How I get +10 SQLi and +30 XSS via Automation Tool
Hello all, My name is Mahmoud Attia aka 0xelkot
This is a short story about how to automate your recon stuff and get more vulnerabilities.
Everyone doing the same circle story with any changing,
- Find Subdomains.
- Get alive subs.
- Nuclei all alive subs.
- Get Dublicates!!
So what we will do then ??!!
Think Out of The Box
There are a lot of tools testing Generic vulnerabilities and get a wonderful results.
One of this tools is xray, This is a fantastic tool to test Generic vulnerabilities with a crawler built-in with it.
This is some results from it.
So this is an Interesting adventure, Let’s make a script to automate all of it to test some bug bounty programs.
Firstly making a nice recon results to find subdomainds
Tools:
github-subdomains
subfinder -d $1 -silent | anew /root/$1/subs.txt
assetfinder -subs-only $1 | anew /root/$1/subs.txt
amass enum -passive -d $1 | anew /root/$1/subs.txt
python sublist3r.py -d $1| anew /root/$1/subs.txt
github-subdomains -t <github token> -d $1 | anew /root/$1/subs.txt
Then checking open ports and get live hosts
cat /root/$1/subs.txt | naabu -p — -silent | anew open-ports.txt
cat open-ports.txt | httpx -silent | anew alive.txt
Finally checking vulnerabilities
here we have two types of vulnerabilities:
1- CVEs and Misconfigurations .
2- Generic Vulnerabilities.
Everyone can find CVEs via Nuclei , but you can make your Own templates or use the others templates NOT only project discovery templates.
Cent is a tool collect all templates of nuclei from others Repos on GitHub and make it in one repo to test all nuclei templates on GitHub and validate all results later, So you will get an amazing results.
cat alive.txt | nuclei -t /path/to/cent/ -es info | anew nuclei-results.txt
Xray crawl every host and test generic vulnerabilities for all params on URL and Body request.
for i in $(cat /root/$1/alive.txt); do xray_linux_amd64 ws — basic-crawler $i — plugins xss,sqldet,xxe,ssrf,cmd-injection,path-traversal — ho $(date +”%T”).html ; done
Now, You can automate bug hunting process and be focus in something else.
This is the script from Github
For any question you can DM me at twitter 0xElkot
See y’all next time till then.
Happy Hacking ❤