{"id":23096904,"url":"https://github.com/xthezealot/saar","last_synced_at":"2025-07-05T10:35:35.992Z","repository":{"id":197840470,"uuid":"699458597","full_name":"xthezealot/saar","owner":"xthezealot","description":"Saar is a bug bounty script combining the best tools for a smooth recon workflow","archived":false,"fork":false,"pushed_at":"2023-11-02T20:12:02.000Z","size":38,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-02-09T08:20:19.871Z","etag":null,"topics":["bugbounty","dns","http","hunting","nuclei","pentesting","recon","redteam","scanner","security","subdomain","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/xthezealot.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2023-10-02T17:13:57.000Z","updated_at":"2023-11-08T20:14:42.000Z","dependencies_parsed_at":null,"dependency_job_id":"8ddff7ac-b531-4002-9eaf-bb83cada9f4c","html_url":"https://github.com/xthezealot/saar","commit_stats":null,"previous_names":["xthezealot/saar"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xthezealot%2Fsaar","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xthezealot%2Fsaar/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xthezealot%2Fsaar/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/xthezealot%2Fsaar/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/xthezealot","download_url":"https://codeload.github.com/xthezealot/saar/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247070928,"owners_count":20878586,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","dns","http","hunting","nuclei","pentesting","recon","redteam","scanner","security","subdomain","vulnerability"],"created_at":"2024-12-16T22:49:20.451Z","updated_at":"2025-04-03T20:15:19.587Z","avatar_url":"https://github.com/xthezealot.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Saar\n\nSaar is a bug bounty script combining the best tools for a smooth recon workflow.\n\n## Install\n\n1. Install Saar and its dependencies\n   ```sh\n   curl -fLSs -o /usr/local/bin/saar https://raw.githubusercontent.com/xthezealot/saar/main/saar.sh \u0026\u0026 saar update\n   ```\n2. Configure dependencies:\n   - To find more subdomains, add API keys to [`$HOME/.config/subfinder/provider-config.yaml`](https://github.com/projectdiscovery/subfinder#post-installation-instructions)\n   - To find more hosts, add API keys to [`$HOME/.config/uncover/provider-config.yaml`](https://github.com/projectdiscovery/uncover#provider-configuration)\n   - To be notified of new findings, add your Telegram bot to [`$HOME/.config/notify/provider-config.yaml`](https://github.com/projectdiscovery/notify#provider-config)\n     ```yml\n     telegram:\n       - id: \"saar\"\n         telegram_api_key: \"\u003cAPI_KEY\u003e\"\n         telegram_chat_id: \"\u003cCHAT_ID\u003e\"\n         telegram_format: \"{{data}}\"\n         telegram_parsemode: \"MarkdownV2\"\n     ```\n\n## Usage\n\nFor every new hunt:\n\n1. Make a new directory and move in\n2. Create a `scope.txt` file and add your targets (domain, IP, CIDR, ASN), one per line\n3. Run `saar` (you can skip steps with `-skip` flags)  \n   **Tip:** Sometimes a large number of garbage subdomains are found, and you want to filter them out manually so as not to waste time. In this case, split the workflow:\n   1. Stop after subdomains have been found: `saar -skip uncover -skip portscan -skip wordlists -skip http -skip vulns`\n   2. Remove garbage\n   3. Carry on: `saar -skip subs`\n4. Once the scan is complete, see:\n   - `ports.txt` for open ports\n   - `ports.gnnmap` for additional port info from Nmap\n   - `http.txt` (and the `http` directory) for successful HTTP requests (use command `saar pphttp` for a better view)\n   - `secrets.txt` for secret keys found in HTTP responses\n   - `vulns.txt` for common vulnerabilities found by scanners\n5. Find an interesting entry point and get to work\n\n## Help\n\n```\n   _________ _____ ______\n  / ___/ __ `/ __ `/ ___/\n (__  ) /_/ / /_/ / /\n/____/\\__,_/\\__,_/_/  v1.0.0\n\n\nSaar is a bug bounty script that discovers targets from a scope and performs all the usual scans.\n\nUsage:\n    saar \u003ccommand\u003e [flags]\n\nCommands:\n    pphttp    pretty print http.txt results\n    update    update saar and its dependencies\n\nFlags:\n    -s, -skip string    skip a step (flag can be used multiple times) (choices: subs, uncover, portscan, wordlists, http, vulns)\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxthezealot%2Fsaar","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fxthezealot%2Fsaar","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fxthezealot%2Fsaar/lists"}