Garud – Sub-domain Scanner, Sub-domain Takeover With XSS, SSRF, SSTI

In Web application penetration testing scanning for sub-domains is one of the crucial parts. Sub-domains can give hackers and bug bounty hunters lots of bugs to exploit if they are scanned thoroughly. But there are lots of sub-domains of one domain and it can’t be checked manually.

To tackle this problem many hackers and penetration tester use automated tools to do this. Today we are going to talk about one of the tools which can be used to scan the sub-domains and also checks for possible sub-domain takeover.

The name of the tool is Garud by R0X4R.

What is “Garud”?

Garud is a collection of tools like Assetfinder, get-titles, httprobe, subjack, subzy, sublister, etc. All combined in one single tool.

The script first enumerates all the subdomains of the given target domain using assetfinder and sublister then filters all live domains from the whole subdomain list then extracts titles of the subdomains using get-title then it scans for subdomain takeover using subjack and subzy. Then it uses gau to extract parameters of the given subdomains then it uses gf patterns to filters XSS, ssti, ssrf, SQL params from that given subdomains, and then it scans for low hanging fruits as well. Then it’ll save all the output in a text file like target-xss.txt.

How to install Garud?

As Garud requires Go and Python as a prerequisite and root access, it can be installed in any device like Linux, Termux(if root).

System requirements: Recommended to run on vps with 1VCPU and 2GB ram.

• Tools used – You must need to install these tools to use this script
  • SubFinder
  • Sublist3r
  • GF Patterns
  • Get Title
  • Takeover.py
  • Subzy
  • Subjack
  • Assetfinder
  • HTTPX
  • Kxss
  • QSreplace
  • FFuF
  • Nuclei
  • Dalfox
  • Dirsearch
  • ANEW
  • ParamSpider
  • Notify
  • Aquatone
  • hakrawler

Installation – Make sure you’re root before installing the tool

Linux(recommended)

Clone the repository

git clone https://github.com/R0X4R/Garud.git

Change Directory to Garud

cd Garud/

Changing the access persmissions

chmod +x garud install.sh 

Moving garud to usr/bin

mv garud /usr/bin/ 

Installing the tool

./install.sh

Termux

If you have rooted android you can install this tool into you phone in termux by following the exactly same steps as Linux.

Usage

█▀▀ ▄▀█ █▀█ █░█ █▀▄
█▄█ █▀█ █▀▄ █▄█ █▄▀

coded by R0X4R with <3

Usage: -d       target you want to scan (target.com)
Usage: -f       output directory where you want to save file (~/target-output/)
Usage: -x       Exclude out of scope domains (~/out-domains.txt)
garud -d target.com -f target-output

Official GIF below

Warning: This code was originally created for personal use, it generates a substantial amount of traffic, please use it with caution.

check for more tool and hacking content on out blog page