add cors scanner

Author: kh4sh3i

README.md

@@ -62,12 +62,16 @@ chmod +x install.sh
 *  sqlmap-dev
 *  Unfurl
 *  nuclei
-*  deduplicate
 *  dalfox
 *  ParamSpider
 *  qsreplace
 *  notify
 *  Seclists collection
+*  CorsMe
+*  ppmap
+
+
+
 
 ## Vulnerability 
 this is not only recon tools ! we automate find bug for your :D

install.sh

@@ -194,12 +194,23 @@ go install  github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
 echo "done"
 
 
+echo "installing CorsMe"
+go install github.com/shivangx01b/CorsMe@latest
+echo "done"
+
 
-echo "installing deduplicate"
-go install github.com/nytr0gen/deduplicate@latest
+
+echo "installing CorsMe"
+go install github.com/kleiton0x00/ppmap@latest
 echo "done"
 
 
+
+# echo "installing deduplicate"
+# go install github.com/nytr0gen/deduplicate@latest
+# echo "done"
+
+
 echo "installing dalfox"
 go install github.com/hahwul/dalfox/v2@latest
 echo "done"

smartrecon.sh

@@ -172,12 +172,20 @@ screenshots(){
 }
 
 
-interesting(){
+getgau(){
+  echo "${green}fetch url from wayback,commoncrawl,otx,urlscan...${reset}"
+  cat ./$domain/$foldername/subdomain_live.txt | gau --blacklist jpg,jpeg,gif,css,js,tif,tiff,png,ttf,woff,woff2,ico,svg,eot  | qsreplace -a | tee ./$domain/$foldername/gau_output.txt
+  echo "${green}gau done.${reset}"
+}
+
+
+
+get_interesting(){
 	echo -e "${green}find interesting data in site...${reset}"
-	cat ./$domain/$foldername/subdomain_live.txt | waybackurls | qsreplace  -a | tee ./$domain/$foldername/waybackurls.txt
-  cat ./$domain/$foldername/waybackurls.txt | gf interestingEXT | grep -viE '(\.(js|css|pdf|svg|png|jpg|woff))' | sort -u | httpx -status-code -mc 200 -silent | awk '{ print $1}' > ./$domain/$foldername/interesting.txt
+  cat ./$domain/$foldername/gau_output.txt | gf interestingEXT | grep -viE '(\.(js|css|svg|png|jpg|woff))' | qsreplace -a | httpx -mc 200 -silent | awk '{ print $1}' > ./$domain/$foldername/interesting.txt
 }
 
+
 directory_bruteforce(){
   echo -e "${green}Starting directory bruteforce with FFUF...${reset}"
   # cat ./$domain/$foldername/subdomain_live.txt | $feroxbuster --stdin --silent -s 200 -n -w $dirsearchWordlist -o ./$domain/$foldername/directory.txt
@@ -206,7 +214,7 @@ SSRF_Scanner(){
 
 
   echo -e "${green}find SSRF vulnerability ...${reset}"
-  cat ./$domain/$foldername/waybackurls.txt | gf ssrf | qsreplace https://$LISTENSERVER | httpx -silent 
+  cat ./$domain/$foldername/gau_output.txt | gf ssrf | qsreplace https://$LISTENSERVER | httpx -silent 
   notify -bulk -data ./$domain/$foldername/listen_server.txt -silent
 
   # kill listen server
@@ -216,25 +224,34 @@ SSRF_Scanner(){
 
 XSS_Scanner(){
   echo -e "${green}find Xss vulnerability ...${reset}"
-  python3 $paramspider -d $domain -s TRUE -e jpg,jpeg,gif,css,js,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg,txt,eot -q -o ./$domain/$foldername/xss_result.txt 
-  cat ./$domain/$foldername/xss_result.txt | qsreplace  -a | httpx -silent -threads 500 -mc 200 |  dalfox pipe -S | tee ./$domain/$foldername/xss_raw_result.txt
+  # python3 $paramspider -d $domain -s TRUE -e jpg,jpeg,gif,css,js,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg,txt,eot -q -o ./$domain/$foldername/xss_result.txt 
+  cat ./$domain/$foldername/gau_output.txt | gf xss | qsreplace  -a | httpx -silent -threads 500 -mc 200 |  dalfox pipe -S | tee ./$domain/$foldername/xss_raw_result.txt
   cat ./$domain/$foldername/xss_raw_result.txt | cut -d ' ' -f2 | tee ./$domain/$foldername/xss_result.txt; notify -bulk -data ./$domain/$foldername/xss_result.txt -silent
 }
 
+
+CORS_Scanner(){
+  echo -e "${green}find CORS vulnerability ...${reset}"
+  # echo https://google.com | hakrawler -u | httpx -silent | CorsMe 
+  cat ./$domain/$foldername/gau_output.txt | qsreplace  -a | httpx -silent -threads 500 -mc 200 | CorsMe - t 70 -output ./$domain/$foldername/cors_result.txt
+}
+
+
+Prototype_Pollution_Scanner(){
+  echo -e "${green}find Prototype Pollution vulnerability ...${reset}"
+  cat ./$domain/$foldername/gau_output.txt | qsreplace  -a | httpx -silent -threads 500 -mc 200 | ppmap | tee ./$domain/$foldername/prototype_pollution_result.txt
+}
+
+
+
 # echo -e "${green}find sql injection with wayback ...${reset}"
 # python3 paramspider.py -d $domain -s TRUE -e woff,ttf,eot,css,js,png,svg,jpg | deduplicate --sort | httpx -silent | sqlmap
 
-# echo -e "${green}find open redirect vulnerability ...${reset}"
-# cat ./$domain/$foldername/waybackurls.txt | gf redirect | qsreplace  -a | httpx -silent |  while read domain; do python3 oralyzer.py -u $domain; done 
 
-# echo -e "${green}find CORS vulnerability ...${reset}"
-# echo https://google.com | hakrawler -u | httpx -silent | CorsMe 
 
-# echo -e "${green}find Prototype Pollution vulnerability ...${reset}"
-# echo https://google.com | hakrawler -u | httpx -silent | ppmap 
 
-# echo -e "${green}find dom xss with parameter pollution vulnerability ...${reset}"
-# cat ./$domain/$foldername/waybackurls.txt | httpx -silent | ppmap
+# echo -e "${green}find open redirect vulnerability ...${reset}"
+# cat ./$domain/$foldername/gau_output.txt | gf redirect | qsreplace  -a | httpx -silent |  while read domain; do python3 oralyzer.py -u $domain; done 
 
 
 
@@ -401,6 +418,7 @@ fi
   touch ./$domain/$foldername/interesting.txt
   touch ./$domain/$foldername/directory.txt
   touch ./$domain/$foldername/xss_raw_result.txt
+  touch ./$domain/$foldername/gau_output.txt
   touch ./$domain/$foldername/html_report.html
 
   cleantemp
@@ -414,7 +432,8 @@ fi
   subdomain_takeover $domain
 	checkhttprobe $domain
   screenshots $domain
-  interesting $domain
+  getgau $domain
+  get_interesting $domain
   if [[ -n "$brute" ]]; then 
     directory_bruteforce $domain
   fi
@@ -427,6 +446,14 @@ fi
   if [[ -n "$xss" ]]; then 
     XSS_Scanner $domain
   fi
+  # if [[ -n "$cors" ]]; then 
+  #   CORS_Scanner $domain
+  # fi
+  # if [[ -n "$prototype" ]]; then 
+  #   Prototype_Pollution_Scanner $domain
+  # fi
+
+
   report $domain
   echo "${green}Scan for $domain finished successfully${reset}" | notify -silent
   duration=$SECONDS