In Web application penetration testing scanning for sub-domains is one of the crucial parts. Sub-domains can give hackers and bug bounty hunters lots of bugs to exploit if they are scanned thoroughly. But there are lots of sub-domains of one domain and it can’t be checked manually.
To tackle this problem many hackers and penetration tester use automated tools to do this. Today we are going to talk about one of the tools which can be used to scan the sub-domains and also checks for possible sub-domain takeover.
The name of the tool is Garud by R0X4R.
What is “Garud”?
Garud is a collection of tools like Assetfinder, get-titles, httprobe, subjack, subzy, sublister, etc. All combined in one single tool.
The script first enumerates all the subdomains of the given target domain using assetfinder and sublister then filters all live domains from the whole subdomain list then extracts titles of the subdomains using get-title then it scans for subdomain takeover using subjack and subzy. Then it uses gau to extract parameters of the given subdomains then it uses gf patterns to filters XSS, ssti, ssrf, SQL params from that given subdomains, and then it scans for low hanging fruits as well. Then it’ll save all the output in a text file like target-xss.txt.
How to install Garud?
As Garud requires Go and Python as a prerequisite and root access, it can be installed in any device like Linux, Termux(if root).
System requirements: Recommended to run on vps with 1VCPU and 2GB ram.
- Tools used – You must need to install these tools to use this script
Installation – Make sure you’re root before installing the tool
Clone the repository
git clone https://github.com/R0X4R/Garud.git
Change Directory to Garud
Changing the access persmissions
chmod +x garud install.sh
Moving garud to usr/bin
mv garud /usr/bin/
Installing the tool
If you have rooted android you can install this tool into you phone in termux by following the exactly same steps as Linux.
█▀▀ ▄▀█ █▀█ █░█ █▀▄ █▄█ █▀█ █▀▄ █▄█ █▄▀ coded by R0X4R with <3 Usage: -d target you want to scan (target.com) Usage: -f output directory where you want to save file (~/target-output/) Usage: -x Exclude out of scope domains (~/out-domains.txt) garud -d target.com -f target-output
Official GIF below
Warning: This code was originally created for personal use, it generates a substantial amount of traffic, please use it with caution.
check for more tool and hacking content on out blog page