https://github.com/xthezealot/saar

Saar is a bug bounty script combining the best tools for a smooth recon workflow
https://github.com/xthezealot/saar

bugbounty dns http hunting nuclei pentesting recon redteam scanner security subdomain vulnerability

Last synced: 25 days ago
JSON representation

Saar is a bug bounty script combining the best tools for a smooth recon workflow

• Host: GitHub
• URL: https://github.com/xthezealot/saar
• Owner: xthezealot
• License: mit
• Created: 2023-10-02T17:13:57.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2023-11-02T20:12:02.000Z (about 1 year ago)
• Last Synced: 2023-11-02T21:25:09.056Z (about 1 year ago)
• Topics: bugbounty, dns, http, hunting, nuclei, pentesting, recon, redteam, scanner, security, subdomain, vulnerability
• Language: Shell
• Homepage:
• Size: 37.1 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Saar

Saar is a bug bounty script combining the best tools for a smooth recon workflow.

## Install

1. Install Saar and its dependencies

   ```sh

   curl -fLSs -o /usr/local/bin/saar https://raw.githubusercontent.com/xthezealot/saar/main/saar.sh && saar update

   ```

2. Configure dependencies:

   - To find more subdomains, add API keys to [`$HOME/.config/subfinder/provider-config.yaml`](https://github.com/projectdiscovery/subfinder#post-installation-instructions)

   - To find more hosts, add API keys to [`$HOME/.config/uncover/provider-config.yaml`](https://github.com/projectdiscovery/uncover#provider-configuration)

   - To be notified of new findings, add your Telegram bot to [`$HOME/.config/notify/provider-config.yaml`](https://github.com/projectdiscovery/notify#provider-config)

     ```yml

     telegram:

       - id: "saar"

         telegram_api_key: ""

         telegram_chat_id: ""

         telegram_format: "{{data}}"

         telegram_parsemode: "MarkdownV2"

     ```

## Usage

For every new hunt:

1. Make a new directory and move in

2. Create a `scope.txt` file and add your targets (domain, IP, CIDR, ASN), one per line

3. Run `saar` (you can skip steps with `-skip` flags)  

   **Tip:** Sometimes a large number of garbage subdomains are found, and you want to filter them out manually so as not to waste time. In this case, split the workflow:

   1. Stop after subdomains have been found: `saar -skip uncover -skip portscan -skip wordlists -skip http -skip vulns`

   2. Remove garbage

   3. Carry on: `saar -skip subs`

4. Once the scan is complete, see:

   - `ports.txt` for open ports

   - `ports.gnnmap` for additional port info from Nmap

   - `http.txt` (and the `http` directory) for successful HTTP requests (use command `saar pphttp` for a better view)

   - `secrets.txt` for secret keys found in HTTP responses

   - `vulns.txt` for common vulnerabilities found by scanners

5. Find an interesting entry point and get to work

## Help

```

   _________ _____ ______

  / ___/ __ `/ __ `/ ___/

 (__  ) /_/ / /_/ / /

/____/\__,_/\__,_/_/  v1.0.0

Saar is a bug bounty script that discovers targets from a scope and performs all the usual scans.

Usage:

    saar  [flags]

Commands:

    pphttp    pretty print http.txt results

    update    update saar and its dependencies

Flags:

    -s, -skip string    skip a step (flag can be used multiple times) (choices: subs, uncover, portscan, wordlists, http, vulns)

```