webcopilot: enumerate subdomains of the target and detect vulnerabilities

by do son · Published November 4, 2023 · Updated May 1, 2024

WebCopilot

WebCopilot is an automation tool designed to enumerate subdomains of the target and detect vulnerabilities using different open-source tools.

The script first enumerates all the subdomains of the given target domain using assetfinder, sublister, subfinder, amass, findomain, hackertarget, riddler, and crt then does active subdomain enumeration using gobuster from SecLists wordlist then filters out all the live subdomains using dnsx then it extracts titles of the subdomains using httpx & scans for subdomain takeover using subjack. Then it uses gauplus & waybackurls to crawl all the endpoints of the given subdomains then it uses gf patterns to filter out xss, lfi, ssrf, sqli, open redirect & rce parameters from that given subdomains, and then it scans for vulnerabilities on the subdomains using different open-source tools (like kxss, dalfox, openredirex, nuclei, etc). Then it’ll print out the result of the scan and save all the output in a specified directory.

Features

Subdomain Enumeration using assetfinder, sublist3r, subfinder, amass, findomain, etc.
Active Subdomain Enumeration using gobuster & amass from SecLists/DNS wordlist.
Extract titles and take screenshots of live subdomains using aquatone & httpx.
Crawl all the endpoints of the subdomains using waybackurls & gauplus and filter out XSS, SQLi, SSRF, etc parameters using gf patterns.
Run different open-source tools (like dalfox, nuclei, sqlmap, etc) to search for vulnerabilities in these parameters and then save all the outputs in the folder.