Update to v3.2

Fixed some error and added bhedak and some other filters and json output feature.
R0X4R · Dec 9, 2021 · ac61406 · ac61406
2 parents 85a196b + 45f8b8a
commit ac61406
Show file tree

Hide file tree

Showing 3 changed files with 301 additions and 205 deletions.
diff --git a/README.md b/README.md
@@ -22,7 +22,7 @@ I made this tool to automate my recon and save my time. It really give me headac
 The script first enumerates all the subdomains of the give target domain using assetfinder, sublister, subfinder and amass then filters all live domains from the whole subdomain list then it extarct titles of the subdomains using httpx then it scans for subdomain takeover using nuclei. Then it uses gauplus to extract paramters of the given subdomains then it use gf patterns to filters xss, ssti, ssrf, sqli params from that given subdomains and then it scans for low hanging fruits as well. Then it'll save all the output in a text file like target-xss.txt. Then it will send the notifications about the scan using notify. <br/>
 
 ```txt
-What's new in v3.0: Fixed some error and added naabu for port scanning and uro for url filtering
+What's new in v3.2: Fixed some error and added bhedak and some other filters and json output feature.
 ```
 
 <h3 align="left">How garud works</h3>
@@ -79,16 +79,20 @@ garud:~ git clone https://github.com/R0X4R/Garud.git && cd Garud/ && chmod +x ga
 [GARUD] - Coded by R0X4R in INDIA with <3
 
 Example Usage:
-garud [-d target.tld] [-o output destination] [-t threads] [-b blind xss URL] [-x OOS domains]
+garud [-d target.tld] [-o output destination] [-t threads] [-b blind xss URL] [-x OOS domains] [--json] [-s] [-r]
 
 Flags:
-  -b, --blind          Add your xss server for BXSS [Default: false] (e.g. -b test.xss.ht)
-  -d, --domain         Add your target (e.g -d target.tld)
-  -o, --output         Write to output folder (e.g -o results/)
-  -s, --silent         Hide output in the terminal [Default: false]
-  -t, --threads        Number of threads [Default: 100] (e.g. -t 300)
-  -v, --version        Print current version of Garud
-  -x, --exclude        Exclude out of scope domains [Default: false] (e.g. -x ~/oosdomains.txt)                                                    
+   -b, --blind                  string     Add your xss server for BXSS            -b test.xss.ht
+   -d, --domain                 string     Add your target                         -d target.tld
+   -o, --output                 string     Write to output folder                  -o results
+   -t, --threads                int        Number of threads                       -t 100
+   -x, --exclude                string     Exclude out of scope domains            -x /home/oosd.txt
+
+Optional Flags:
+   -s, --silent                            Hide output in the terminal             Default: False
+   -j, --json                              Store output in a single json file      Default: False
+   -r, --remove                            Delete everything except json output    Default: False
+   -v, --version                           Print current version of Garud                                                  
 ```
 
 **Fix errors while using or installing Garud**
@@ -104,35 +108,66 @@ You can also copy the error and search on google this will make your debugging s
 
 **Example Usage**
 
-```bash
-garud:~ garud -d hackerone.com -o hackerone
+```txt
+# garud -d hackerone.com -o hackerone
 ```
 Add threads to your scan
-```bash
-garud:~ garud -d hackerone.com -o hackerone -t 200
+```txt
+# garud -d hackerone.com -o hackerone -t 200
 ```
 Scan for blind xss, you can get your xss server from [`xsshunter.com`](https://xsshunter.com/)
-```bash
-garud:~ garud -d hackerone.com -o hackerone -b test.xss.ht
+```txt
+# garud -d hackerone.com -o hackerone -b test.xss.ht
 ```
 Exclude out of scope domains
-```bash
-garud:~ echo test.hackerone.com > ossdomain.txt
-garud:~ garud -d hackerone.com -o hackerone -x ~/ossdomain.txt
+```txt
+# echo test.hackerone.com > ossdomain.txt
+# garud -d hackerone.com -o hackerone -x ~/ossdomain.txt
 ```
 With all flags
-```bash
-garud:~ garud -d hackerone.com -o hackerone -t 300 -b test.xss.ht -x ~/ossdomain.txt
+```txt
+# garud -d hackerone.com -o hackerone -t 300 -b test.xss.ht -x ~/ossdomain.txt
 ```
 
 Hide output in the terminal
 
-```bash
-garud:~ garud -d hackerone.com -o hackerone -t 300 -b test.xss.ht -x ~/ossdomain.txt -s
+```txt
+# garud -d hackerone.com -o hackerone -t 300 -b test.xss.ht -x ~/ossdomain.txt -s
+```
+
+Store output in a single `json` file
+
+```txt
+# garud -d hackerone.com -o hackerone -t 300 -b test.xss.ht -x ~/ossdomain.txt -s -j
+# cd hackerone
+# cat output.json | jq
+{
+  "nuclei_critical": [],
+  "vuln_crlf": [],
+  "dalfox": [
+    "[POC][V][GET][inATTR-double(3)-URL] http://subdomain.target.tld/hpp?pp=FUZZ%22onpointerout%3Dconfirm.call%28null%2C1%29+class%3Ddalfox+",
+    ----------------------snip----------------------
+    "subdomains": [
+      "sub.target.tld",
+      "tub.target.tld",
+      "subdomain.target.tld"
+  ],
+  "vuln_xss": [
+    "[POTENTIAL XSS] - http://subdomain.target.tld/hpp/?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E ",
+    "[POTENTIAL XSS] - http://subdomain.target.tld:80/hpp/?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E ",
+    "[POTENTIAL XSS] - http://subdomain.target.tld:80/hpp/index.php?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E "
+  ]
+}
+```
+
+Remove everything except some folders and `json` output.
+
+```txt
+# garud -d hackerone.com -o hackerone -t 300 -b test.xss.ht -x ~/ossdomain.txt -s -r
 ```
 
 Start where you left
-```bash
+```txt
 garud:~ garud -d hackerone.com. -o hackerone -t 300
 Starting scan...
 ^C # assume you stopped at nuclei scan