Skip to content

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.

License

Notifications You must be signed in to change notification settings

cyb3rzest/vasuki

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation


Vasuki

An automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.


I made this tool to automate my recon and save my time. It really give me headache always type such command and then wait to complete one command and I type other command. So I collected some of the tools which is widely used in the bugbounty field. In this script I used findomain, assetfinder, subfinder, amass, httpx, massdns, masscan, nmap, sublister, gauplus and gf patterns and then it uses dirsearch, dalfox, nuclei and kxss to find some low-hanging fruits.

The script first enumerates all the subdomains of the give target domain using assetfinder, sublister, subfinder, findomain and amass then filters all live domains from the whole subdomain list then it extarct titles of the subdomains using httpx, then it scans for IP-Ports as well as perfom nmap scan, then it scans for subdomain takeover using nuclei. Then it uses gauplus to extract paramters of the given subdomains then it use gf patterns to filters xss, ssti, ssrf, sqli params from that given subdomains and then it scans for low hanging fruits as well. Then it'll save all the output in a text file like target-xss.txt. Then it will send the notifications about the scan using notify.

How vasuki works


Vasuki mindmap


Installation

Requirements: Go Language and Python 3.
System requirements: Recommended to run on vps with 1VCPU and 2GB RAM.

Tools used - You must need to install these tools to use this script

subfindersublist3rgf patternsdnsxassetfinderhttpxkxssnucleidalfoxanewnotifyaquatoneamassgaucrlfuzzuroffufnaabumassdnsmasscangobustergospiderwaybackurls

#Make sure you're root before installing the tool

vasuki:~ sudo su
vasuki:~ apt install git
vasuki:~ git clone https://github.com/cyb3rzest/Vasuki.git && cd Vasuki/ && chmod +x vasuki vasuki_install.sh && mv vasuki /usr/bin/ && ./vasuki_install.sh

Note: If you encounter any-issue while running vasuki_install.sh file or vasuki run sed -i -e 's/\r$//' vasuki_install.sh

Usage

                ██╗░░░██╗░█████╗░░██████╗██╗░░░██╗██╗░░██╗██╗
                ██║░░░██║██╔══██╗██╔════╝██║░░░██║██║░██╔╝██║
                ╚██╗░██╔╝███████║╚█████╗░██║░░░██║█████═╝░██║
                ░╚████╔╝░██╔══██║░╚═══██╗██║░░░██║██╔═██╗░██║
                ░░╚██╔╝░░██║░░██║██████╔╝╚██████╔╝██║░╚██╗██║
                ░░░╚═╝░░░╚═╝░░╚═╝╚═════╝░░╚═════╝░╚═╝░░╚═╝╚═╝

[VASUKI] == A Reconnaissance Suite for BUG-HUNTERS (@CyberZest)
Subscribe on YouTube (@CyberZest)

Example Usage:
vasuki [-d target.tld] [-x exclude domains] [-r resolvers] [-rF resolvers list] [--json] [-s]

Flags:
   -d, --domain            string       Add your target                         -d target.tld
   -x, --exclude           string       Exclude out of scope domains            -x ~/dommains.list
   -r, --resolver          string       Resolver Name                           -r 8.8.8.8, 8.8.4.4, 10.10.10.10
   -rF, --resolvers        string       Resolver File List                      -rF ~/resolver.txt

Optional Flags:
   -s, --silent        Hide output in the terminal             Default: False
   -j, --json          Store output in a single json file      Default: False
   -v, --version       Print current version of vasuki

Fix errors while using or installing vasuki

vasuki:~ chmod +x vasuki_install.sh && ./vasuki_install.sh
Error: ./vasuki_install.sh : /bin/bash^M : bad interpretor: No such file or directory
                                                    
# fix
vasuki:~ sed -i -e 's/\r$//' vasuki_install.sh

You can also copy the error and search on google this will make your debugging skills better ;)

Example Usage

# vasuki -d hackerone.com

Exclude out of scope domains

# echo test.hackerone.com > excludedomain.txt
# vasuki -d hackerone.com -x ~/excludedomain.txt

With all flags

# vasuki -d hackerone.com -j -s -x /home/excludedomain.txt

Hide output in the terminal

# vasuki -d hackerone.com -s

Store output in a single json file

# vasuki -d hackerone.com -s -j
# cd ~/vasuki_results/hackerone-$date
# cat output.json | jq
{
  "nuclei_critical": [],
  "vuln_crlf": [],
  "dalfox": [
    "[POC][V][GET][inATTR-double(3)-URL] http://subdomain.target.tld/hpp?pp=FUZZ%22onpointerout%3Dconfirm.call%28null%2C1%29+class%3Ddalfox+",
    ----------------------snip----------------------
    "subdomains": [
      "sub.target.tld",
      "tub.target.tld",
      "subdomain.target.tld"
  ],
  "vuln_xss": [
    "[POTENTIAL XSS] - http://subdomain.target.tld/hpp/?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E ",
    "[POTENTIAL XSS] - http://subdomain.target.tld:80/hpp/?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E ",
    "[POTENTIAL XSS] - http://subdomain.target.tld:80/hpp/index.php?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E "
  ]
}

Docker

This image needs to be built with Buildkit

vasuki:~ git clone https://github.com/cyb3rzest/vasuki.git
vasuki:~ cd vasuki 
vasuki:~ docker buildx build -t vasuki -f Dockerfile .

To run the container

vasuki:~ docker run -t --rm \
  -v "/path/on/host":"/output" \   # Mount the Host Output Folder to "/output"
  -v "/path/to/configs":"/vasuki/.config/notify" \   # Mount your Notify Config files to "/vasuki/.config/notify"
  vasuki -d hackerone.com

vasuki runs as root inside the container & so it is advisable to configure Linux Namespaces

  1. Isolate containers with a user namespace
  2. Use Linux user namespaces to fix permissions in docker volumes

Notifications

@slack@discord@telegramconfigure-notify

Donate

|buymeacoffee.com/cyb3rzest|PayPal India| |--------|--------|------|

Thanks to the authors of the tools used in this script.

@aboul3la @tomnomnom @lc @hahwul @projectdiscovery @maurosoria @shelld3v @devanshbatham @michenriksen @defparam @projectdiscovery @bp0lr @ameenmaali @dwisiswant0 @OWASP @1ndianl33t @sqlmapproject @w9w @OJ @jaeles-project @s0md3v @ffuf @blechschmidt @robertdavidgraham @Asheem Shrey

Warning: This code was originally created for personal use, it generates a substantial amount of traffic, please use with caution.