An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.
I made this tool to automate my recon and save my time. It really give me headache always type such command and then wait to complete one command and I type other command. So I collected some of the tools which is widely used in the bugbounty field. In this script I used findomain, assetfinder, subfinder, amass, httpx, massdns, masscan, nmap, sublister, gauplus and gf patterns and then it uses dirsearch, dalfox, nuclei and kxss to find some low-hanging fruits.
The script first enumerates all the subdomains of the give target domain using assetfinder, sublister, subfinder, findomain and amass then filters all live domains from the whole subdomain list then it extarct titles of the subdomains using httpx, then it scans for IP-Ports as well as perfom nmap scan, then it scans for subdomain takeover using nuclei. Then it uses gauplus to extract paramters of the given subdomains then it use gf patterns to filters xss, ssti, ssrf, sqli params from that given subdomains and then it scans for low hanging fruits as well. Then it'll save all the output in a text file like target-xss.txt. Then it will send the notifications about the scan using notify.
Requirements: Go Language
and Python 3
.
System requirements: Recommended to run on vps with 1VCPU
and 2GB RAM
.
Tools used - You must need to install these tools to use this script
subfinder
•
sublist3r
•
gf patterns
•
dnsx
•
assetfinder
•
httpx
•
kxss
•
nuclei
•
dalfox
•
anew
•
notify
•
aquatone
•
amass
•
gau
•
crlfuzz
•
uro
•
ffuf
•
naabu
•
massdns
•
masscan
•
gobuster
•
gospider
•
waybackurls
#Make sure you're root before installing the tool
vasuki:~ sudo su
vasuki:~ apt install git
vasuki:~ git clone https://github.com/cyb3rzest/Vasuki.git && cd Vasuki/ && chmod +x vasuki vasuki_install.sh && mv vasuki /usr/bin/ && ./vasuki_install.sh
Note: If you encounter any-issue while running
vasuki_install.sh
file orvasuki
runsed -i -e 's/\r$//' vasuki_install.sh
██╗░░░██╗░█████╗░░██████╗██╗░░░██╗██╗░░██╗██╗
██║░░░██║██╔══██╗██╔════╝██║░░░██║██║░██╔╝██║
╚██╗░██╔╝███████║╚█████╗░██║░░░██║█████═╝░██║
░╚████╔╝░██╔══██║░╚═══██╗██║░░░██║██╔═██╗░██║
░░╚██╔╝░░██║░░██║██████╔╝╚██████╔╝██║░╚██╗██║
░░░╚═╝░░░╚═╝░░╚═╝╚═════╝░░╚═════╝░╚═╝░░╚═╝╚═╝
[VASUKI] == A Reconnaissance Suite for BUG-HUNTERS (@CyberZest)
Subscribe on YouTube (@CyberZest)
Example Usage:
vasuki [-d target.tld] [-x exclude domains] [-r resolvers] [-rF resolvers list] [--json] [-s]
Flags:
-d, --domain string Add your target -d target.tld
-x, --exclude string Exclude out of scope domains -x ~/dommains.list
-r, --resolver string Resolver Name -r 8.8.8.8, 8.8.4.4, 10.10.10.10
-rF, --resolvers string Resolver File List -rF ~/resolver.txt
Optional Flags:
-s, --silent Hide output in the terminal Default: False
-j, --json Store output in a single json file Default: False
-v, --version Print current version of vasuki
Fix errors while using or installing vasuki
vasuki:~ chmod +x vasuki_install.sh && ./vasuki_install.sh
Error: ./vasuki_install.sh : /bin/bash^M : bad interpretor: No such file or directory
# fix
vasuki:~ sed -i -e 's/\r$//' vasuki_install.sh
You can also copy the error and search on google this will make your debugging skills better ;)
Example Usage
# vasuki -d hackerone.com
Exclude out of scope domains
# echo test.hackerone.com > excludedomain.txt
# vasuki -d hackerone.com -x ~/excludedomain.txt
With all flags
# vasuki -d hackerone.com -j -s -x /home/excludedomain.txt
Hide output in the terminal
# vasuki -d hackerone.com -s
Store output in a single json
file
# vasuki -d hackerone.com -s -j
# cd ~/vasuki_results/hackerone-$date
# cat output.json | jq
{
"nuclei_critical": [],
"vuln_crlf": [],
"dalfox": [
"[POC][V][GET][inATTR-double(3)-URL] http://subdomain.target.tld/hpp?pp=FUZZ%22onpointerout%3Dconfirm.call%28null%2C1%29+class%3Ddalfox+",
----------------------snip----------------------
"subdomains": [
"sub.target.tld",
"tub.target.tld",
"subdomain.target.tld"
],
"vuln_xss": [
"[POTENTIAL XSS] - http://subdomain.target.tld/hpp/?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E ",
"[POTENTIAL XSS] - http://subdomain.target.tld:80/hpp/?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E ",
"[POTENTIAL XSS] - http://subdomain.target.tld:80/hpp/index.php?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E "
]
}
Docker
This image needs to be built with Buildkit
vasuki:~ git clone https://github.com/cyb3rzest/vasuki.git
vasuki:~ cd vasuki
vasuki:~ docker buildx build -t vasuki -f Dockerfile .
To run the container
vasuki:~ docker run -t --rm \
-v "/path/on/host":"/output" \ # Mount the Host Output Folder to "/output"
-v "/path/to/configs":"/vasuki/.config/notify" \ # Mount your Notify Config files to "/vasuki/.config/notify"
vasuki -d hackerone.com
vasuki runs as root inside the container & so it is advisable to configure Linux Namespaces
- Isolate containers with a user namespace
- Use Linux user namespaces to fix permissions in docker volumes
@slack
•
@discord
•
@telegram
•
configure-notify
|buymeacoffee.com/cyb3rzest
|PayPal India
|
|--------|--------|------|
@aboul3la
@tomnomnom
@lc
@hahwul
@projectdiscovery
@maurosoria
@shelld3v
@devanshbatham
@michenriksen
@defparam
@projectdiscovery
@bp0lr
@ameenmaali
@dwisiswant0
@OWASP
@1ndianl33t
@sqlmapproject
@w9w
@OJ
@jaeles-project
@s0md3v
@ffuf
@blechschmidt
@robertdavidgraham
@Asheem Shrey
Warning: This code was originally created for personal use, it generates a substantial amount of traffic, please use with caution.