input on stdin a list of domains and print on stdout all the unique domains without redirects. 6 | For example, if two domains (A and B) redirects to the same domain C, the output will be C. 7 | 8 | ### Input 9 | 10 | ``` 11 | https://example.com/ 12 | http://example.com/ 13 | http://noredirect.com/nor 14 | https://redirect-no.fr/blocked 15 | ``` 16 | 17 | ### Usage 18 | 19 | - `cat urls | nrp` 20 | 21 | ### Output 22 | 23 | ``` 24 | example.com 200 25 | noredirect.com 200 26 | redirect-no.fr 401 27 | ``` 28 | -------------------------------------------------------------------------------- /nrp/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "crypto/tls" 6 | "flag" 7 | "fmt" 8 | "net/http" 9 | "net/url" 10 | "os" 11 | "strconv" 12 | "strings" 13 | "sync" 14 | ) 15 | 16 | func main() { 17 | helpPtr := flag.Bool("h", false, "Show usage.") 18 | 19 | flag.Parse() 20 | 21 | if *helpPtr { 22 | help() 23 | } 24 | 25 | result := sync.Map{} 26 | 27 | input := ScanTargets() 28 | limiter := make(chan string, 30) // Limits simultaneous requests. 29 | wg := sync.WaitGroup{} // Needed to not prematurely exit before all requests have been finished. 30 | 31 | for _, elem := range input { 32 | limiter <- elem 33 | 34 | wg.Add(1) 35 | 36 | go func(elem string) { 37 | defer wg.Done() 38 | defer func() { <-limiter }() 39 | 40 | finalURL := ScanRedirect(elem) 41 | if finalURL.URL != "" { 42 | final := finalURL.URL + " " + strconv.Itoa(finalURL.Code) 43 | if _, ok := result.Load(final); !ok { 44 | result.Store(final, true) 45 | fmt.Println(final) 46 | } 47 | } 48 | }(elem) 49 | } 50 | 51 | wg.Wait() 52 | } 53 | 54 | // help shows the usage. 55 | func help() { 56 | var usage = `Take as input on stdin a list of domains and print on stdout all the unique domains without redirects. 57 | For example, if two domains (A and B) redirects to the same domain C, the output will be C. 58 | $> cat urls | nrp` 59 | 60 | fmt.Println() 61 | fmt.Println(usage) 62 | fmt.Println() 63 | os.Exit(0) 64 | } 65 | 66 | // ScanTargets return the array of elements 67 | // taken as input on stdin. 68 | func ScanTargets() []string { 69 | var result []string 70 | 71 | // accept domains on stdin. 72 | sc := bufio.NewScanner(os.Stdin) 73 | for sc.Scan() { 74 | if !IsURL(sc.Text()) { 75 | continue 76 | } 77 | 78 | domain := strings.ToLower(sc.Text()) 79 | result = append(result, domain) 80 | } 81 | 82 | return result 83 | } 84 | 85 | // Redirect Struct. 86 | type Redirect struct { 87 | URL string 88 | Code int 89 | } 90 | 91 | // ScanRedirect. 92 | func ScanRedirect(input string) Redirect { 93 | result := []Redirect{{"", 1}} 94 | nextURL := input 95 | 96 | var i int 97 | for i < 10 { 98 | tr := &http.Transport{ 99 | TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, 100 | } 101 | client := &http.Client{ 102 | CheckRedirect: func(req *http.Request, via []*http.Request) error { 103 | return http.ErrUseLastResponse 104 | }, Transport: tr} 105 | 106 | if len(nextURL) == 0 { 107 | break 108 | } 109 | 110 | if nextURL[0] == '/' { 111 | nextURL = ExtractHost(result[len(result)-1].URL) + nextURL 112 | } 113 | 114 | resp, err := client.Get(nextURL) 115 | if err != nil { 116 | return Redirect{"", 1} 117 | } 118 | 119 | if resp.StatusCode == 200 { 120 | output := Redirect{URL: resp.Request.URL.String(), Code: resp.StatusCode} 121 | result = append(result, output) 122 | 123 | break 124 | } else { 125 | nextURL = resp.Header.Get("Location") 126 | output := Redirect{URL: resp.Request.URL.String(), Code: resp.StatusCode} 127 | result = append(result, output) 128 | i += 1 129 | } 130 | 131 | resp.Body.Close() 132 | } 133 | 134 | return result[len(result)-1] 135 | } 136 | 137 | // IsURL. 138 | func IsURL(input string) bool { 139 | u, err := url.Parse(input) 140 | if err != nil { 141 | return false 142 | } 143 | 144 | if u.Scheme != "" && u.Host != "" { 145 | return true 146 | } 147 | 148 | return false 149 | } 150 | 151 | // ExtractHost. 152 | func ExtractHost(input string) string { 153 | u, err := url.Parse(input) 154 | if err != nil { 155 | return "" 156 | } 157 | 158 | return u.Scheme + u.Host 159 | } 160 | -------------------------------------------------------------------------------- /rapwp/README.md: -------------------------------------------------------------------------------- 1 | # rapwp 2 | 3 | **r**eplace **a**ll **p**arameters **w**ith **p**ayloads 4 | 5 | Take as input on stdin a list of urls and a payload and print on stdout all the unique urls with ready to use payloads. 6 | 7 | ### Input 8 | 9 | ``` 10 | https://sub1.example.com/path1?param1=value1 11 | https://sub1.example.com/path2?param1=value1¶m2=value2 12 | https://sub2.example.com/path3/subpath1/?param1=value1 13 | https://sub3.example.com/path4?param4=value4 14 | ``` 15 | 16 | ### Usage 17 | 18 | 19 | - `cat urls | rapwp -p ""` 20 | - `cat urls | rapwp -pL payloads.txt` 21 | - `cat urls | rapwp -pL payloads.txt -obo` 22 | 23 | ### Output 24 | 25 | ``` 26 | https://sub1.example.com/path1?param1=%3Csvg%20onload=%22alert(1)%22%3E 27 | https://sub1.example.com/path2?param1=value1¶m2=%3Csvg%20onload=%22alert(1)%22%3E 28 | https://sub2.example.com/path3/subpath1/?param1=%3Csvg%20onload=%22alert(1)%22%3E 29 | https://sub3.example.com/path4?param4=%3Csvg%20onload=%22alert(1)%22%3E 30 | ``` 31 | -------------------------------------------------------------------------------- /rapwp/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "log" 8 | "net/url" 9 | "os" 10 | "strings" 11 | 12 | "github.com/edoardottt/golazy" 13 | ) 14 | 15 | func main() { 16 | helpPtr := flag.Bool("h", false, "Show usage.") 17 | payloadPtr := flag.String("p", "", "Input payload.") 18 | payloadFilePtr := flag.String("pL", "", "Input payload file.") 19 | oneByOnePtr := flag.Bool("obo", false, "Replace parameters one by one.") 20 | 21 | flag.Parse() 22 | 23 | if *helpPtr { 24 | help() 25 | } 26 | 27 | if *payloadPtr != "" && *payloadFilePtr != "" { 28 | fmt.Println("You can't specify both -p and -pL.") 29 | os.Exit(0) 30 | } 31 | 32 | if *payloadPtr == "" && *payloadFilePtr == "" { 33 | fmt.Println("Payload(s) required.") 34 | os.Exit(0) 35 | } 36 | 37 | input := ScanTargets() 38 | 39 | var result []string 40 | 41 | if *payloadPtr != "" { 42 | if !*oneByOnePtr { 43 | for _, elem := range input { 44 | resultString := ReplaceParameters(elem, *payloadPtr) 45 | if resultString != "" { 46 | result = append(result, resultString) 47 | } 48 | } 49 | } else { 50 | for _, elem := range input { 51 | resultSlice := ReplaceParametersOneByOne(elem, *payloadPtr) 52 | if len(resultSlice) != 0 { 53 | result = append(result, resultSlice...) 54 | } 55 | } 56 | } 57 | } 58 | 59 | if *payloadFilePtr != "" { 60 | payloads := ReadFileLineByLine(*payloadFilePtr) 61 | for _, payload := range golazy.RemoveDuplicateValues(payloads) { 62 | if strings.Trim(payload, " ") != "" { 63 | if !*oneByOnePtr { 64 | for _, elem := range input { 65 | resultString := ReplaceParameters(elem, payload) 66 | if resultString != "" { 67 | result = append(result, resultString) 68 | } 69 | } 70 | } else { 71 | for _, elem := range input { 72 | resultSlice := ReplaceParametersOneByOne(elem, payload) 73 | if len(resultSlice) != 0 { 74 | result = append(result, resultSlice...) 75 | } 76 | } 77 | } 78 | } 79 | } 80 | } 81 | 82 | for _, elem := range golazy.RemoveDuplicateValues(result) { 83 | fmt.Println(elem) 84 | } 85 | } 86 | 87 | // help shows the usage. 88 | func help() { 89 | var usage = `Take as input on stdin a list of urls and a payload and print on stdout all the unique urls with ready to use payloads. 90 | $> cat urls | rapwp -p "" 91 | $> cat urls | rapwp -pL payloads.txt 92 | $> cat urls | rapwp -pL payloads.txt -obo` 93 | 94 | fmt.Println() 95 | fmt.Println(usage) 96 | fmt.Println() 97 | os.Exit(0) 98 | } 99 | 100 | // ScanTargets return the array of elements 101 | // taken as input on stdin. 102 | func ScanTargets() []string { 103 | var result []string 104 | 105 | // accept domains on stdin 106 | sc := bufio.NewScanner(os.Stdin) 107 | for sc.Scan() { 108 | domain := strings.ToLower(sc.Text()) 109 | result = append(result, domain) 110 | } 111 | 112 | return golazy.RemoveDuplicateValues(result) 113 | } 114 | 115 | // ReplaceParameters. 116 | func ReplaceParameters(input string, payload string) string { 117 | u, err := url.Parse(input) 118 | if err != nil { 119 | return "" 120 | } 121 | 122 | decodedValue, err := url.QueryUnescape(u.RawQuery) 123 | if err != nil { 124 | return "" 125 | } 126 | 127 | var queryResult = "" 128 | 129 | couples := strings.Split(decodedValue, "&") 130 | for _, pair := range couples { 131 | values := strings.Split(pair, "=") 132 | queryResult += values[0] + "=" + url.QueryEscape(payload) + "&" 133 | } 134 | 135 | return u.Scheme + "://" + u.Host + u.Path + "?" + queryResult[:len(queryResult)-1] 136 | } 137 | 138 | // ReplaceParametersOneByOne. 139 | func ReplaceParametersOneByOne(input string, payload string) []string { 140 | u, err := url.Parse(input) 141 | if err != nil { 142 | return []string{} 143 | } 144 | 145 | decodedValue, err := url.QueryUnescape(u.RawQuery) 146 | if err != nil { 147 | return []string{} 148 | } 149 | 150 | var queryResult = []string{} 151 | 152 | couples := strings.Split(decodedValue, "&") 153 | for _, pair1 := range couples { 154 | var query = "" 155 | 156 | for _, pair := range couples { 157 | if pair1 == pair { 158 | values := strings.Split(pair, "=") 159 | query += values[0] + "=" + url.QueryEscape(payload) + "&" 160 | } else { 161 | values := strings.Split(pair, "=") 162 | query += values[0] + "=" + values[1] + "&" 163 | } 164 | } 165 | queryResult = append(queryResult, u.Scheme+"://"+u.Host+u.Path+"?"+query[:len(query)-1]) 166 | } 167 | 168 | return queryResult 169 | } 170 | 171 | // ReadFileLineByLine reads all the lines from input file and returns 172 | // them as a slice of strings. 173 | func ReadFileLineByLine(inputFile string) []string { 174 | file, err := os.Open(inputFile) 175 | if err != nil { 176 | log.Fatalf("failed to open %s", inputFile) 177 | } 178 | 179 | scanner := bufio.NewScanner(file) 180 | scanner.Split(bufio.ScanLines) 181 | 182 | var text []string 183 | for scanner.Scan() { 184 | text = append(text, scanner.Text()) 185 | } 186 | 187 | file.Close() 188 | 189 | text = golazy.RemoveDuplicateValues(text) 190 | 191 | return text 192 | } 193 | -------------------------------------------------------------------------------- /removehost/README.md: -------------------------------------------------------------------------------- 1 | # removehost 2 | 3 | **remove** **host** 4 | 5 | Take as input on stdin a list of urls and print on stdout all the unique queries without protocol and host. 6 | 7 | ### Input 8 | 9 | ``` 10 | google.com/identification/ok 11 | google.com/user/password-reminder 12 | google.com/st/articles/19237343?language=de 13 | google.com/specials 14 | google.com/xxx/paper/category/paper 15 | google.com/xxx/paper/category/paper_tags 16 | google.com/status-page/ie6.css 17 | google.com/status-page/logo.png 18 | google.com/status-page/reset.css 19 | google.com/status-page/style.css 20 | google.com/pub/enml.dtd 21 | http://google.com/pub/enml2.dtd 22 | ``` 23 | 24 | ### Usage 25 | 26 | - `cat urls | removehost` 27 | 28 | ### Output 29 | 30 | ``` 31 | /identification/ok 32 | /user/password-reminder 33 | /st/articles/19237343?language=de 34 | /specials 35 | /xxx/paper/category/paper 36 | /xxx/paper/category/paper_tags 37 | /status-page/ie6.css 38 | /status-page/logo.png 39 | /status-page/reset.css 40 | /status-page/style.css 41 | /pub/enml.dtd 42 | /pub/enml2.dtd 43 | ``` 44 | -------------------------------------------------------------------------------- /removehost/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "net/url" 8 | "os" 9 | "strings" 10 | 11 | "github.com/edoardottt/golazy" 12 | ) 13 | 14 | func main() { 15 | helpPtr := flag.Bool("h", false, "Show usage.") 16 | 17 | flag.Parse() 18 | 19 | if *helpPtr { 20 | help() 21 | } 22 | 23 | var result []string 24 | 25 | input := ScanTargets() 26 | for _, elem := range input { 27 | query := GetQuery(elem) 28 | if query != "" { 29 | result = append(result, query) 30 | } 31 | } 32 | 33 | result = golazy.RemoveDuplicateValues(result) 34 | for _, elem := range result { 35 | fmt.Println(elem) 36 | } 37 | } 38 | 39 | // help shows the usage. 40 | func help() { 41 | var usage = `Take as input on stdin a list of urls and print on stdout all the unique queries without protocol and host. 42 | $> cat urls | removehost` 43 | 44 | fmt.Println() 45 | fmt.Println(usage) 46 | fmt.Println() 47 | os.Exit(0) 48 | } 49 | 50 | // ScanTargets return the array of elements 51 | // taken as input on stdin. 52 | func ScanTargets() []string { 53 | var result []string 54 | 55 | // accept domains on stdin. 56 | sc := bufio.NewScanner(os.Stdin) 57 | for sc.Scan() { 58 | domain := strings.ToLower(sc.Text()) 59 | result = append(result, domain) 60 | } 61 | 62 | return result 63 | } 64 | 65 | // GetQuery. 66 | func GetQuery(input string) string { 67 | u, err := url.Parse(input) 68 | if err != nil { 69 | return "" 70 | } 71 | 72 | if u.RawQuery != "" && u.Fragment != "" { 73 | return u.Path + "?" + u.RawQuery + "#" + u.Fragment 74 | } 75 | 76 | if u.RawQuery != "" { 77 | return u.Path + "?" + u.RawQuery 78 | } 79 | 80 | if u.Fragment != "" { 81 | return u.Path + "#" + u.Fragment 82 | } 83 | 84 | return u.Path 85 | } 86 | -------------------------------------------------------------------------------- /removepro/README.md: -------------------------------------------------------------------------------- 1 | # removepro 2 | 3 | **remove** **pro**tocols 4 | 5 | Take as input on stdin a list of urls and print on stdout all the unique urls without protocols. 6 | With `-subs` you can output only domains without the queries. 7 | 8 | ### Input 9 | 10 | ``` 11 | https://google.com/id/ok 12 | http://ciao.it 13 | https://okokok.it/query?exec=ok 14 | http://cleandomain.out#fragment1 15 | ``` 16 | 17 | ### Usage 18 | 19 | - `cat urls | removepro` 20 | - `cat urls | removepro -subs` 21 | 22 | ### Output 23 | 24 | ``` 25 | google.com/id/ok 26 | ciao.it 27 | okokok.it/query?exec=ok 28 | cleandomain.out#fragment1 29 | ``` 30 | -------------------------------------------------------------------------------- /removepro/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "net/url" 8 | "os" 9 | "strings" 10 | 11 | "github.com/edoardottt/golazy" 12 | ) 13 | 14 | func main() { 15 | var ( 16 | input []string 17 | result []string 18 | ) 19 | 20 | if !ScanFlag() { 21 | input = ScanTargets() 22 | for _, elem := range input { 23 | result = append(result, RemoveProtocol(elem)) 24 | } 25 | } else { 26 | for _, elem := range input { 27 | sub := RemovePort(RemoveProtocol(GetOnlySubs(elem))) 28 | if sub != "" { 29 | result = append(result, sub) 30 | } 31 | } 32 | } 33 | 34 | result = golazy.RemoveDuplicateValues(result) 35 | 36 | for _, elem := range result { 37 | fmt.Println(elem) 38 | } 39 | } 40 | 41 | // help shows the usage. 42 | func help() { 43 | var usage = `Take as input on stdin a list of urls and print on stdout all the unique urls without protocols. 44 | With -subs you can output only domains without the queries. 45 | $> cat urls | removepro 46 | $> cat urls | removepro -subs` 47 | 48 | fmt.Println() 49 | fmt.Println(usage) 50 | fmt.Println() 51 | os.Exit(0) 52 | } 53 | 54 | // ScanTargets return the array of elements 55 | // taken as input on stdin. 56 | func ScanTargets() []string { 57 | var result []string 58 | 59 | // accept domains on stdin. 60 | sc := bufio.NewScanner(os.Stdin) 61 | for sc.Scan() { 62 | domain := strings.ToLower(sc.Text()) 63 | result = append(result, domain) 64 | } 65 | 66 | return result 67 | } 68 | 69 | // RemoveProtocol. 70 | func RemoveProtocol(input string) string { 71 | res := strings.Index(input, "://") 72 | if res >= 0 { 73 | return input[res+3:] 74 | } else { 75 | return input 76 | } 77 | } 78 | 79 | // GetOnlySubs. 80 | func GetOnlySubs(input string) string { 81 | u, err := url.Parse(input) 82 | if err != nil { 83 | return "" 84 | } 85 | 86 | return u.Host 87 | } 88 | 89 | // ScanFlag. 90 | func ScanFlag() bool { 91 | subsPtr := flag.Bool("subs", false, "Return only subdomains without protocols.") 92 | helpPtr := flag.Bool("h", false, "Show usage.") 93 | 94 | flag.Parse() 95 | 96 | if *helpPtr { 97 | help() 98 | } 99 | 100 | return *subsPtr 101 | } 102 | 103 | // RemovePort. 104 | func RemovePort(input string) string { 105 | res := strings.Index(input, ":") 106 | if res >= 0 { 107 | return input[:res-1] 108 | } 109 | 110 | return input 111 | } 112 | -------------------------------------------------------------------------------- /robotstxt/README.md: -------------------------------------------------------------------------------- 1 | # robotstxt 2 | 3 | **robots** **txt** 4 | 5 | Take as input on stdin a list of urls and print on stdout all the unique paths found in the robots.txt file. 6 | 7 | Inspired by [@remonsec](https://twitter.com/remonsec/status/1410661328977600517) 8 | 9 | ### Input 10 | 11 | ``` 12 | https://google.com/search 13 | https://google.com/search/about 14 | https://google.com/search/static 15 | https://google.com/pda/search? 16 | https://google.com/sprint_xhtml 17 | https://google.com/sprint_wml 18 | https://google.com/pqa 19 | https://google.com/books?*q=related:* 20 | https://google.com/books?*q=editions:* 21 | https://google.com/books?*q=subject:* 22 | https://google.com/trends/beta 23 | https://google.com/trends/topics 24 | ``` 25 | 26 | ### Usage 27 | 28 | - `cat urls | robotstxt` 29 | 30 | ### Output 31 | 32 | ``` 33 | /search 34 | /search/about 35 | /search/static 36 | /pda/search? 37 | /sprint_xhtml 38 | /sprint_wml 39 | /pqa 40 | /books?*q=related:* 41 | /books?*q=editions:* 42 | /books?*q=subject:* 43 | /trends/beta 44 | /trends/topics 45 | ``` 46 | -------------------------------------------------------------------------------- /robotstxt/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "io/ioutil" 8 | "net/http" 9 | "os" 10 | "strings" 11 | "sync" 12 | "time" 13 | 14 | "github.com/edoardottt/golazy" 15 | ) 16 | 17 | func main() { 18 | helpPtr := flag.Bool("h", false, "Show usage.") 19 | 20 | flag.Parse() 21 | 22 | if *helpPtr { 23 | help() 24 | } 25 | 26 | input := ScanTargets() 27 | result := GetRobots(input) 28 | 29 | for _, elem := range result { 30 | fmt.Println(elem) 31 | } 32 | } 33 | 34 | // help shows the usage. 35 | func help() { 36 | var usage = `Take as input on stdin a list of urls and print on stdout all the unique paths found in the robots.txt file. 37 | $> cat urls | robotstxt` 38 | 39 | fmt.Println() 40 | fmt.Println(usage) 41 | fmt.Println() 42 | os.Exit(0) 43 | } 44 | 45 | // ScanTargets return the array of elements 46 | // taken as input on stdin. 47 | func ScanTargets() []string { 48 | var result []string 49 | 50 | // accept domains on stdin. 51 | sc := bufio.NewScanner(os.Stdin) 52 | for sc.Scan() { 53 | domain := strings.ToLower(sc.Text()) 54 | result = append(result, domain) 55 | } 56 | 57 | return golazy.RemoveDuplicateValues(result) 58 | } 59 | 60 | // GetRobots. 61 | func GetRobots(input []string) []string { 62 | var ( 63 | result = []string{} 64 | mutex = &sync.Mutex{} 65 | ) 66 | 67 | limiter := make(chan string, 10) // Limits simultaneous requests. 68 | wg := sync.WaitGroup{} // Needed to not prematurely exit before all requests have been finished. 69 | 70 | for _, elem := range input { 71 | limiter <- elem 72 | 73 | wg.Add(1) 74 | 75 | go func(domain string) { 76 | defer wg.Done() 77 | defer func() { <-limiter }() 78 | 79 | robots := GetRequest("https://" + RemoveProtocol(domain) + "/robots.txt") 80 | 81 | mutex.Lock() 82 | 83 | if robots != "" { 84 | s := strings.Split(robots, "\n") 85 | for _, line := range s { 86 | if strings.Contains(line, "Allow") || strings.Contains(line, "Disallow") { 87 | word := strings.Split(line, " ") 88 | if len(word) > 1 && !strings.Contains(word[1], "Disallow") && !strings.Contains(word[1], "Allow") { 89 | result = append(result, word[1]) 90 | } 91 | } 92 | } 93 | } 94 | mutex.Unlock() 95 | }(elem) 96 | } 97 | 98 | wg.Wait() 99 | 100 | return golazy.RemoveDuplicateValues(result) 101 | } 102 | 103 | // GetRequest performs a GET request. 104 | func GetRequest(target string) string { 105 | client := http.Client{ 106 | Timeout: 5 * time.Second, 107 | } 108 | 109 | resp, err := client.Get(target) 110 | if err != nil { 111 | return "" 112 | } 113 | 114 | defer resp.Body.Close() 115 | 116 | // We Read the response body on the line below. 117 | body, err := ioutil.ReadAll(resp.Body) 118 | if err != nil { 119 | return "" 120 | } 121 | 122 | // Convert the body to type string. 123 | sb := string(body) 124 | 125 | return sb 126 | } 127 | 128 | // RemoveProtocol. 129 | func RemoveProtocol(input string) string { 130 | res := strings.Index(input, "://") 131 | if res >= 0 { 132 | return input[res+3:] 133 | } else { 134 | return input 135 | } 136 | } 137 | -------------------------------------------------------------------------------- /rpfu/README.md: -------------------------------------------------------------------------------- 1 | # rpfu 2 | 3 | **r**emove **p**ort **f**rom **u**rls 4 | 5 | Take as input on stdin a list of urls and print on stdout all the unique urls without ports (if 80 or 443). 6 | 7 | ### Input 8 | 9 | ``` 10 | https://google.com:443/id/ok 11 | https://ciao.it:443 12 | https://okokok.it:443/query?exec=ok 13 | http://cleandomain.out:80#fragment1 14 | 15 | ... 16 | ``` 17 | 18 | ### Usage 19 | 20 | `cat urls | rpfu` 21 | 22 | ### Output 23 | 24 | ``` 25 | https://google.com/id/ok 26 | https://ciao.it 27 | https://okokok.it/query?exec=ok 28 | http://cleandomain.out#fragment1 29 | ``` 30 | -------------------------------------------------------------------------------- /rpfu/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "flag" 6 | "fmt" 7 | "net/url" 8 | "os" 9 | "strings" 10 | 11 | "github.com/edoardottt/golazy" 12 | ) 13 | 14 | func main() { 15 | helpPtr := flag.Bool("h", false, "Show usage.") 16 | 17 | flag.Parse() 18 | 19 | if *helpPtr { 20 | help() 21 | } 22 | 23 | var result []string 24 | 25 | input := ScanTargets() 26 | for _, elem := range input { 27 | item := GetHostWithoutPort(elem) 28 | if item != "" { 29 | result = append(result, item) 30 | } 31 | } 32 | 33 | for _, elem := range golazy.RemoveDuplicateValues(result) { 34 | fmt.Println(elem) 35 | } 36 | } 37 | 38 | // help shows the usage. 39 | func help() { 40 | var usage = `Take as input on stdin a list of urls and print on stdout all the unique urls without ports (if 80 or 443). 41 | $> cat urls | rpfu` 42 | 43 | fmt.Println() 44 | fmt.Println(usage) 45 | fmt.Println() 46 | os.Exit(0) 47 | } 48 | 49 | // ScanTargets return the array of elements 50 | // taken as input on stdin. 51 | func ScanTargets() []string { 52 | var result []string 53 | // accept domains on stdin. 54 | 55 | sc := bufio.NewScanner(os.Stdin) 56 | for sc.Scan() { 57 | domain := strings.ToLower(sc.Text()) 58 | result = append(result, domain) 59 | } 60 | 61 | return golazy.RemoveDuplicateValues(result) 62 | } 63 | 64 | // GetHostWithoutPort. 65 | func GetHostWithoutPort(input string) string { 66 | u, err := url.Parse(input) 67 | if err != nil { 68 | return "" 69 | } 70 | 71 | if u.Scheme == "" { 72 | u.Scheme = "http" 73 | } 74 | 75 | if u.Host == "" { 76 | return "" 77 | } 78 | 79 | if len(strings.Split(u.Host, ":")) > 1 { 80 | if strings.Split(u.Host, ":")[1] == "80" || strings.Split(u.Host, ":")[1] == "443" { 81 | u.Host = strings.Split(u.Host, ":")[0] 82 | } 83 | } 84 | 85 | if u.RawQuery != "" { 86 | return u.Scheme + "://" + u.Host + u.Path + "?" + u.RawQuery 87 | } 88 | 89 | return u.Scheme + "://" + u.Host + u.Path 90 | } 91 | -------------------------------------------------------------------------------- /subtake/README.md: -------------------------------------------------------------------------------- 1 | # subtake 2 | 3 | **sub**domain **take**over 4 | 5 | Take as input on stdin a list of urls and print on stdout CNAME records found with `dig`. 6 | 7 | ### Install 8 | 9 | - `git clone https://github.com/edoardottt/lit-bb-hack-tools` 10 | - `cd lit-bb-hack-tools/subtake` 11 | - `chmod +x subtake` 12 | - `sudo cp subtake /usr/bin` 13 | 14 | ### Usage 15 | 16 | - `cat urls | subtake` 17 | 18 | ### Output 19 | 20 | ``` 21 | admin.stage2aa.paypal.com 22 | admin.stage2aa.paypal.com. 2943 IN CNAME www.stage2aa.paypal.com. 23 | 24 | --------------------------- 25 | admin.stage2b.paypal.com 26 | admin.stage2b.paypal.com. 3599 IN CNAME www.stage2b.paypal.com. 27 | 28 | --------------------------- 29 | admin.stage2.paypal.com 30 | admin.stage2.paypal.com. 3599 IN CNAME www.stage2.paypal.com. 31 | 32 | --------------------------- 33 | api-3t.paypal.com 34 | api-3t.paypal.com. 3114 IN CNAME api-3t.glb.paypal.com. 35 | ``` 36 | -------------------------------------------------------------------------------- /subtake/subtake: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | print_usage() { 5 | printf "Take as input on stdin a list of urls and print on stdout CNAME records found with dig.\n\tcat urls | subtake\n" 6 | exit 0 7 | } 8 | 9 | while getopts 'h' flag; do 10 | case "${flag}" in 11 | h) print_usage ;; 12 | *) print_usage 13 | exit 1 ;; 14 | esac 15 | done 16 | 17 | 18 | RED='\033[0;31m' # Red 19 | NC='\033[0m' # No Color 20 | 21 | # Read line on stdin 22 | while read line 23 | do 24 | output=$( dig "$line" | grep CNAME ) 25 | # if output is not empty 26 | if [ ! -z "$output" ] 27 | # print the CNAME record from dig 28 | then echo -e "${RED}$line${NC}"; dig "$line" | grep CNAME; echo "" 29 | echo "---------------------------" 30 | fi 31 | done 32 | -------------------------------------------------------------------------------- /tahm/README.md: -------------------------------------------------------------------------------- 1 | # tahm 2 | 3 | **t**est **a**ll **h**ttp **m**ethods 4 | 5 | Take as input on stdin a list of urls and print on stdout all the status codes and body sizes for HTTP methods. 6 | 7 | ### Input 8 | 9 | ``` 10 | https://example.com 11 | https://test.com 12 | 13 | ... 14 | ``` 15 | 16 | ### Usage 17 | 18 | `cat urls | tahm` 19 | 20 | ### Output 21 | 22 | ``` 23 | = https://www.example.com/ = 24 | METHOD STATUS SIZE 25 | GET 200 OK 1256 26 | POST 404 Not Found 445 27 | PUT 404 Not Found 1256 28 | DELETE 405 Method Not Allowed 0 29 | HEAD 200 OK 0 30 | CONNECT 400 Bad Request 349 31 | OPTIONS 200 OK 0 32 | TRACE 405 Method Not Allowed 0 33 | PATCH 405 Method Not Allowed 0 34 | --------------------------- 35 | 36 | ... 37 | ``` 38 | -------------------------------------------------------------------------------- /tahm/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "bufio" 5 | "bytes" 6 | "encoding/json" 7 | "flag" 8 | "fmt" 9 | "io/ioutil" 10 | "net/http" 11 | "os" 12 | "strconv" 13 | "strings" 14 | "time" 15 | 16 | "github.com/edoardottt/golazy" 17 | "github.com/fatih/color" 18 | "github.com/rodaine/table" 19 | ) 20 | 21 | var Reset = "\033[0m" 22 | var Red = "\033[31m" 23 | 24 | var myTransport http.RoundTripper = &http.Transport{ 25 | Proxy: http.ProxyFromEnvironment, 26 | ResponseHeaderTimeout: time.Second * 15, 27 | } 28 | 29 | var myClient = &http.Client{Transport: myTransport} 30 | 31 | // main. 32 | func main() { 33 | helpPtr := flag.Bool("h", false, "Show usage.") 34 | flag.Parse() 35 | 36 | if *helpPtr { 37 | help() 38 | } 39 | 40 | TestMethods(ScanTargets()) 41 | } 42 | 43 | // help shows the usage. 44 | func help() { 45 | var usage = `Take as input on stdin a list of urls and print on stdout all the status codes and body sizes for HTTP methods. 46 | $> cat urls | tahm` 47 | 48 | fmt.Println() 49 | fmt.Println(usage) 50 | fmt.Println() 51 | os.Exit(0) 52 | } 53 | 54 | // ScanTargets return the array of elements 55 | // taken as input on stdin. 56 | func ScanTargets() []string { 57 | var result []string 58 | 59 | // accept domains on stdin 60 | sc := bufio.NewScanner(os.Stdin) 61 | for sc.Scan() { 62 | domain := strings.ToLower(sc.Text()) 63 | result = append(result, domain) 64 | } 65 | 66 | return golazy.RemoveDuplicateValues(result) 67 | } 68 | 69 | // TestMethods. 70 | func TestMethods(input []string) { 71 | for _, elem := range input { 72 | fmt.Println("= " + Red + elem + Reset + " =") 73 | 74 | headerFmt := color.New(color.FgGreen, color.Underline).SprintfFunc() 75 | columnFmt := color.New(color.FgYellow).SprintfFunc() 76 | 77 | tbl := table.New("METHOD", "STATUS", "SIZE") 78 | tbl.WithHeaderFormatter(headerFmt).WithFirstColumnFormatter(columnFmt) 79 | 80 | GetStatus, lenSb, err := GetRequest(elem) 81 | if err == nil { 82 | tbl.AddRow("GET", GetStatus, strconv.Itoa(lenSb)) 83 | } 84 | 85 | PostStatus, lenSb, err := PostRequest(elem) 86 | if err == nil { 87 | tbl.AddRow("POST", PostStatus, strconv.Itoa(lenSb)) 88 | } 89 | 90 | PutStatus, lenSb, err := PutRequest(elem) 91 | if err == nil { 92 | tbl.AddRow("PUT", PutStatus, strconv.Itoa(lenSb)) 93 | } 94 | 95 | DeleteStatus, lenSb, err := Request(elem, "DELETE") 96 | if err == nil { 97 | tbl.AddRow("DELETE", DeleteStatus, strconv.Itoa(lenSb)) 98 | } 99 | 100 | HeadStatus, lenSb, err := HeadRequest(elem) 101 | if err == nil { 102 | tbl.AddRow("HEAD", HeadStatus, strconv.Itoa(lenSb)) 103 | } 104 | 105 | ConnectStatus, lenSb, err := Request(elem, "CONNECT") 106 | if err == nil { 107 | tbl.AddRow("CONNECT", ConnectStatus, strconv.Itoa(lenSb)) 108 | } 109 | 110 | OptionsStatus, lenSb, err := Request(elem, "OPTIONS") 111 | if err == nil { 112 | tbl.AddRow("OPTIONS", OptionsStatus, strconv.Itoa(lenSb)) 113 | } 114 | 115 | TraceStatus, lenSb, err := Request(elem, "TRACE") 116 | if err == nil { 117 | tbl.AddRow("TRACE", TraceStatus, strconv.Itoa(lenSb)) 118 | } 119 | 120 | PatchStatus, lenSb, err := Request(elem, "PATCH") 121 | if err == nil { 122 | tbl.AddRow("PATCH", PatchStatus, strconv.Itoa(lenSb)) 123 | } 124 | 125 | tbl.Print() 126 | fmt.Println("---------------------------") 127 | fmt.Println() 128 | } 129 | } 130 | 131 | // GetRequest performs a GET request. 132 | func GetRequest(target string) (string, int, error) { 133 | resp, err := myClient.Get(target) 134 | if err != nil { 135 | return "", 0, err 136 | } 137 | 138 | defer resp.Body.Close() 139 | 140 | // We Read the response body on the line below. 141 | body, err := ioutil.ReadAll(resp.Body) 142 | if err != nil { 143 | return "", 0, err 144 | } 145 | 146 | // Convert the body to type string. 147 | sb := string(body) 148 | 149 | return resp.Status, len(sb), nil 150 | } 151 | 152 | // PostRequest performs a POST request. 153 | func PostRequest(target string) (string, int, error) { 154 | postBody, _ := json.Marshal("{data}") 155 | responseBody := bytes.NewBuffer(postBody) 156 | 157 | // Leverage Go's HTTP Post function to make request. 158 | resp, err := myClient.Post(target, "application/json", responseBody) 159 | if err != nil { 160 | return "", 0, err 161 | } 162 | 163 | defer resp.Body.Close() 164 | 165 | body, err := ioutil.ReadAll(resp.Body) 166 | if err != nil { 167 | return "", 0, err 168 | } 169 | 170 | sb := string(body) 171 | 172 | return resp.Status, len(sb), nil 173 | } 174 | 175 | // HeadRequest performs a HEAD request. 176 | func HeadRequest(target string) (string, int, error) { 177 | resp, err := myClient.Head(target) 178 | if err != nil { 179 | return "", 0, err 180 | } 181 | 182 | defer resp.Body.Close() 183 | 184 | body, err := ioutil.ReadAll(resp.Body) 185 | if err != nil { 186 | return "", 0, err 187 | } 188 | 189 | sb := string(body) 190 | 191 | return resp.Status, len(sb), nil 192 | } 193 | 194 | // PutRequest performs a PUT request. 195 | func PutRequest(target string) (string, int, error) { 196 | // marshal User to json. 197 | json, _ := json.Marshal("{data}") 198 | 199 | // set the HTTP method, url, and request body. 200 | req, err := http.NewRequest(http.MethodPut, target, bytes.NewBuffer(json)) 201 | if err != nil { 202 | return "", 0, err 203 | } 204 | 205 | // set the request header Content-Type for json. 206 | req.Header.Set("Content-Type", "application/json; charset=utf-8") 207 | 208 | resp, err := myClient.Do(req) 209 | if err != nil { 210 | return "", 0, err 211 | } 212 | 213 | body, err := ioutil.ReadAll(resp.Body) 214 | if err != nil { 215 | return "", 0, err 216 | } 217 | 218 | sb := string(body) 219 | 220 | resp.Body.Close() 221 | 222 | return resp.Status, len(sb), nil 223 | } 224 | 225 | // Request performs a request. 226 | func Request(target string, method string) (string, int, error) { 227 | // Create request. 228 | req, err := http.NewRequest(method, target, nil) 229 | if err != nil { 230 | return "", 0, err 231 | } 232 | 233 | // Fetch Request. 234 | resp, err := myClient.Do(req) 235 | if err != nil { 236 | return "", 0, err 237 | } 238 | defer resp.Body.Close() 239 | 240 | // Read Response Body. 241 | body, err := ioutil.ReadAll(resp.Body) 242 | if err != nil { 243 | return "", 0, err 244 | } 245 | 246 | sb := string(body) 247 | 248 | return resp.Status, len(sb), nil 249 | } 250 | --------------------------------------------------------------------------------