Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/liamg/scout
🔠Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
https://github.com/liamg/scout
fuzzer hackthebox pentesting security url url-fuzzer
Last synced: about 2 months ago
JSON representation
🔠Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs
- Host: GitHub
- URL: https://github.com/liamg/scout
- Owner: liamg
- License: unlicense
- Created: 2019-12-01T11:10:36.000Z (almost 5 years ago)
- Default Branch: master
- Last Pushed: 2022-11-22T06:30:54.000Z (almost 2 years ago)
- Last Synced: 2024-07-08T21:06:30.579Z (2 months ago)
- Topics: fuzzer, hackthebox, pentesting, security, url, url-fuzzer
- Language: Go
- Homepage:
- Size: 1.53 MB
- Stars: 527
- Watchers: 12
- Forks: 60
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE
Awesome Lists containing this project
- awesome-hacking-lists - liamg/scout - 🔠Lightweight URL fuzzer and spider: Discover a web server's undisclosed files, directories and VHOSTs (Go)
- StarryDivineSky - liamg/scout
README
# Scout
[](https://travis-ci.org/liamg/scout)
Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server.
A full word list is included in the binary, meaning maximum portability and minimal configuration. Aim and fire!
## Usage
```bash
Usage:
scout [command]
Available Commands:
help Help about any command
url Discover URLs on a given web server.
version Display scout version.
vhost Discover VHOSTs on a given web server.
Flags:
-d, --debug Enable debug logging.
-h, --help help for scout
-n, --no-colours Disable coloured output.
-p, --parallelism int Parallel routines to use for sending requests. (default 10)
-k, --skip-ssl-verify Skip SSL certificate verification.
-w, --wordlist string Path to wordlist file. If this is not specified an internal wordlist will be used.
```
### Discover URLs
#### Flags
##### `-x, --extensions`
File extensions to detect. (default `php,htm,html,txt`])
##### `-f, --filename`
Filename to seek in the directory being searched. Useful when all directories report 404 status.
##### `-H, --header`
Extra header to send with requests e.g. `-H "Cookie: PHPSESSID=blah"`
##### `-c, --status-codes`
HTTP status codes which indicate a positive find. (default `200,400,403,500,405,204,401,301,302`)
##### `-m, --method`
HTTP method to use.
##### `-s, --spider`
Scan page content for links and confirm their existence.
#### Full example
```bash
$ scout url http://192.168.1.1
[+] Target URL http://192.168.1.1
[+] Routines 10
[+] Extensions php,htm,html
[+] Positive Codes 200,302,301,400,403,500,405,204,401,301,302
[302] http://192.168.1.1/css
[302] http://192.168.1.1/js
[302] http://192.168.1.1/language
[302] http://192.168.1.1/style
[302] http://192.168.1.1/help
[401] http://192.168.1.1/index.htm
[302] http://192.168.1.1/image
[200] http://192.168.1.1/log.htm
[302] http://192.168.1.1/script
[401] http://192.168.1.1/top.html
[200] http://192.168.1.1/shares
[200] http://192.168.1.1/shares.php
[200] http://192.168.1.1/shares.htm
[200] http://192.168.1.1/shares.html
[401] http://192.168.1.1/traffic.htm
[401] http://192.168.1.1/reboot.htm
[302] http://192.168.1.1/debug
[401] http://192.168.1.1/debug.htm
[401] http://192.168.1.1/debug.html
[401] http://192.168.1.1/start.htm
Scan complete. 28 results found.
```
### Discover VHOSTs
```bash
$ scout vhost https://google.com
[+] Base Domain google.com
[+] Routines 10
[+] IP -
[+] Port -
[+] Using SSL true
account.google.com
accounts.google.com
blog.google.com
code.google.com
dev.google.com
local.google.com
m.google.com
mail.google.com
mobile.google.com
www.google.com
admin.google.com
chat.google.com
Scan complete. 12 results found.
```
## Installation
```bash
curl -s "https://raw.githubusercontent.com/liamg/scout/master/scripts/install.sh" | bash
```