50 |
51 | what this tool do.
52 | 1. it gathers subdomain using
53 | * sublist3r
54 | * subfinder
55 | append these data to a text file namely combined.txt in the folder /target/hussh-date/combined.txt and trim the duplicasy
56 | 2. check for active subdomains
57 | * check all the active domains in the combined.txt using a tool httprobe by tomnomnom and then keep only https:// sources there as these are the ultimate target.
58 | * use a go script named as go to find out the status code of all the domains this script is also the modified version of a script named _ by tomnomnom and then grep out the url having status code 200 and 302. append these data to a file named a as usefull.txt
59 | 3. way back machine
60 | * check for the url from usefull.txt in wyback machine and writesd the output in /target/hussh-date/wb.txt
61 | * now using a file inturl which is also inspired from _ by tomnomnom it sorts out only intersting files from web.txt
62 | 4. spider the subdomains
63 | * using gospider aas my long companion to spider the subdomains and find all other subdomains that may be available there
64 | * now filtering out the usfull data such as sites with url|robots|javascript|subdomains|forms using grep and appending them to a file /target/hussh-date/vulnd.txt
65 | 5. finding intersting files
66 | * appending usefull.txt and vulnd.txt to a file name vuln.txt and removing the duplicates.
67 | * again finding interesting files from vuln.txt
68 | 6. hunting or vulnerability
69 | * hunt for cors vulnerability in vulns.txt using cors script by tomnomnom
70 |
71 | please add other vulnerability
72 | and fork if using
73 |
--------------------------------------------------------------------------------
/cors:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/harshnandwana/hussh/165a48d82e38573fcd2fd360767595cc2998c8f2/cors
--------------------------------------------------------------------------------
/go:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/harshnandwana/hussh/165a48d82e38573fcd2fd360767595cc2998c8f2/go
--------------------------------------------------------------------------------
/html.sh:
--------------------------------------------------------------------------------
1 | html(){
2 | rm ./$1/$foldername/$1.html
3 | touch ./$1/$foldername/$1.html
4 | echo " report for $1 " >> ./$1/$foldername/$1.html
5 | echo "" >> ./$1/$foldername/$1.html
6 | echo "" >> ./$1/$foldername/$1.html
7 | echo "" >> ./$1/$foldername/$1.html
8 | echo "" >> ./$1/$foldername/$1.html
9 | echo " " >> ./$1/$foldername/$1.html
10 | echo "