- Find a target
- Find all possible subdomains or links from the target as well as its subdomains.
Information gathering- subdomain enumeration
subfinder -d target url -all -o example.txt -vFinding active and removing duplicates subdomains
cat example.txt | httpx > uniq.txtFetch javascript files from a list of URLS use TOOL - SUBJS
- installation > search subjs on browser > open link > click on release > subjs_1.0.1_linux_amd64.tar.gz > right click and copy link address.
wget https://github.com/lc/subjs/releases/download/v1.0.1/subjs_1.0.1_linux_amd64.tar.gz- unzip the file
tar -xvf subjs_1.0.1_linux_amd64.tar.gz- Check path
echo $path - Move the file at path
mv subjs /usr/bin/subjs- Run Tool
cat target.txt | subjs > targetsubjs.txt KATANA TOOL SETUP AND USAGE
- installation > search katana tool > go to github repository > and copy go cmd and paste it in your terminal
CGO_ENABLED=1 go install github.com/projectdiscovery/katana/cmd/katana@latest- check your path
export PATH=$PATH:/root/go/binNow try running Katana:
katana- Move the go to local bin
echo $PATHsudo mv /root/go/bin/katana /usr/local/bin/Now try running Katana:
katana --help- Fetch all urls of domain
katana -u target.com -d 5 - fetch only js file
katana -u target.com -d 5 -jc | grep ".js$"- fetch js files from our txt file
katana -list targetuniq.txt -jc -o targetjs.txt | grep ".js$"- unique urls
sort targetjs.txt |uniq -d > targetjsuniq.txt ANOTHER BACKUP TOOL IS GETJS
SECRETFINDER
- install
git clone https://github.com/m4ll0k/SecretFinder.git secretfinder- go to directory
cd secretfinder- check for requirements
python -m pip install -r requirements.txt or pip install -r requirements.txtOR
cat requirement.txtthen install requirements
- run the tool using
python3 SecretFinder.py- recon using
cat targetjsuniq.txt | while read url; do python3 SecretFinder/SecretFinder.py-i $url -o cli > outputstore.txt; done- sorted token list
grep -rE 'aws_access_key|aws_secret_key|api key |passwd|pwd|hero ku|slack | firebase|swagger|aws key password|ftp password|jdbc|db|sql|secret jet config|admin|json|gcp|htaccess|\.env|ssh key|. git| access key | secret token| oauth_token| oauth_token_secret' rapydsorted.txt NUCLEI TOOL
- Install
a. Download the Binary
curl -sSL https://github.com/projectdiscovery/nuclei/releases/latest/download/nuclei-linux-amd64.zip -o nuclei.zip b. Unzip the File
unzip nuclei.zipc. Move the Binary to /usr/local/bin
sudo mv nuclei /usr/local/bin/d. Verify Installation
nuclei -version- RUN TOOL using
nuclei -l targetjsuniq.txt -t nuclei-templates/file/keysMANTRA Tool
- install
go install github.com/MrEmpy/mantra@latest- use
cat targetjssorted.txt | mantra