Skip to content

v0.1.2

Latest
Latest

Choose a tag to compare

View all tags
@rix4uni rix4uni released this 02 Oct 15:53
· 62 commits to main since this release
v0.1.2
0f58689

Full Changelog: v0.1.1...v0.1.2

New Tools Added

  • AWSCLI
  • XSSRECON
  • SQLMAP
  • CRUNCHBASE (GarudRecon largescope)
  • ALLWILDCARDS (GarudRecon largescope)
  • TLDSCAN (GarudRecon largescope)

Bug Fixes

  • Fixed unew command not found.
  • Fixed RAM bug with dmidecode and free -t.
  • Removed “BUILTWITH” and “WHOXYSUBS” from mediumscope.

New Features

  • GarudRecon Fleet Added (Not Completed Yet):
    Distribute work across many VPS instances — split input automatically and run modules in parallel on 100+ hosts.

  • Short Commands Automatically Added to ~/.bashrc During Installation:

gs="garudrecon smallscope"
gm="garudrecon mediumscope"
gl="garudrecon largescope"
gcidr="garudrecon cidrscope"
gw="garudrecon workflow"
gf="garudrecon fleet"
gc="garudrecon cronjobs"
  • Discord Notifications:
    Sends notifications to Discord for interesting subdomains and leaks.

GarudRecon Largescope (Not Completed Yet)

  • Use the recommended flag for now. Collecting URLs for thousands of domains may cause the terminal to get killed:
garudrecon largescope -d domain -s

How GarudRecon Largescope Works

Example: choosing Google.

  • 267 acquisitions | wildcards | httpx
    Output:
google.com
apigee.com
  • After running TLDSCAN:
google.org
google.ac
google.ad
google.ae
apigee.org
apigee.ac
apigee.ad
apigee.ae
  • Then run subfinder or amass on TLDSCAN output.

Sends interesting_alivesubs to Discord

cat ${ROOT_SUBDOMAINDIR}/httpx.txt \
| awk '{print $1}' \
| grep -aEi '(^|[.-])(admin|administrator|auth|login|signin|sso|oauth|portal|dashboard|panel|cpanel|webmail|mail|exchange|dev|develop|development|test|testing|qa|quality|staging|stage|beta|alpha|demo|sandbox|lab|labs|preprod|pre-prod|prod|production|app|api|backend|frontend|web|secure|internal|intranet|extranet|private|grafana|kibana|prometheus|nagios|zabbix|cacti|splunk|elk|logs|metrics|monitoring|status|health|analytics|git|gitlab|github|bitbucket|svn|jenkins|build|ci|deploy|deployment|pipeline|db|database|mysql|postgres|mongodb|redis|elastic|elasticsearch|sql|phpmyadmin|adminer|support|help|helpdesk|ticket|tickets|service|services|customer|client|crm|vpn|remote|rdp|ssh|ftp|sftp|webvpn|citrix|vmware|horizon|backup|backups|old|legacy|archive|temp|tmp|upload|uploads|file|files)(\.|$)' \
| dlevel --silent --max-level \
| unew -el -i -t ${ROOT_SUBDOMAINDIR}/interesting_alivesubs.txt \
| notify -silent -duc -bulk -id ${ALIVESUBDOMAIN_NOTIFY} &>/dev/null

Sends interesting_alivesubs for Tech-Based Results to Discord

cat ${ROOT_SUBDOMAINDIR}/httpx.txt \
| grep -aEi 'IIS|IIS Windows Server|Microsoft-IIS|Windows Server|3CX|phppgadmin|phpmyadmin|jetty|jboss|kibana|grafana|gitlab|kubernetes|citrix|symfony|jira|geoserver|rocketmq|Cisco|Joomla|kafka|pfSense|sonicwall|Jenkins|GlobalProtect|Sentinel|AEM|Airflow|Zimbra|CPanel|cacti|jellyfin|ActiveMQ|phpLDAPadmin' \
| dlevel --silent --max-level \
| unew -el -i -t ${ROOT_SUBDOMAINDIR}/interesting_alivesubs.txt \
| notify -silent -duc -bulk -id ${ALIVESUBDOMAIN_NOTIFY} &>/dev/null
Assets 2
Loading