{"id":13587345,"url":"https://github.com/R0X4R/Garud","last_synced_at":"2025-04-07T21:33:38.668Z","repository":{"id":37669625,"uuid":"296587744","full_name":"R0X4R/Garud","owner":"R0X4R","description":"An automation tool that scans sub-domains, sub-domain takeover, then filters out XSS, SSTI, SSRF, and more injection point parameters and scans for some low hanging vulnerabilities automatically.","archived":false,"fork":false,"pushed_at":"2023-07-04T10:29:46.000Z","size":3524,"stargazers_count":786,"open_issues_count":6,"forks_count":177,"subscribers_count":16,"default_branch":"master","last_synced_at":"2025-04-03T22:11:10.161Z","etag":null,"topics":["assetfinder","bash-script","bugbounty","bugbounty-tool","bugbountytips","garud","gf-patterns","golang","penetration-testing","penetration-testing-tools","reconnaissance","subdomain-takeover","vulnerability","vulnerability-scanner"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/R0X4R.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"ko_fi":"R0X4R","custom":["https://pmny.in/bIKNZngt4ys1","https://www.buymeacoffee.com/R0X4R","https://www.paypal.com/paypalme/r0x4r"]}},"created_at":"2020-09-18T10:21:14.000Z","updated_at":"2025-04-03T10:47:03.000Z","dependencies_parsed_at":"2024-09-25T01:41:14.418Z","dependency_job_id":"dc95dc4b-604e-40dc-84f2-af2c296daaf8","html_url":"https://github.com/R0X4R/Garud","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R0X4R%2FGarud","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R0X4R%2FGarud/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R0X4R%2FGarud/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R0X4R%2FGarud/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/R0X4R","download_url":"https://codeload.github.com/R0X4R/Garud/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247732880,"owners_count":20986947,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assetfinder","bash-script","bugbounty","bugbounty-tool","bugbountytips","garud","gf-patterns","golang","penetration-testing","penetration-testing-tools","reconnaissance","subdomain-takeover","vulnerability","vulnerability-scanner"],"created_at":"2024-08-01T15:06:10.016Z","updated_at":"2025-04-07T21:33:37.856Z","avatar_url":"https://github.com/R0X4R.png","language":"Shell","funding_links":["https://ko-fi.com/R0X4R","https://pmny.in/bIKNZngt4ys1","https://www.buymeacoffee.com/R0X4R","https://www.paypal.com/paypalme/r0x4r","https://ko-fi.com/i/IK3K34SJSA"],"categories":["Shell","Shell (473)","bugbounty","Pentesting"],"sub_categories":["Payloads"],"readme":"\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://github.com/R0X4R/Garud/\"\u003e\u003cimg src=\".github/img/garud.png\" width=\"500px\" alt=\"Garud\"\u003e\u003c/a\u003e\n\u003c/h1\u003e\n                                                                                                                                            \n\u003ch4 align=\"center\"\u003eAn automation tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more injection point parameters.\u003c/h4\u003e\n\n\u003cp align=\"center\"\u003e\n\u003ca href=\"#\"\u003e\u003cimg src=\"https://madewithlove.org.in/badge.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://ko-fi.com/i/IK3K34SJSA\"\u003e\u003cimg src=\"https://img.shields.io/badge/buy%20me%20a%20ko--fi%20-donate-red\"\u003e\u003c/a\u003e\n\u003ca href=\"https://twitter.com/R0X4R/\"\u003e\u003cimg src=\"https://img.shields.io/badge/twitter-%40R0X4R-blue.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/R0X4R/Garud/issues\"\u003e\u003cimg src=\"https://img.shields.io/badge/contributions-welcome-brightgreen.svg?style=flat\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/R0X4R/Garud/blob/master/LICENSE\"\u003e\u003cimg src=\"https://img.shields.io/badge/License-MIT-yellow.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"#\"\u003e\u003cimg src=\"https://img.shields.io/badge/Made%20with-Bash-1f425f.svg\"\u003e\u003c/a\u003e\n\u003ca href=\"https://github.com/R0X4R?tab=followers\"\u003e\u003cimg src=\"https://img.shields.io/badge/github-%40R0X4R-orange\"\u003e\u003c/a\u003e\n\u003c/p\u003e\n\n---\n\nI made this tool to automate my recon and save my time. It really give me headache always type such command and then wait to complete one command and I type other command. So I collected some of the tools which is widely used in the bugbounty field. In this script I used Assetfinder, subfinder, amass, httpx, sublister, gauplus and gf patterns and then it uses dirsearch, dalfox, nuclei and kxss to find some low-hanging fruits.\u003cbr/\u003e \n\nThe script first enumerates all the subdomains of the give target domain using assetfinder, sublister, subfinder and amass then filters all live domains from the whole subdomain list then it extarct titles of the subdomains using httpx then it scans for subdomain takeover using nuclei. Then it uses gauplus to extract paramters of the given subdomains then it use gf patterns to filters xss, ssti, ssrf, sqli params from that given subdomains and then it scans for low hanging fruits as well. Then it'll save all the output in a text file like target-xss.txt. Then it will send the notifications about the scan using notify. \u003cbr/\u003e\n\n```txt\nWhat's new in v4.0: fixed some previous issues and filter out time waste vulns(you need to find them manually) and added dorking.\n```\n\n\u003ch3 align=\"left\"\u003eHow garud works\u003c/h3\u003e\n\u003cp align=\"center\"\u003e\u003cbr/\u003e\n\u003cimg src=\".github/img/mindmap.png\" alt=\"garud mindmap\"\u003e\u003cbr/\u003e\n\u003c!-- \u003cimg src=\"img/roadmap.png\" alt=\"How garud works\"\"\u003e --\u003e\n\u003c/p\u003e\u003cbr/\u003e\n\n\u003ch3\u003eInstallation\u003c/h3\u003e\n\n**Requirements:** ``Go Language`` and ``Python 3``.\u003cbr\u003e\n**System requirements:** Recommended to run on vps with ``1VCPU`` and ``2GB RAM``.\u003cbr\u003e\n\n**Tools used - You must need to install these tools to use this script**\u003cbr\u003e\n\n  \u003ca href=\"https://github.com/projectdiscovery/subfinder\"\u003e`subfinder`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/aboul3la/Sublist3r\"\u003e`sublist3r`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/1ndianl33t/Gf-Patterns\"\u003e`gf patterns`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/projectdiscovery/dnsx\"\u003e`dnsx`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/tomnomnom/assetfinder\"\u003e`assetfinder`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/projectdiscovery/httpx\"\u003e`httpx`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/Emoe/kxss\"\u003e`kxss`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/projectdiscovery/nuclei\"\u003e`nuclei`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/hahwul/dalfox\"\u003e`dalfox`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/tomnomnom/anew\"\u003e`anew`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/projectdiscovery/notify\"\u003e`notify`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/michenriksen/aquatone\"\u003e`aquatone`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/OWASP/Amass\"\u003e`amass`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/lc/gau\"\u003e`gau`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/dwisiswant0/crlfuzz\"\u003e`crlfuzz`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/s0md3v/uro\"\u003e`uro`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/ffuf/ffuf\"\u003e`ffuf`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/projectdiscovery/naabu\"\u003e`naabu`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/Cgboal/SonarSearch\"\u003e`crobat`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/OJ/gobuster\"\u003e`gobuster`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/jaeles-project/gospider\"\u003e`gospider`\u003c/a\u003e •\n  \u003ca href=\"https://github.com/tomnomnom/waybackurls\"\u003e`waybackurls`\u003c/a\u003e\u003cbr\u003e\n\n\n```bash\n#Make sure you're root before installing the tool\n\ngarud:~ sudo su\ngarud:~ apt install git\ngarud:~ git clone https://github.com/R0X4R/Garud.git \u0026\u0026 cd Garud/ \u0026\u0026 chmod +x garud install.sh \u0026\u0026 mv garud /usr/bin/ \u0026\u0026 ./install.sh\n```\n\n\u003e **Note**: If you encounter any-issue while running `install.sh` file or `garud` run `sed -i -e 's/\\r$//' install.sh`\n\n\u003ch3\u003eUsage\u003c/h3\u003e\n\n\n```js \n\n\n                █▀▀▀ █▀▀█ █▀▀█ █░░█ █▀▀▄\n                █░▀█ █▄▄█ █▄▄▀ █░░█ █░░█\n                ▀▀▀▀ ▀░░▀ ▀░▀▀ ░▀▀▀ ▀▀▀░\n\n[GARUD] == A RECONNAISSANCE SUITE FOR BUG BOUNTY (@R0X4R)\n\nExample Usage:\ngarud [-d target.tld] [-x exclude domains] [--json] [-s]\n\nFlags:\n   -d, --domain                 string     Add your target                         -d target.tld\n   -x, --exclude                string     Exclude out of scope domains            -x /home/dommains.list\n\nOptional Flags:\n   -s, --silent                            Hide output in the terminal             Default: False\n   -j, --json                              Store output in a single json file      Default: False\n   -v, --version                           Print current version of Garud\n\n```\n\n**Fix errors while using or installing Garud**\n    \n```bash\ngarud:~ chmod +x install.sh \u0026\u0026 ./install.sh\nError: ./install.sh : /bin/bash^M : bad interpretor: No such file or directory\n                                                    \n# fix\ngarud:~ sed -i -e 's/\\r$//' install.sh\n```\nYou can also copy the error and search on google this will make your debugging skills better ;)\n\n**Example Usage**\n\n```txt\n# garud -d hackerone.com\n```\nExclude out of scope domains\n```txt\n# echo test.hackerone.com \u003e ossdomain.txt\n# garud -d hackerone.com -x ~/ossdomain.txt\n```\nWith all flags\n```txt\n# garud -d hackerone.com -j -s -x /home/oss.txt\n```\n\nHide output in the terminal\n\n```txt\n# garud -d hackerone.com -s\n```\n\nStore output in a single `json` file\n\n```txt\n# garud -d hackerone.com -s -j\n# cd hackerone\n# cat output.json | jq\n{\n  \"nuclei_critical\": [],\n  \"vuln_crlf\": [],\n  \"dalfox\": [\n    \"[POC][V][GET][inATTR-double(3)-URL] http://subdomain.target.tld/hpp?pp=FUZZ%22onpointerout%3Dconfirm.call%28null%2C1%29+class%3Ddalfox+\",\n    ----------------------snip----------------------\n    \"subdomains\": [\n      \"sub.target.tld\",\n      \"tub.target.tld\",\n      \"subdomain.target.tld\"\n  ],\n  \"vuln_xss\": [\n    \"[POTENTIAL XSS] - http://subdomain.target.tld/hpp/?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E \",\n    \"[POTENTIAL XSS] - http://subdomain.target.tld:80/hpp/?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E \",\n    \"[POTENTIAL XSS] - http://subdomain.target.tld:80/hpp/index.php?pp=%22%3E%2F%3E%3Csvg%2Fonload%3Dconfirm%28document.domain%29%3E \"\n  ]\n}\n```\n\n**Docker**\n\nContributed by [`@frost19k`](https://github.com/frost19k)\n\nThis image needs to be built with [`Buildkit`](https://docs.docker.com/develop/develop-images/build_enhancements/)\n```bash\ngarud:~ git clone https://github.com/R0X4R/Garud.git\ngarud:~ cd Garud \ngarud:~ docker buildx build -t garud -f Dockerfile .\n```\n\nTo run the container\n```bash\ngarud:~ docker run -t --rm \\\n  -v \"/path/on/host\":\"/output\" \\   # Mount the Host Output Folder to \"/output\"\n  -v \"/path/to/configs\":\"/Garud/.config/notify\" \\   # Mount your Notify Config files to \"/Garud/.config/notify\"\n  garud -d hackerone.com\n```\nGarud runs as root inside the container \u0026 so it is advisable to configure Linux Namespaces \n1. [Isolate containers with a user namespace](https://docs.docker.com/engine/security/userns-remap/)\n2. [Use Linux user namespaces to fix permissions in docker volumes](https://www.jujens.eu/posts/en/2017/Jul/02/docker-userns-remap/)\n\n\u003ch3\u003eNotifications\u003c/h3\u003e\n\n[`@slack`](https://slack.com/intl/en-it/help/articles/115005265063-Incoming-webhooks-for-Slack) •\n[`@discord`](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) •\n[`@telegram`](https://core.telegram.org/bots#3-how-do-i-create-a-bot) •\n[`configure-notify`](https://github.com/projectdiscovery/notify#config-file)\n                                                                \n\u003cp align=\"left\"\u003e\n\u003ch3\u003eDonate\u003c/h3\u003e \n\n|[`buymeacoffee.com/R0X4R`](https://www.buymeacoffee.com/R0X4R)|[`payU India`](https://pmny.in/bIKNZngt4ys1)|[`kofi.com/R0X4R`](https://ko-fi.com/i/IK3K34SJSA)|\n|--------|--------|------|\n\n### Thanks to the authors of the tools used in this script.\n\n[`@aboul3la`](https://github.com/aboul3la) [`@tomnomnom`](https://github.com/tomnomnom) [`@lc`](https://github.com/lc) [`@hahwul`](https://github.com/hahwul) [`@projectdiscovery`](https://github.com/projectdiscovery) [`@maurosoria`](https://github.com/maurosoria) [`@shelld3v`](https://github.com/shelld3v) [`@devanshbatham`](https://github.com/devanshbatham) [`@michenriksen`](https://github.com/michenriksen) [`@defparam`](https://github.com/defparam/) [`@projectdiscovery`](https://github.com/projectdiscovery) [`@bp0lr`](https://github.com/bp0lr/) [`@ameenmaali`](https://github.com/ameenmaali) [`@dwisiswant0`](https://github.com/dwisiswant0) [`@OWASP`](https://github.com/OWASP/) [`@1ndianl33t`](https://github.com/1ndianl33t) [`@sqlmapproject`](https://github.com/sqlmapproject) [`@w9w`](https://github.com/w9w) [`@OJ`](https://github.com/OJ) [`@jaeles-project`](https://github.com/jaeles-project) [`@s0md3v`](https://github.com/s0md3v) [`@ffuf`](https://github.com/ffuf)\n\nThanks to all the contributors [`contributors.md`](.github/contributors.md)\n\n**Warning:** This code was originally created for personal use, it generates a substantial amount of traffic, please use with caution.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FR0X4R%2FGarud","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FR0X4R%2FGarud","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FR0X4R%2FGarud/lists"}