{"id":13539912,"url":"https://github.com/edoverflow/megplus","last_synced_at":"2025-04-02T06:31:54.670Z","repository":{"id":41203537,"uuid":"120101353","full_name":"EdOverflow/megplus","owner":"EdOverflow","description":"Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]","archived":true,"fork":false,"pushed_at":"2018-10-14T09:37:49.000Z","size":54,"stargazers_count":302,"open_issues_count":3,"forks_count":108,"subscribers_count":17,"default_branch":"master","last_synced_at":"2024-11-16T21:33:06.949Z","etag":null,"topics":["bugbounty","infosec","recon","reconnaissance","security"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/EdOverflow.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-02-03T15:05:22.000Z","updated_at":"2024-11-05T19:06:24.000Z","dependencies_parsed_at":"2022-09-12T13:25:49.640Z","dependency_job_id":null,"html_url":"https://github.com/EdOverflow/megplus","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EdOverflow%2Fmegplus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EdOverflow%2Fmegplus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EdOverflow%2Fmegplus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/EdOverflow%2Fmegplus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/EdOverflow","download_url":"https://codeload.github.com/EdOverflow/megplus/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246768295,"owners_count":20830643,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","infosec","recon","reconnaissance","security"],"created_at":"2024-08-01T09:01:33.923Z","updated_at":"2025-04-02T06:31:52.665Z","avatar_url":"https://github.com/EdOverflow.png","language":"Shell","funding_links":[],"categories":["\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","\u003ca id=\"170048b7d8668c50681c0ab1e92c679a\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"05ab1b75266fddafc7195f5b395e4d99\"\u003e\u003c/a\u003e未分类-OSINT"],"readme":"# meg+ [Deprecated]\n\nAutomated reconnaissance wrapper — [TomNomNom's](https://github.com/TomNomNom) [meg](https://github.com/tomnomnom/meg) on steroids.\n\n![](https://user-images.githubusercontent.com/18099289/35483349-202e7f30-0441-11e8-9f2c-07d27c142839.gif)\n\nBuilt by [TomNomNom](https://github.com/TomNomNom) and [EdOverflow](https://github.com/EdOverflow).\n\n## About\n\nThis wrapper will automate numerous tasks and help you during your reconnaissance process. The script finds common issues, low hanging fruit, and assists you when approaching a target. meg+ also allows you to scan **all** your in-scope targets on HackerOne in one go — it simply retrieves them using a GraphQL query.\n\nWatch TomNomNom's talk to learn more about his reconnaissance methodology:\n\n[![](https://i.ytimg.com/vi/DvS_ew77GXA/maxresdefault.jpg)](https://www.youtube.com/watch?v=DvS_ew77GXA)\n\n## Installation\n\nYou will need [Golang](https://golang.org/doc/), Python 2 or 3, and [PHP 7.0](https://user-images.githubusercontent.com/18099289/35768719-daaaf30c-0900-11e8-92ab-bdc2498c80bf.png) to use all the features provided by this tool. On top of that, make sure to install [meg](https://github.com/tomnomnom/meg), [waybackurls](https://github.com/tomnomnom/waybackurls), [Sublist3r](https://github.com/aboul3la/Sublist3r), and [gio](http://manpages.ubuntu.com/manpages/artful/man1/gio.1.html).\n\n```\ngit clone https://github.com/EdOverflow/megplus.git\ncd megplus\ngo get github.com/tomnomnom/meg\ngo get github.com/tomnomnom/waybackurls\ngit clone https://github.com/aboul3la/Sublist3r.git\n# See https://github.com/aboul3la/Sublist3r#dependencies\n```\n\n⚠ If you do not want to use `gio` or do not have `gio` on your machine, just comment out **all** the lines that have `gio` in them! Make sure to also remove the error message located here: https://github.com/EdOverflow/megplus/blob/master/megplus.sh#L65-L68.\n\n## Usage\n\nYou can either scan a list of hosts or use your HackerOne `X-Auth-Token` token to scan all the bug bounty programs that you participate in.\n\n```\n$ ./megplus.sh\n1) Usage - target list of domains:        ./megplus.sh \u003clist of domains\u003e\n2) Usage - target all HackerOne programs: ./megplus.sh -x \u003cH1 X-Auth-Token\u003e\n3) Usage - run sublist3r first:           ./megplus.sh -s \u003csingle host\u003e\n\n1) Example: ./megplus.sh domains\n2) Example: ./megplus.sh -x XXXXXXXXXXXXXXXX\n3) Example: ./megplus.sh -s example.com\n```\n\n## Usage - Docker 🐋\n\nIf you don't feel like installing all the dependencies mentioned above, you can simply run the `abhartiya/tools_megplus` Docker container, where `test.txt` is a sample file containing the URLs to test against. In your case, this will be the file containing the URLs you want to test:\n\n`docker run -v $(pwd):/megplus abhartiya/tools_megplus test.txt`\n\nThe command will run the `abhartiya/tools_megplus` Docker image as a container and mount the `pwd` onto the container as a volume (at `/megplus`), which makes the `test.txt` file available to the container. Once megplus finishes running, the `out` directory will be created in `pwd` with all the results.  \n\n\n## Scanner\n\nmeg+ will scan for the following things:\n \n- Sudomains using Sublist3r;\n- Configuration files;\n- Interesting strings;\n- Open redirects;\n- CRLF injection;\n- CORS misconfigurations;\n- Path-based XSS;\n- (Sub)domain takeovers.\n\n## Contributing\n\nI welcome contributions from the public.\n\n### Using the issue tracker 💡\n\nThe issue tracker is the preferred channel for bug reports and features requests.\n\n### Issues and labels 🏷\n\nThe bug tracker utilizes several labels to help organize and identify issues.\n\n### Guidelines for bug reports 🐛\n\nUse the GitHub issue search — check if the issue has already been reported.\n\n## ⚠ Legal Disclaimer\n\nThis project is made for educational and ethical testing purposes only. Usage of this tool for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage caused by this tool.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedoverflow%2Fmegplus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fedoverflow%2Fmegplus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fedoverflow%2Fmegplus/lists"}