webcopilot: enumerate subdomains of the target and detect vulnerabilities
WebCopilot
WebCopilot is an automation tool designed to enumerate subdomains of the target and detect vulnerabilities using different open-source tools.
The script first enumerates all the subdomains of the given target domain using assetfinder, sublister, subfinder, amass, findomain, hackertarget, riddler, and crt then does active subdomain enumeration using gobuster from SecLists wordlist then filters out all the live subdomains using dnsx then it extracts titles of the subdomains using httpx & scans for subdomain takeover using subjack. Then it uses gauplus & waybackurls to crawl all the endpoints of the given subdomains then it uses gf patterns to filter out xss, lfi, ssrf, sqli, open redirect & rce parameters from that given subdomains, and then it scans for vulnerabilities on the subdomains using different open-source tools (like kxss, dalfox, openredirex, nuclei, etc). Then it’ll print out the result of the scan and save all the output in a specified directory.
Features
- Subdomain Enumeration using assetfinder, sublist3r, subfinder, amass, findomain, etc.
- Active Subdomain Enumeration using gobuster & amass from SecLists/DNS wordlist.
- Extract titles and take screenshots of live subdomains using aquatone & httpx.
- Crawl all the endpoints of the subdomains using waybackurls & gauplus and filter out XSS, SQLi, SSRF, etc parameters using gf patterns.
- Run different open-source tools (like dalfox, nuclei, sqlmap, etc) to search for vulnerabilities in these parameters and then save all the outputs in the folder.
Install
WebCopilot requires git to install successfully. Run the following command as a root to install webcopilot
git clone https://github.com/h4r5h1t/webcopilot && cd webcopilot/ && chmod +x webcopilot install.sh && mv webcopilot /usr/bin/ && ./install.sh
Use
To run the tool on a target, just use the following command.
g!2m0:~ webcopilot -d bugcrowd.com
The -o command can be used to specify an output dir.
g!2m0:~ webcopilot -d bugcrowd.com -o bugcrowd
The -s command can be used for only subdomain enumerations (Active + Passive and also get title & screenshots).
g!2m0:~ webcopilot -d bugcrowd.com -o bugcrowd -s
The -t command can be used to add threads to your scan for faster results.
g!2m0:~ webcopilot -d bugcrowd.com -o bugcrowd -t 333
The -b command can be used for blind xss (OOB), you can get your server from xsshunter or interact
g!2m0:~ webcopilot -d bugcrowd.com -o bugcrowd -t 333 -b testServer.xss
The -x command can be used to exclude out-of-scope domains.
g!2m0:~ echo out.bugcrowd.com > excludeDomain.txt
g!2m0:~ webcopilot -d bugcrowd.com -o bugcrowd -t 333 -x excludeDomain.txt -b testServer.xss
Copyright (c) 2021 Harshit Raj Singh
Source: https://github.com/h4r5h1t/
