diff --git a/docs/data/chord_graph/entities.json b/docs/data/chord_graph/entities.json index a3db329d45..af91c060c2 100644 --- a/docs/data/chord_graph/entities.json +++ b/docs/data/chord_graph/entities.json @@ -23,11 +23,11 @@ ] }, { - "id": 130, + "id": 131, "name": "AZURE_TENANT", "parent": 88888888, "consumes": [ - 129 + 130 ], "produces": [] }, @@ -38,18 +38,20 @@ "consumes": [ 62, 82, - 85, - 87, - 119, - 137 + 83, + 86, + 88, + 120, + 138 ], "produces": [ 42, 63, - 83, + 81, 84, - 86, - 118 + 85, + 87, + 119 ] }, { @@ -89,34 +91,34 @@ 61, 67, 79, - 83, - 90, - 94, - 96, - 102, + 84, + 91, + 95, + 97, 103, - 105, - 108, + 104, + 106, 109, - 113, + 110, 114, - 116, - 120, - 122, + 115, + 117, + 121, 123, 124, 125, 126, - 129, - 132, + 127, + 130, 133, 134, - 136, - 140, - 143, + 135, + 137, + 141, 144, - 147, - 151 + 145, + 148, + 152 ], "produces": [ 6, @@ -138,30 +140,30 @@ 59, 60, 79, - 90, - 94, - 96, - 102, + 91, + 95, + 97, 103, - 106, - 108, + 104, + 107, 109, - 113, - 120, - 122, - 124, + 110, + 114, + 121, + 123, 125, - 129, - 131, + 126, + 130, 132, 133, - 136, - 140, + 134, + 137, 141, - 143, + 142, 144, - 147, - 151 + 145, + 148, + 152 ] }, { @@ -170,8 +172,8 @@ "parent": 88888888, "consumes": [ 21, - 129, - 134 + 130, + 135 ], "produces": [] }, @@ -188,11 +190,11 @@ 57, 61, 67, - 94, - 114, - 123, - 126, - 131 + 95, + 115, + 124, + 127, + 132 ] }, { @@ -201,19 +203,20 @@ "parent": 88888888, "consumes": [ 72, - 101, - 137, - 138 + 102, + 138, + 139 ], "produces": [ 8, 62, 76, 82, - 85, - 101, - 119, - 138 + 83, + 86, + 102, + 120, + 139 ] }, { @@ -222,7 +225,7 @@ "parent": 88888888, "consumes": [ 14, - 149 + 150 ], "produces": [ 1, @@ -238,31 +241,31 @@ 37, 50, 81, - 86, - 91, - 93, - 96, - 104, - 106, + 87, + 92, + 94, + 97, + 105, 107, - 110, + 108, 111, - 127, - 129, - 135, - 137, - 139, - 150 + 112, + 128, + 130, + 136, + 138, + 140, + 151 ] }, { - "id": 98, + "id": 99, "name": "GEOLOCATION", "parent": 88888888, "consumes": [], "produces": [ - 97, - 100 + 98, + 101 ] }, { @@ -287,22 +290,22 @@ 66, 69, 76, - 86, - 91, - 104, + 87, + 92, 105, 106, - 110, + 107, 111, 112, - 129, - 135, - 137, - 146, - 150 + 113, + 130, + 136, + 138, + 147, + 151 ], "produces": [ - 92 + 93 ] }, { @@ -312,28 +315,28 @@ "consumes": [ 11, 14, - 96, 97, - 99, + 98, 100, - 105, - 116, - 129 + 101, + 106, + 117, + 130 ], "produces": [ 14, 60, - 99, - 129 + 100, + 130 ] }, { - "id": 117, + "id": 118, "name": "IP_RANGE", "parent": 88888888, "consumes": [ - 116, - 129 + 117, + 130 ], "produces": [] }, @@ -345,7 +348,7 @@ 8 ], "produces": [ - 87 + 88 ] }, { @@ -355,16 +358,16 @@ "consumes": [ 14, 77, - 92, - 105, - 115, - 131 + 93, + 106, + 116, + 132 ], "produces": [ 14, - 96, - 116, - 129 + 97, + 117, + 130 ] }, { @@ -373,12 +376,12 @@ "parent": 88888888, "consumes": [ 63, - 84, - 87, - 118 + 85, + 88, + 119 ], "produces": [ - 129 + 130 ] }, { @@ -396,7 +399,7 @@ "name": "PROTOCOL", "parent": 88888888, "consumes": [ - 105 + 106 ], "produces": [ 77 @@ -419,7 +422,7 @@ "parent": 88888888, "consumes": [ 69, - 137 + 138 ], "produces": [ 72 @@ -431,16 +434,16 @@ "parent": 88888888, "consumes": [ 63, - 84, - 86, - 88, - 118, - 129 + 85, + 87, + 89, + 119, + 130 ], "produces": [ 63, - 86, - 128 + 87, + 129 ] }, { @@ -455,7 +458,7 @@ 32, 33, 34, - 129 + 130 ], "produces": [ 29, @@ -471,19 +474,19 @@ "parent": 88888888, "consumes": [ 14, - 86, - 149, - 150 + 87, + 150, + 151 ], "produces": [ 26, 66, - 86, - 88, - 96, - 107, - 146, - 150 + 87, + 89, + 97, + 108, + 147, + 151 ] }, { @@ -498,23 +501,24 @@ 73, 80, 81, - 88, - 92, - 95, - 106, + 89, + 93, + 96, 107, - 121, - 127, - 129, - 135, - 139, - 141, - 145, - 149 + 108, + 116, + 122, + 128, + 130, + 136, + 140, + 142, + 146, + 150 ], "produces": [ - 88, - 92 + 89, + 93 ] }, { @@ -525,7 +529,7 @@ 74 ], "produces": [ - 95 + 96 ] }, { @@ -535,10 +539,11 @@ "consumes": [ 42, 76, - 92, - 108, - 128, - 129 + 93, + 109, + 116, + 129, + 130 ], "produces": [ 18, @@ -551,14 +556,14 @@ 69, 73, 74, - 83, - 88, - 94, - 121, - 123, - 140, - 147, - 150 + 84, + 89, + 95, + 122, + 124, + 141, + 148, + 151 ] }, { @@ -566,7 +571,7 @@ "name": "USERNAME", "parent": 88888888, "consumes": [ - 129 + 130 ], "produces": [ 44, @@ -574,14 +579,14 @@ ] }, { - "id": 142, + "id": 143, "name": "VHOST", "parent": 88888888, "consumes": [ - 149 + 150 ], "produces": [ - 141 + 142 ] }, { @@ -590,7 +595,7 @@ "parent": 88888888, "consumes": [ 14, - 149 + 150 ], "produces": [ 1, @@ -601,11 +606,11 @@ 50, 66, 80, - 96, - 107, - 135, - 137, - 150 + 97, + 108, + 136, + 138, + 151 ] }, { @@ -616,16 +621,16 @@ 14 ], "produces": [ - 145 + 146 ] }, { - "id": 89, + "id": 90, "name": "WEBSCREENSHOT", "parent": 88888888, "consumes": [], "produces": [ - 88 + 89 ] }, { @@ -633,17 +638,17 @@ "name": "WEB_PARAMETER", "parent": 88888888, "consumes": [ - 93, - 110, + 94, 111, 112, - 148 + 113, + 149 ], "produces": [ 69, - 110, 111, - 112 + 112, + 113 ] }, { @@ -1283,6 +1288,7 @@ 3 ], "produces": [ + 43, 4 ] }, @@ -1299,6 +1305,17 @@ }, { "id": 83, + "name": "gitdumper", + "parent": 99999999, + "consumes": [ + 43 + ], + "produces": [ + 10 + ] + }, + { + "id": 84, "name": "github_codesearch", "parent": 99999999, "consumes": [ @@ -1310,7 +1327,7 @@ ] }, { - "id": 84, + "id": 85, "name": "github_org", "parent": 99999999, "consumes": [ @@ -1322,7 +1339,7 @@ ] }, { - "id": 85, + "id": 86, "name": "github_workflows", "parent": 99999999, "consumes": [ @@ -1333,7 +1350,7 @@ ] }, { - "id": 86, + "id": 87, "name": "gitlab", "parent": 99999999, "consumes": [ @@ -1349,7 +1366,7 @@ ] }, { - "id": 87, + "id": 88, "name": "google_playstore", "parent": 99999999, "consumes": [ @@ -1361,7 +1378,7 @@ ] }, { - "id": 88, + "id": 89, "name": "gowitness", "parent": 99999999, "consumes": [ @@ -1372,11 +1389,11 @@ 16, 3, 19, - 89 + 90 ] }, { - "id": 90, + "id": 91, "name": "hackertarget", "parent": 99999999, "consumes": [ @@ -1387,7 +1404,7 @@ ] }, { - "id": 91, + "id": 92, "name": "host_header", "parent": 99999999, "consumes": [ @@ -1398,7 +1415,7 @@ ] }, { - "id": 92, + "id": 93, "name": "httpx", "parent": 99999999, "consumes": [ @@ -1412,7 +1429,7 @@ ] }, { - "id": 93, + "id": 94, "name": "hunt", "parent": 99999999, "consumes": [ @@ -1423,7 +1440,7 @@ ] }, { - "id": 94, + "id": 95, "name": "hunterio", "parent": 99999999, "consumes": [ @@ -1436,7 +1453,7 @@ ] }, { - "id": 95, + "id": 96, "name": "iis_shortnames", "parent": 99999999, "consumes": [ @@ -1447,7 +1464,7 @@ ] }, { - "id": 96, + "id": 97, "name": "internetdb", "parent": 99999999, "consumes": [ @@ -1463,18 +1480,18 @@ ] }, { - "id": 97, + "id": 98, "name": "ip2location", "parent": 99999999, "consumes": [ 12 ], "produces": [ - 98 + 99 ] }, { - "id": 99, + "id": 100, "name": "ipneighbor", "parent": 99999999, "consumes": [ @@ -1485,18 +1502,18 @@ ] }, { - "id": 100, + "id": 101, "name": "ipstack", "parent": 99999999, "consumes": [ 12 ], "produces": [ - 98 + 99 ] }, { - "id": 101, + "id": 102, "name": "jadx", "parent": 99999999, "consumes": [ @@ -1507,7 +1524,7 @@ ] }, { - "id": 102, + "id": 103, "name": "leakix", "parent": 99999999, "consumes": [ @@ -1518,7 +1535,7 @@ ] }, { - "id": 103, + "id": 104, "name": "myssl", "parent": 99999999, "consumes": [ @@ -1529,7 +1546,7 @@ ] }, { - "id": 104, + "id": 105, "name": "newsletters", "parent": 99999999, "consumes": [ @@ -1540,7 +1557,7 @@ ] }, { - "id": 105, + "id": 106, "name": "nmap_xml", "parent": 99999999, "consumes": [ @@ -1553,7 +1570,7 @@ "produces": [] }, { - "id": 106, + "id": 107, "name": "ntlm", "parent": 99999999, "consumes": [ @@ -1566,7 +1583,7 @@ ] }, { - "id": 107, + "id": 108, "name": "nuclei", "parent": 99999999, "consumes": [ @@ -1579,7 +1596,7 @@ ] }, { - "id": 108, + "id": 109, "name": "oauth", "parent": 99999999, "consumes": [ @@ -1591,7 +1608,7 @@ ] }, { - "id": 109, + "id": 110, "name": "otx", "parent": 99999999, "consumes": [ @@ -1602,7 +1619,7 @@ ] }, { - "id": 110, + "id": 111, "name": "paramminer_cookies", "parent": 99999999, "consumes": [ @@ -1615,7 +1632,7 @@ ] }, { - "id": 111, + "id": 112, "name": "paramminer_getparams", "parent": 99999999, "consumes": [ @@ -1628,7 +1645,7 @@ ] }, { - "id": 112, + "id": 113, "name": "paramminer_headers", "parent": 99999999, "consumes": [ @@ -1640,7 +1657,7 @@ ] }, { - "id": 113, + "id": 114, "name": "passivetotal", "parent": 99999999, "consumes": [ @@ -1651,7 +1668,7 @@ ] }, { - "id": 114, + "id": 115, "name": "pgp", "parent": 99999999, "consumes": [ @@ -1662,29 +1679,31 @@ ] }, { - "id": 115, + "id": 116, "name": "portfilter", "parent": 99999999, "consumes": [ - 15 + 15, + 3, + 19 ], "produces": [] }, { - "id": 116, + "id": 117, "name": "portscan", "parent": 99999999, "consumes": [ 7, 12, - 117 + 118 ], "produces": [ 15 ] }, { - "id": 118, + "id": 119, "name": "postman", "parent": 99999999, "consumes": [ @@ -1696,7 +1715,7 @@ ] }, { - "id": 119, + "id": 120, "name": "postman_download", "parent": 99999999, "consumes": [ @@ -1707,7 +1726,7 @@ ] }, { - "id": 120, + "id": 121, "name": "rapiddns", "parent": 99999999, "consumes": [ @@ -1718,7 +1737,7 @@ ] }, { - "id": 121, + "id": 122, "name": "robots", "parent": 99999999, "consumes": [ @@ -1729,7 +1748,7 @@ ] }, { - "id": 122, + "id": 123, "name": "securitytrails", "parent": 99999999, "consumes": [ @@ -1740,7 +1759,7 @@ ] }, { - "id": 123, + "id": 124, "name": "securitytxt", "parent": 99999999, "consumes": [ @@ -1752,7 +1771,7 @@ ] }, { - "id": 124, + "id": 125, "name": "shodan_dns", "parent": 99999999, "consumes": [ @@ -1763,7 +1782,7 @@ ] }, { - "id": 125, + "id": 126, "name": "sitedossier", "parent": 99999999, "consumes": [ @@ -1774,7 +1793,7 @@ ] }, { - "id": 126, + "id": 127, "name": "skymem", "parent": 99999999, "consumes": [ @@ -1785,7 +1804,7 @@ ] }, { - "id": 127, + "id": 128, "name": "smuggler", "parent": 99999999, "consumes": [ @@ -1796,7 +1815,7 @@ ] }, { - "id": 128, + "id": 129, "name": "social", "parent": 99999999, "consumes": [ @@ -1807,16 +1826,16 @@ ] }, { - "id": 129, + "id": 130, "name": "speculate", "parent": 99999999, "consumes": [ - 130, + 131, 7, 22, 2, 12, - 117, + 118, 65, 24, 3, @@ -1832,7 +1851,7 @@ ] }, { - "id": 131, + "id": 132, "name": "sslcert", "parent": 99999999, "consumes": [ @@ -1844,7 +1863,7 @@ ] }, { - "id": 132, + "id": 133, "name": "subdomaincenter", "parent": 99999999, "consumes": [ @@ -1855,7 +1874,7 @@ ] }, { - "id": 133, + "id": 134, "name": "subdomainradar", "parent": 99999999, "consumes": [ @@ -1866,7 +1885,7 @@ ] }, { - "id": 134, + "id": 135, "name": "subdomains", "parent": 99999999, "consumes": [ @@ -1876,7 +1895,7 @@ "produces": [] }, { - "id": 135, + "id": 136, "name": "telerik", "parent": 99999999, "consumes": [ @@ -1889,7 +1908,7 @@ ] }, { - "id": 136, + "id": 137, "name": "trickest", "parent": 99999999, "consumes": [ @@ -1900,7 +1919,7 @@ ] }, { - "id": 137, + "id": 138, "name": "trufflehog", "parent": 99999999, "consumes": [ @@ -1915,7 +1934,7 @@ ] }, { - "id": 138, + "id": 139, "name": "unarchive", "parent": 99999999, "consumes": [ @@ -1926,7 +1945,7 @@ ] }, { - "id": 139, + "id": 140, "name": "url_manipulation", "parent": 99999999, "consumes": [ @@ -1937,7 +1956,7 @@ ] }, { - "id": 140, + "id": 141, "name": "urlscan", "parent": 99999999, "consumes": [ @@ -1949,7 +1968,7 @@ ] }, { - "id": 141, + "id": 142, "name": "vhost", "parent": 99999999, "consumes": [ @@ -1957,11 +1976,11 @@ ], "produces": [ 7, - 142 + 143 ] }, { - "id": 143, + "id": 144, "name": "viewdns", "parent": 99999999, "consumes": [ @@ -1972,7 +1991,7 @@ ] }, { - "id": 144, + "id": 145, "name": "virustotal", "parent": 99999999, "consumes": [ @@ -1983,7 +2002,7 @@ ] }, { - "id": 145, + "id": 146, "name": "wafw00f", "parent": 99999999, "consumes": [ @@ -1994,7 +2013,7 @@ ] }, { - "id": 146, + "id": 147, "name": "wappalyzer", "parent": 99999999, "consumes": [ @@ -2005,7 +2024,7 @@ ] }, { - "id": 147, + "id": 148, "name": "wayback", "parent": 99999999, "consumes": [ @@ -2017,7 +2036,7 @@ ] }, { - "id": 148, + "id": 149, "name": "web_parameters", "parent": 99999999, "consumes": [ @@ -2026,20 +2045,20 @@ "produces": [] }, { - "id": 149, + "id": 150, "name": "web_report", "parent": 99999999, "consumes": [ 4, 16, 3, - 142, + 143, 5 ], "produces": [] }, { - "id": 150, + "id": 151, "name": "wpscan", "parent": 99999999, "consumes": [ @@ -2054,7 +2073,7 @@ ] }, { - "id": 151, + "id": 152, "name": "zoomeye", "parent": 99999999, "consumes": [ diff --git a/docs/data/chord_graph/rels.json b/docs/data/chord_graph/rels.json index c6084ea993..d7834469ae 100644 --- a/docs/data/chord_graph/rels.json +++ b/docs/data/chord_graph/rels.json @@ -774,6 +774,11 @@ "target": 3, "type": "consumes" }, + { + "source": 43, + "target": 81, + "type": "produces" + }, { "source": 4, "target": 81, @@ -791,982 +796,1002 @@ }, { "source": 83, + "target": 43, + "type": "consumes" + }, + { + "source": 10, + "target": 83, + "type": "produces" + }, + { + "source": 84, "target": 7, "type": "consumes" }, { "source": 43, - "target": 83, + "target": 84, "type": "produces" }, { "source": 19, - "target": 83, + "target": 84, "type": "produces" }, { - "source": 84, + "source": 85, "target": 64, "type": "consumes" }, { - "source": 84, + "source": 85, "target": 65, "type": "consumes" }, { "source": 43, - "target": 84, + "target": 85, "type": "produces" }, { - "source": 85, + "source": 86, "target": 43, "type": "consumes" }, { "source": 10, - "target": 85, + "target": 86, "type": "produces" }, { - "source": 86, + "source": 87, "target": 2, "type": "consumes" }, { - "source": 86, + "source": 87, "target": 65, "type": "consumes" }, { - "source": 86, + "source": 87, "target": 16, "type": "consumes" }, { "source": 43, - "target": 86, + "target": 87, "type": "produces" }, { "source": 4, - "target": 86, + "target": 87, "type": "produces" }, { "source": 65, - "target": 86, + "target": 87, "type": "produces" }, { "source": 16, - "target": 86, + "target": 87, "type": "produces" }, { - "source": 87, + "source": 88, "target": 43, "type": "consumes" }, { - "source": 87, + "source": 88, "target": 64, "type": "consumes" }, { "source": 9, - "target": 87, + "target": 88, "type": "produces" }, { - "source": 88, + "source": 89, "target": 65, "type": "consumes" }, { - "source": 88, + "source": 89, "target": 3, "type": "consumes" }, { "source": 16, - "target": 88, + "target": 89, "type": "produces" }, { "source": 3, - "target": 88, + "target": 89, "type": "produces" }, { "source": 19, - "target": 88, + "target": 89, "type": "produces" }, { - "source": 89, - "target": 88, + "source": 90, + "target": 89, "type": "produces" }, { - "source": 90, + "source": 91, "target": 7, "type": "consumes" }, { "source": 7, - "target": 90, + "target": 91, "type": "produces" }, { - "source": 91, + "source": 92, "target": 2, "type": "consumes" }, { "source": 4, - "target": 91, + "target": 92, "type": "produces" }, { - "source": 92, + "source": 93, "target": 15, "type": "consumes" }, { - "source": 92, + "source": 93, "target": 3, "type": "consumes" }, { - "source": 92, + "source": 93, "target": 19, "type": "consumes" }, { "source": 2, - "target": 92, + "target": 93, "type": "produces" }, { "source": 3, - "target": 92, + "target": 93, "type": "produces" }, { - "source": 93, + "source": 94, "target": 71, "type": "consumes" }, { "source": 4, - "target": 93, + "target": 94, "type": "produces" }, { - "source": 94, + "source": 95, "target": 7, "type": "consumes" }, { "source": 7, - "target": 94, + "target": 95, "type": "produces" }, { "source": 45, - "target": 94, + "target": 95, "type": "produces" }, { "source": 19, - "target": 94, + "target": 95, "type": "produces" }, { - "source": 95, + "source": 96, "target": 3, "type": "consumes" }, { "source": 75, - "target": 95, + "target": 96, "type": "produces" }, { - "source": 96, + "source": 97, "target": 7, "type": "consumes" }, { - "source": 96, + "source": 97, "target": 12, "type": "consumes" }, { "source": 7, - "target": 96, + "target": 97, "type": "produces" }, { "source": 4, - "target": 96, + "target": 97, "type": "produces" }, { "source": 15, - "target": 96, + "target": 97, "type": "produces" }, { "source": 16, - "target": 96, + "target": 97, "type": "produces" }, { "source": 5, - "target": 96, + "target": 97, "type": "produces" }, { - "source": 97, + "source": 98, "target": 12, "type": "consumes" }, { - "source": 98, - "target": 97, + "source": 99, + "target": 98, "type": "produces" }, { - "source": 99, + "source": 100, "target": 12, "type": "consumes" }, { "source": 12, - "target": 99, + "target": 100, "type": "produces" }, { - "source": 100, + "source": 101, "target": 12, "type": "consumes" }, { - "source": 98, - "target": 100, + "source": 99, + "target": 101, "type": "produces" }, { - "source": 101, + "source": 102, "target": 10, "type": "consumes" }, { "source": 10, - "target": 101, + "target": 102, "type": "produces" }, { - "source": 102, + "source": 103, "target": 7, "type": "consumes" }, { "source": 7, - "target": 102, + "target": 103, "type": "produces" }, { - "source": 103, + "source": 104, "target": 7, "type": "consumes" }, { "source": 7, - "target": 103, + "target": 104, "type": "produces" }, { - "source": 104, + "source": 105, "target": 2, "type": "consumes" }, { "source": 4, - "target": 104, + "target": 105, "type": "produces" }, { - "source": 105, + "source": 106, "target": 7, "type": "consumes" }, { - "source": 105, + "source": 106, "target": 2, "type": "consumes" }, { - "source": 105, + "source": 106, "target": 12, "type": "consumes" }, { - "source": 105, + "source": 106, "target": 15, "type": "consumes" }, { - "source": 105, + "source": 106, "target": 78, "type": "consumes" }, { - "source": 106, + "source": 107, "target": 2, "type": "consumes" }, { - "source": 106, + "source": 107, "target": 3, "type": "consumes" }, { "source": 7, - "target": 106, + "target": 107, "type": "produces" }, { "source": 4, - "target": 106, + "target": 107, "type": "produces" }, { - "source": 107, + "source": 108, "target": 3, "type": "consumes" }, { "source": 4, - "target": 107, + "target": 108, "type": "produces" }, { "source": 16, - "target": 107, + "target": 108, "type": "produces" }, { "source": 5, - "target": 107, + "target": 108, "type": "produces" }, { - "source": 108, + "source": 109, "target": 7, "type": "consumes" }, { - "source": 108, + "source": 109, "target": 19, "type": "consumes" }, { "source": 7, - "target": 108, + "target": 109, "type": "produces" }, { - "source": 109, + "source": 110, "target": 7, "type": "consumes" }, { "source": 7, - "target": 109, + "target": 110, "type": "produces" }, { - "source": 110, + "source": 111, "target": 2, "type": "consumes" }, { - "source": 110, + "source": 111, "target": 71, "type": "consumes" }, { "source": 4, - "target": 110, + "target": 111, "type": "produces" }, { "source": 71, - "target": 110, + "target": 111, "type": "produces" }, { - "source": 111, + "source": 112, "target": 2, "type": "consumes" }, { - "source": 111, + "source": 112, "target": 71, "type": "consumes" }, { "source": 4, - "target": 111, + "target": 112, "type": "produces" }, { "source": 71, - "target": 111, + "target": 112, "type": "produces" }, { - "source": 112, + "source": 113, "target": 2, "type": "consumes" }, { - "source": 112, + "source": 113, "target": 71, "type": "consumes" }, { "source": 71, - "target": 112, + "target": 113, "type": "produces" }, { - "source": 113, + "source": 114, "target": 7, "type": "consumes" }, { "source": 7, - "target": 113, + "target": 114, "type": "produces" }, { - "source": 114, + "source": 115, "target": 7, "type": "consumes" }, { "source": 45, - "target": 114, + "target": 115, "type": "produces" }, { - "source": 115, + "source": 116, "target": 15, "type": "consumes" }, { "source": 116, - "target": 7, + "target": 3, "type": "consumes" }, { "source": 116, + "target": 19, + "type": "consumes" + }, + { + "source": 117, + "target": 7, + "type": "consumes" + }, + { + "source": 117, "target": 12, "type": "consumes" }, { - "source": 116, - "target": 117, + "source": 117, + "target": 118, "type": "consumes" }, { "source": 15, - "target": 116, + "target": 117, "type": "produces" }, { - "source": 118, + "source": 119, "target": 64, "type": "consumes" }, { - "source": 118, + "source": 119, "target": 65, "type": "consumes" }, { "source": 43, - "target": 118, + "target": 119, "type": "produces" }, { - "source": 119, + "source": 120, "target": 43, "type": "consumes" }, { "source": 10, - "target": 119, + "target": 120, "type": "produces" }, { - "source": 120, + "source": 121, "target": 7, "type": "consumes" }, { "source": 7, - "target": 120, + "target": 121, "type": "produces" }, { - "source": 121, + "source": 122, "target": 3, "type": "consumes" }, { "source": 19, - "target": 121, + "target": 122, "type": "produces" }, { - "source": 122, + "source": 123, "target": 7, "type": "consumes" }, { "source": 7, - "target": 122, + "target": 123, "type": "produces" }, { - "source": 123, + "source": 124, "target": 7, "type": "consumes" }, { "source": 45, - "target": 123, + "target": 124, "type": "produces" }, { "source": 19, - "target": 123, + "target": 124, "type": "produces" }, { - "source": 124, + "source": 125, "target": 7, "type": "consumes" }, { "source": 7, - "target": 124, + "target": 125, "type": "produces" }, { - "source": 125, + "source": 126, "target": 7, "type": "consumes" }, { "source": 7, - "target": 125, + "target": 126, "type": "produces" }, { - "source": 126, + "source": 127, "target": 7, "type": "consumes" }, { "source": 45, - "target": 126, + "target": 127, "type": "produces" }, { - "source": 127, + "source": 128, "target": 3, "type": "consumes" }, { "source": 4, - "target": 127, + "target": 128, "type": "produces" }, { - "source": 128, + "source": 129, "target": 19, "type": "consumes" }, { "source": 65, - "target": 128, + "target": 129, "type": "produces" }, { - "source": 129, - "target": 130, + "source": 130, + "target": 131, "type": "consumes" }, { - "source": 129, + "source": 130, "target": 7, "type": "consumes" }, { - "source": 129, + "source": 130, "target": 22, "type": "consumes" }, { - "source": 129, + "source": 130, "target": 2, "type": "consumes" }, { - "source": 129, + "source": 130, "target": 12, "type": "consumes" }, { - "source": 129, - "target": 117, + "source": 130, + "target": 118, "type": "consumes" }, { - "source": 129, + "source": 130, "target": 65, "type": "consumes" }, { - "source": 129, + "source": 130, "target": 24, "type": "consumes" }, { - "source": 129, + "source": 130, "target": 3, "type": "consumes" }, { - "source": 129, + "source": 130, "target": 19, "type": "consumes" }, { - "source": 129, + "source": 130, "target": 48, "type": "consumes" }, { "source": 7, - "target": 129, + "target": 130, "type": "produces" }, { "source": 4, - "target": 129, + "target": 130, "type": "produces" }, { "source": 12, - "target": 129, + "target": 130, "type": "produces" }, { "source": 15, - "target": 129, + "target": 130, "type": "produces" }, { "source": 64, - "target": 129, + "target": 130, "type": "produces" }, { - "source": 131, + "source": 132, "target": 15, "type": "consumes" }, { "source": 7, - "target": 131, + "target": 132, "type": "produces" }, { "source": 45, - "target": 131, + "target": 132, "type": "produces" }, { - "source": 132, + "source": 133, "target": 7, "type": "consumes" }, { "source": 7, - "target": 132, + "target": 133, "type": "produces" }, { - "source": 133, + "source": 134, "target": 7, "type": "consumes" }, { "source": 7, - "target": 133, + "target": 134, "type": "produces" }, { - "source": 134, + "source": 135, "target": 7, "type": "consumes" }, { - "source": 134, + "source": 135, "target": 22, "type": "consumes" }, { - "source": 135, + "source": 136, "target": 2, "type": "consumes" }, { - "source": 135, + "source": 136, "target": 3, "type": "consumes" }, { "source": 4, - "target": 135, + "target": 136, "type": "produces" }, { "source": 5, - "target": 135, + "target": 136, "type": "produces" }, { - "source": 136, + "source": 137, "target": 7, "type": "consumes" }, { "source": 7, - "target": 136, + "target": 137, "type": "produces" }, { - "source": 137, + "source": 138, "target": 43, "type": "consumes" }, { - "source": 137, + "source": 138, "target": 10, "type": "consumes" }, { - "source": 137, + "source": 138, "target": 2, "type": "consumes" }, { - "source": 137, + "source": 138, "target": 70, "type": "consumes" }, { "source": 4, - "target": 137, + "target": 138, "type": "produces" }, { "source": 5, - "target": 137, + "target": 138, "type": "produces" }, { - "source": 138, + "source": 139, "target": 10, "type": "consumes" }, { "source": 10, - "target": 138, + "target": 139, "type": "produces" }, { - "source": 139, + "source": 140, "target": 3, "type": "consumes" }, { "source": 4, - "target": 139, + "target": 140, "type": "produces" }, { - "source": 140, + "source": 141, "target": 7, "type": "consumes" }, { "source": 7, - "target": 140, + "target": 141, "type": "produces" }, { "source": 19, - "target": 140, + "target": 141, "type": "produces" }, { - "source": 141, + "source": 142, "target": 3, "type": "consumes" }, { "source": 7, - "target": 141, + "target": 142, "type": "produces" }, { - "source": 142, - "target": 141, + "source": 143, + "target": 142, "type": "produces" }, { - "source": 143, + "source": 144, "target": 7, "type": "consumes" }, { "source": 7, - "target": 143, + "target": 144, "type": "produces" }, { - "source": 144, + "source": 145, "target": 7, "type": "consumes" }, { "source": 7, - "target": 144, + "target": 145, "type": "produces" }, { - "source": 145, + "source": 146, "target": 3, "type": "consumes" }, { "source": 17, - "target": 145, + "target": 146, "type": "produces" }, { - "source": 146, + "source": 147, "target": 2, "type": "consumes" }, { "source": 16, - "target": 146, + "target": 147, "type": "produces" }, { - "source": 147, + "source": 148, "target": 7, "type": "consumes" }, { "source": 7, - "target": 147, + "target": 148, "type": "produces" }, { "source": 19, - "target": 147, + "target": 148, "type": "produces" }, { - "source": 148, + "source": 149, "target": 71, "type": "consumes" }, { - "source": 149, + "source": 150, "target": 4, "type": "consumes" }, { - "source": 149, + "source": 150, "target": 16, "type": "consumes" }, { - "source": 149, + "source": 150, "target": 3, "type": "consumes" }, { - "source": 149, - "target": 142, + "source": 150, + "target": 143, "type": "consumes" }, { - "source": 149, + "source": 150, "target": 5, "type": "consumes" }, { - "source": 150, + "source": 151, "target": 2, "type": "consumes" }, { - "source": 150, + "source": 151, "target": 16, "type": "consumes" }, { "source": 4, - "target": 150, + "target": 151, "type": "produces" }, { "source": 16, - "target": 150, + "target": 151, "type": "produces" }, { "source": 19, - "target": 150, + "target": 151, "type": "produces" }, { "source": 5, - "target": 150, + "target": 151, "type": "produces" }, { - "source": 151, + "source": 152, "target": 7, "type": "consumes" }, { "source": 7, - "target": 151, + "target": 152, "type": "produces" } ] \ No newline at end of file diff --git a/docs/modules/list_of_modules.md b/docs/modules/list_of_modules.md index ee609908fd..f7989889b0 100644 --- a/docs/modules/list_of_modules.md +++ b/docs/modules/list_of_modules.md @@ -24,7 +24,7 @@ | filedownload | scan | No | Download common filetypes such as PDF, DOCX, PPTX, etc. | active, safe, web-basic | HTTP_RESPONSE, URL_UNVERIFIED | FILESYSTEM | @TheTechromancer | 2023-10-11 | | fingerprintx | scan | No | Fingerprint exposed services like RDP, SSH, MySQL, etc. | active, safe, service-enum, slow | OPEN_TCP_PORT | PROTOCOL | @TheTechromancer | 2023-01-30 | | generic_ssrf | scan | No | Check for generic SSRFs | active, aggressive, web-thorough | URL | VULNERABILITY | @liquidsec | 2022-07-30 | -| git | scan | No | Check for exposed .git repositories | active, code-enum, safe, web-basic | URL | FINDING | @TheTechromancer | 2023-05-30 | +| git | scan | No | Check for exposed .git repositories | active, code-enum, safe, web-basic | URL | CODE_REPOSITORY, FINDING | @TheTechromancer | 2023-05-30 | | gitlab | scan | No | Detect GitLab instances and query them for repositories | active, code-enum, safe | HTTP_RESPONSE, SOCIAL, TECHNOLOGY | CODE_REPOSITORY, FINDING, SOCIAL, TECHNOLOGY | @TheTechromancer | 2024-03-11 | | gowitness | scan | No | Take screenshots of webpages | active, safe, web-screenshots | SOCIAL, URL | TECHNOLOGY, URL, URL_UNVERIFIED, WEBSCREENSHOT | @TheTechromancer | 2022-07-08 | | host_header | scan | No | Try common HTTP Host header spoofing techniques | active, aggressive, web-thorough | HTTP_RESPONSE | FINDING | @liquidsec | 2022-07-27 | @@ -79,6 +79,7 @@ | extractous | scan | No | Module to extract data from files | passive, safe | FILESYSTEM | RAW_TEXT | @domwhewell-sage | 2024-06-03 | | fullhunt | scan | Yes | Query the fullhunt.io API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | | git_clone | scan | No | Clone code github repositories | code-enum, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-03-08 | +| gitdumper | scan | No | Download a leaked .git folder recursively or by fuzzing common names | code-enum, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2025-02-11 | | github_codesearch | scan | Yes | Query Github's API for code containing the target domain name | code-enum, passive, safe, subdomain-enum | DNS_NAME | CODE_REPOSITORY, URL_UNVERIFIED | @domwhewell-sage | 2023-12-14 | | github_org | scan | No | Query Github's API for organization and member repositories | code-enum, passive, safe, subdomain-enum | ORG_STUB, SOCIAL | CODE_REPOSITORY | @domwhewell-sage | 2023-12-14 | | github_workflows | scan | No | Download a github repositories workflow logs and workflow artifacts | code-enum, passive, safe | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-04-29 | @@ -95,7 +96,7 @@ | otx | scan | No | Query otx.alienvault.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | | passivetotal | scan | Yes | Query the PassiveTotal API for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-08 | | pgp | scan | No | Query common PGP servers for email addresses | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS | @TheTechromancer | 2022-08-10 | -| portfilter | scan | No | Filter out unwanted open ports from cloud/CDN targets | passive, safe | OPEN_TCP_PORT | | @TheTechromancer | 2025-01-06 | +| portfilter | scan | No | Filter out unwanted open ports from cloud/CDN targets | passive, safe | OPEN_TCP_PORT, URL, URL_UNVERIFIED | | @TheTechromancer | 2025-01-06 | | postman | scan | No | Query Postman's API for related workspaces, collections, requests and download them | code-enum, passive, safe, subdomain-enum | ORG_STUB, SOCIAL | CODE_REPOSITORY | @domwhewell-sage | 2024-09-07 | | postman_download | scan | No | Download workspaces, collections, requests from Postman | code-enum, passive, safe, subdomain-enum | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-09-07 | | rapiddns | scan | No | Query rapiddns.io for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-08-24 | diff --git a/docs/scanning/advanced.md b/docs/scanning/advanced.md index 794dcf5870..ce6891773a 100644 --- a/docs/scanning/advanced.md +++ b/docs/scanning/advanced.md @@ -71,7 +71,7 @@ Presets: Modules: -m, --modules MODULE [MODULE ...] - Modules to enable. Choices: affiliates,ajaxpro,anubisdb,apkpure,asn,azure_realm,azure_tenant,baddns,baddns_direct,baddns_zone,badsecrets,bevigil,binaryedge,bucket_amazon,bucket_azure,bucket_digitalocean,bucket_file_enum,bucket_firebase,bucket_google,bufferoverrun,builtwith,bypass403,c99,censys,certspotter,chaos,code_repository,credshed,crt,dastardly,dehashed,digitorus,dnsbimi,dnsbrute,dnsbrute_mutations,dnscaa,dnscommonsrv,dnsdumpster,dnstlsrpt,docker_pull,dockerhub,dotnetnuke,emailformat,extractous,ffuf,ffuf_shortnames,filedownload,fingerprintx,fullhunt,generic_ssrf,git,git_clone,github_codesearch,github_org,github_workflows,gitlab,google_playstore,gowitness,hackertarget,host_header,httpx,hunt,hunterio,iis_shortnames,internetdb,ip2location,ipneighbor,ipstack,jadx,leakix,myssl,newsletters,ntlm,nuclei,oauth,otx,paramminer_cookies,paramminer_getparams,paramminer_headers,passivetotal,pgp,portfilter,portscan,postman,postman_download,rapiddns,robots,securitytrails,securitytxt,shodan_dns,sitedossier,skymem,smuggler,social,sslcert,subdomaincenter,subdomainradar,telerik,trickest,trufflehog,url_manipulation,urlscan,vhost,viewdns,virustotal,wafw00f,wappalyzer,wayback,wpscan,zoomeye + Modules to enable. Choices: affiliates,ajaxpro,anubisdb,apkpure,asn,azure_realm,azure_tenant,baddns,baddns_direct,baddns_zone,badsecrets,bevigil,binaryedge,bucket_amazon,bucket_azure,bucket_digitalocean,bucket_file_enum,bucket_firebase,bucket_google,bufferoverrun,builtwith,bypass403,c99,censys,certspotter,chaos,code_repository,credshed,crt,dastardly,dehashed,digitorus,dnsbimi,dnsbrute,dnsbrute_mutations,dnscaa,dnscommonsrv,dnsdumpster,dnstlsrpt,docker_pull,dockerhub,dotnetnuke,emailformat,extractous,ffuf,ffuf_shortnames,filedownload,fingerprintx,fullhunt,generic_ssrf,git,git_clone,gitdumper,github_codesearch,github_org,github_workflows,gitlab,google_playstore,gowitness,hackertarget,host_header,httpx,hunt,hunterio,iis_shortnames,internetdb,ip2location,ipneighbor,ipstack,jadx,leakix,myssl,newsletters,ntlm,nuclei,oauth,otx,paramminer_cookies,paramminer_getparams,paramminer_headers,passivetotal,pgp,portfilter,portscan,postman,postman_download,rapiddns,robots,securitytrails,securitytxt,shodan_dns,sitedossier,skymem,smuggler,social,sslcert,subdomaincenter,subdomainradar,telerik,trickest,trufflehog,url_manipulation,urlscan,vhost,viewdns,virustotal,wafw00f,wappalyzer,wayback,wpscan,zoomeye -l, --list-modules List available modules. -lmo, --list-module-options Show all module config options diff --git a/docs/scanning/configuration.md b/docs/scanning/configuration.md index a58cba809c..85fb55e485 100644 --- a/docs/scanning/configuration.md +++ b/docs/scanning/configuration.md @@ -451,6 +451,9 @@ Many modules accept their own configuration options. These options have the abil | modules.fullhunt.api_key | str | FullHunt API Key | | | modules.git_clone.api_key | str | Github token | | | modules.git_clone.output_folder | str | Folder to clone repositories to | | +| modules.gitdumper.fuzz_tags | bool | Fuzz for common git tag names (v0.0.1, 0.0.2, etc.) up to the max_semanic_version | False | +| modules.gitdumper.max_semanic_version | int |` Maximum version number to fuzz for (default < v10.10.10) `| 10 | +| modules.gitdumper.output_folder | str | Folder to download repositories to | | | modules.github_codesearch.api_key | str | Github token | | | modules.github_codesearch.limit | int | Limit code search to this many results | 100 | | modules.github_org.api_key | str | Github token | | @@ -483,7 +486,7 @@ Many modules accept their own configuration options. These options have the abil | modules.trufflehog.config | str | File path or URL to YAML trufflehog config | | | modules.trufflehog.deleted_forks | bool | Scan for deleted github forks. WARNING: This is SLOW. For a smaller repository, this process can take 20 minutes. For a larger repository, it could take hours. | False | | modules.trufflehog.only_verified | bool | Only report credentials that have been verified | True | -| modules.trufflehog.version | str | trufflehog version | 3.88.9 | +| modules.trufflehog.version | str | trufflehog version | 3.88.12 | | modules.urlscan.urls | bool | Emit URLs in addition to DNS_NAMEs | False | | modules.virustotal.api_key | str | VirusTotal API Key | | | modules.wayback.garbage_threshold | int | Dedupe similar urls if they are in a group of this size or higher (lower values == less garbage data) | 10 | diff --git a/docs/scanning/events.md b/docs/scanning/events.md index 7b14b57006..77aae0531c 100644 --- a/docs/scanning/events.md +++ b/docs/scanning/events.md @@ -109,11 +109,11 @@ Below is a full list of event types along with which modules produce/consume the | * | 18 | 0 | affiliates, cloudcheck, csv, discord, dnsresolve, http, json, mysql, neo4j, postgres, python, slack, splunk, sqlite, stdout, teams, txt, websocket | | | ASN | 0 | 1 | | asn | | AZURE_TENANT | 1 | 0 | speculate | | -| CODE_REPOSITORY | 6 | 6 | docker_pull, git_clone, github_workflows, google_playstore, postman_download, trufflehog | code_repository, dockerhub, github_codesearch, github_org, gitlab, postman | +| CODE_REPOSITORY | 7 | 7 | docker_pull, git_clone, gitdumper, github_workflows, google_playstore, postman_download, trufflehog | code_repository, dockerhub, git, github_codesearch, github_org, gitlab, postman | | DNS_NAME | 60 | 43 | anubisdb, asset_inventory, azure_realm, azure_tenant, baddns, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, credshed, crt, dehashed, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, emailformat, fullhunt, github_codesearch, hackertarget, hunterio, internetdb, leakix, myssl, nmap_xml, oauth, otx, passivetotal, pgp, portscan, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, speculate, subdomaincenter, subdomainradar, subdomains, trickest, urlscan, viewdns, virustotal, wayback, zoomeye | anubisdb, azure_tenant, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, dnsresolve, fullhunt, hackertarget, hunterio, internetdb, leakix, myssl, ntlm, oauth, otx, passivetotal, rapiddns, securitytrails, shodan_dns, sitedossier, speculate, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, vhost, viewdns, virustotal, wayback, zoomeye | | DNS_NAME_UNRESOLVED | 3 | 0 | baddns, speculate, subdomains | | | EMAIL_ADDRESS | 1 | 10 | emails | credshed, dehashed, dnscaa, dnstlsrpt, emailformat, hunterio, pgp, securitytxt, skymem, sslcert | -| FILESYSTEM | 4 | 8 | extractous, jadx, trufflehog, unarchive | apkpure, docker_pull, filedownload, git_clone, github_workflows, jadx, postman_download, unarchive | +| FILESYSTEM | 4 | 9 | extractous, jadx, trufflehog, unarchive | apkpure, docker_pull, filedownload, git_clone, gitdumper, github_workflows, jadx, postman_download, unarchive | | FINDING | 2 | 28 | asset_inventory, web_report | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, git, gitlab, host_header, hunt, internetdb, newsletters, ntlm, nuclei, paramminer_cookies, paramminer_getparams, smuggler, speculate, telerik, trufflehog, url_manipulation, wpscan | | GEOLOCATION | 0 | 2 | | ip2location, ipstack | | HASHED_PASSWORD | 0 | 2 | | credshed, dehashed | @@ -130,9 +130,9 @@ Below is a full list of event types along with which modules produce/consume the | SOCIAL | 6 | 3 | dockerhub, github_org, gitlab, gowitness, postman, speculate | dockerhub, gitlab, social | | STORAGE_BUCKET | 8 | 5 | baddns_direct, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, speculate | bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google | | TECHNOLOGY | 4 | 8 | asset_inventory, gitlab, web_report, wpscan | badsecrets, dotnetnuke, gitlab, gowitness, internetdb, nuclei, wappalyzer, wpscan | -| URL | 20 | 2 | ajaxpro, asset_inventory, baddns_direct, bypass403, ffuf, generic_ssrf, git, gowitness, httpx, iis_shortnames, ntlm, nuclei, robots, smuggler, speculate, telerik, url_manipulation, vhost, wafw00f, web_report | gowitness, httpx | +| URL | 21 | 2 | ajaxpro, asset_inventory, baddns_direct, bypass403, ffuf, generic_ssrf, git, gowitness, httpx, iis_shortnames, ntlm, nuclei, portfilter, robots, smuggler, speculate, telerik, url_manipulation, vhost, wafw00f, web_report | gowitness, httpx | | URL_HINT | 1 | 1 | ffuf_shortnames | iis_shortnames | -| URL_UNVERIFIED | 6 | 18 | code_repository, filedownload, httpx, oauth, social, speculate | azure_realm, bevigil, bucket_file_enum, dnsbimi, dnscaa, dnstlsrpt, dockerhub, excavate, ffuf, ffuf_shortnames, github_codesearch, gowitness, hunterio, robots, securitytxt, urlscan, wayback, wpscan | +| URL_UNVERIFIED | 7 | 18 | code_repository, filedownload, httpx, oauth, portfilter, social, speculate | azure_realm, bevigil, bucket_file_enum, dnsbimi, dnscaa, dnstlsrpt, dockerhub, excavate, ffuf, ffuf_shortnames, github_codesearch, gowitness, hunterio, robots, securitytxt, urlscan, wayback, wpscan | | USERNAME | 1 | 2 | speculate | credshed, dehashed | | VHOST | 1 | 1 | web_report | vhost | | VULNERABILITY | 2 | 13 | asset_inventory, web_report | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, dastardly, dotnetnuke, generic_ssrf, internetdb, nuclei, telerik, trufflehog, wpscan | diff --git a/docs/scanning/index.md b/docs/scanning/index.md index 37a60ff965..a25007ff64 100644 --- a/docs/scanning/index.md +++ b/docs/scanning/index.md @@ -112,30 +112,30 @@ A single module can have multiple flags. For example, the `securitytrails` modul ### List of Flags -| Flag | # Modules | Description | Modules | -|------------------|-------------|----------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| safe | 92 | Non-intrusive, safe to run | affiliates, aggregate, ajaxpro, anubisdb, apkpure, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, credshed, crt, dehashed, digitorus, dnsbimi, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, docker_pull, dockerhub, emailformat, extractous, filedownload, fingerprintx, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, gowitness, hackertarget, httpx, hunt, hunterio, iis_shortnames, internetdb, ip2location, ipstack, jadx, leakix, myssl, newsletters, ntlm, oauth, otx, passivetotal, pgp, portfilter, portscan, postman, postman_download, rapiddns, robots, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, subdomainradar, trickest, trufflehog, unarchive, urlscan, viewdns, virustotal, wappalyzer, wayback, zoomeye | -| passive | 68 | Never connects to target systems | affiliates, aggregate, anubisdb, apkpure, asn, azure_realm, azure_tenant, bevigil, binaryedge, bucket_file_enum, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, credshed, crt, dehashed, digitorus, dnsbimi, dnscaa, dnsdumpster, dnstlsrpt, docker_pull, dockerhub, emailformat, excavate, extractous, fullhunt, git_clone, github_codesearch, github_org, github_workflows, google_playstore, hackertarget, hunterio, internetdb, ip2location, ipneighbor, ipstack, jadx, leakix, myssl, otx, passivetotal, pgp, portfilter, postman, postman_download, rapiddns, securitytrails, shodan_dns, sitedossier, skymem, social, speculate, subdomaincenter, subdomainradar, trickest, trufflehog, unarchive, urlscan, viewdns, virustotal, wayback, zoomeye | -| subdomain-enum | 52 | Enumerates subdomains | anubisdb, asn, azure_realm, azure_tenant, baddns_direct, baddns_zone, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, crt, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, sslcert, subdomaincenter, subdomainradar, subdomains, trickest, urlscan, virustotal, wayback, zoomeye | -| active | 46 | Makes active connections to target systems | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dnsbrute, dnsbrute_mutations, dnscommonsrv, dotnetnuke, ffuf, ffuf_shortnames, filedownload, fingerprintx, generic_ssrf, git, gitlab, gowitness, host_header, httpx, hunt, iis_shortnames, newsletters, ntlm, nuclei, oauth, paramminer_cookies, paramminer_getparams, paramminer_headers, portscan, robots, securitytxt, smuggler, sslcert, telerik, url_manipulation, vhost, wafw00f, wappalyzer, wpscan | -| aggressive | 20 | Generates a large amount of network traffic | bypass403, dastardly, dnsbrute, dnsbrute_mutations, dotnetnuke, ffuf, ffuf_shortnames, generic_ssrf, host_header, ipneighbor, nuclei, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, telerik, url_manipulation, vhost, wafw00f, wpscan | -| web-basic | 17 | Basic, non-intrusive web scan functionality | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, securitytxt, sslcert, wappalyzer | -| cloud-enum | 16 | Enumerates cloud resources | azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, dnsbimi, dnstlsrpt, httpx, oauth, securitytxt | -| code-enum | 15 | Find public code repositories and search them for secrets etc. | apkpure, code_repository, docker_pull, dockerhub, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, jadx, postman, postman_download, trufflehog | -| web-thorough | 12 | More advanced web scanning functionality | ajaxpro, bucket_digitalocean, bypass403, dastardly, dotnetnuke, ffuf_shortnames, generic_ssrf, host_header, hunt, smuggler, telerik, url_manipulation | -| slow | 11 | May take a long time to complete | bucket_digitalocean, dastardly, dnsbrute_mutations, docker_pull, fingerprintx, git_clone, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, vhost | -| affiliates | 9 | Discovers affiliated hostnames/domains | affiliates, azure_realm, azure_tenant, builtwith, oauth, sslcert, trickest, viewdns, zoomeye | -| email-enum | 9 | Enumerates email addresses | dehashed, dnscaa, dnstlsrpt, emailformat, emails, hunterio, pgp, skymem, sslcert | -| deadly | 4 | Highly aggressive | dastardly, ffuf, nuclei, vhost | -| baddns | 3 | Runs all modules from the DNS auditing tool BadDNS | baddns, baddns_direct, baddns_zone | -| web-paramminer | 3 | Discovers HTTP parameters through brute-force | paramminer_cookies, paramminer_getparams, paramminer_headers | -| iis-shortnames | 2 | Scans for IIS Shortname vulnerability | ffuf_shortnames, iis_shortnames | -| portscan | 2 | Discovers open ports | internetdb, portscan | -| report | 2 | Generates a report at the end of the scan | affiliates, asn | -| social-enum | 2 | Enumerates social media | httpx, social | -| service-enum | 1 | Identifies protocols running on open ports | fingerprintx | -| subdomain-hijack | 1 | Detects hijackable subdomains | baddns | -| web-screenshots | 1 | Takes screenshots of web pages | gowitness | +| Flag | # Modules | Description | Modules | +|------------------|-------------|----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| safe | 93 | Non-intrusive, safe to run | affiliates, aggregate, ajaxpro, anubisdb, apkpure, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, credshed, crt, dehashed, digitorus, dnsbimi, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, docker_pull, dockerhub, emailformat, extractous, filedownload, fingerprintx, fullhunt, git, git_clone, gitdumper, github_codesearch, github_org, github_workflows, gitlab, google_playstore, gowitness, hackertarget, httpx, hunt, hunterio, iis_shortnames, internetdb, ip2location, ipstack, jadx, leakix, myssl, newsletters, ntlm, oauth, otx, passivetotal, pgp, portfilter, portscan, postman, postman_download, rapiddns, robots, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, subdomainradar, trickest, trufflehog, unarchive, urlscan, viewdns, virustotal, wappalyzer, wayback, zoomeye | +| passive | 69 | Never connects to target systems | affiliates, aggregate, anubisdb, apkpure, asn, azure_realm, azure_tenant, bevigil, binaryedge, bucket_file_enum, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, credshed, crt, dehashed, digitorus, dnsbimi, dnscaa, dnsdumpster, dnstlsrpt, docker_pull, dockerhub, emailformat, excavate, extractous, fullhunt, git_clone, gitdumper, github_codesearch, github_org, github_workflows, google_playstore, hackertarget, hunterio, internetdb, ip2location, ipneighbor, ipstack, jadx, leakix, myssl, otx, passivetotal, pgp, portfilter, postman, postman_download, rapiddns, securitytrails, shodan_dns, sitedossier, skymem, social, speculate, subdomaincenter, subdomainradar, trickest, trufflehog, unarchive, urlscan, viewdns, virustotal, wayback, zoomeye | +| subdomain-enum | 52 | Enumerates subdomains | anubisdb, asn, azure_realm, azure_tenant, baddns_direct, baddns_zone, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, crt, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, sslcert, subdomaincenter, subdomainradar, subdomains, trickest, urlscan, virustotal, wayback, zoomeye | +| active | 46 | Makes active connections to target systems | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dnsbrute, dnsbrute_mutations, dnscommonsrv, dotnetnuke, ffuf, ffuf_shortnames, filedownload, fingerprintx, generic_ssrf, git, gitlab, gowitness, host_header, httpx, hunt, iis_shortnames, newsletters, ntlm, nuclei, oauth, paramminer_cookies, paramminer_getparams, paramminer_headers, portscan, robots, securitytxt, smuggler, sslcert, telerik, url_manipulation, vhost, wafw00f, wappalyzer, wpscan | +| aggressive | 20 | Generates a large amount of network traffic | bypass403, dastardly, dnsbrute, dnsbrute_mutations, dotnetnuke, ffuf, ffuf_shortnames, generic_ssrf, host_header, ipneighbor, nuclei, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, telerik, url_manipulation, vhost, wafw00f, wpscan | +| web-basic | 17 | Basic, non-intrusive web scan functionality | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, securitytxt, sslcert, wappalyzer | +| cloud-enum | 16 | Enumerates cloud resources | azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, dnsbimi, dnstlsrpt, httpx, oauth, securitytxt | +| code-enum | 16 | Find public code repositories and search them for secrets etc. | apkpure, code_repository, docker_pull, dockerhub, git, git_clone, gitdumper, github_codesearch, github_org, github_workflows, gitlab, google_playstore, jadx, postman, postman_download, trufflehog | +| slow | 12 | May take a long time to complete | bucket_digitalocean, dastardly, dnsbrute_mutations, docker_pull, fingerprintx, git_clone, gitdumper, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, vhost | +| web-thorough | 12 | More advanced web scanning functionality | ajaxpro, bucket_digitalocean, bypass403, dastardly, dotnetnuke, ffuf_shortnames, generic_ssrf, host_header, hunt, smuggler, telerik, url_manipulation | +| affiliates | 9 | Discovers affiliated hostnames/domains | affiliates, azure_realm, azure_tenant, builtwith, oauth, sslcert, trickest, viewdns, zoomeye | +| email-enum | 9 | Enumerates email addresses | dehashed, dnscaa, dnstlsrpt, emailformat, emails, hunterio, pgp, skymem, sslcert | +| deadly | 4 | Highly aggressive | dastardly, ffuf, nuclei, vhost | +| baddns | 3 | Runs all modules from the DNS auditing tool BadDNS | baddns, baddns_direct, baddns_zone | +| web-paramminer | 3 | Discovers HTTP parameters through brute-force | paramminer_cookies, paramminer_getparams, paramminer_headers | +| iis-shortnames | 2 | Scans for IIS Shortname vulnerability | ffuf_shortnames, iis_shortnames | +| portscan | 2 | Discovers open ports | internetdb, portscan | +| report | 2 | Generates a report at the end of the scan | affiliates, asn | +| social-enum | 2 | Enumerates social media | httpx, social | +| service-enum | 1 | Identifies protocols running on open ports | fingerprintx | +| subdomain-hijack | 1 | Detects hijackable subdomains | baddns | +| web-screenshots | 1 | Takes screenshots of web pages | gowitness | ## Dependencies diff --git a/docs/scanning/presets_list.md b/docs/scanning/presets_list.md index 4f7544fc76..f28f8feb24 100644 --- a/docs/scanning/presets_list.md +++ b/docs/scanning/presets_list.md @@ -58,7 +58,7 @@ Enumerate Git repositories, Docker images, etc. -Modules: [17]("`apkpure`, `code_repository`, `docker_pull`, `dockerhub`, `git_clone`, `git`, `github_codesearch`, `github_org`, `github_workflows`, `gitlab`, `google_playstore`, `httpx`, `jadx`, `postman_download`, `postman`, `social`, `trufflehog`") +Modules: [18]("`apkpure`, `code_repository`, `docker_pull`, `dockerhub`, `git_clone`, `git`, `gitdumper`, `github_codesearch`, `github_org`, `github_workflows`, `gitlab`, `google_playstore`, `httpx`, `jadx`, `postman_download`, `postman`, `social`, `trufflehog`") ## **dirbust-heavy** @@ -405,7 +405,7 @@ Everything everywhere all at once -Modules: [86]("`anubisdb`, `apkpure`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `baddns`, `badsecrets`, `bevigil`, `binaryedge`, `bucket_amazon`, `bucket_azure`, `bucket_digitalocean`, `bucket_file_enum`, `bucket_firebase`, `bucket_google`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `code_repository`, `crt`, `dehashed`, `digitorus`, `dnsbimi`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `dnstlsrpt`, `docker_pull`, `dockerhub`, `emailformat`, `ffuf_shortnames`, `ffuf`, `filedownload`, `fullhunt`, `git_clone`, `git`, `github_codesearch`, `github_org`, `github_workflows`, `gitlab`, `google_playstore`, `gowitness`, `hackertarget`, `httpx`, `hunterio`, `iis_shortnames`, `internetdb`, `ipneighbor`, `jadx`, `leakix`, `myssl`, `ntlm`, `oauth`, `otx`, `paramminer_cookies`, `paramminer_getparams`, `paramminer_headers`, `passivetotal`, `pgp`, `postman_download`, `postman`, `rapiddns`, `robots`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `skymem`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `trufflehog`, `urlscan`, `virustotal`, `wappalyzer`, `wayback`, `zoomeye`") +Modules: [87]("`anubisdb`, `apkpure`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `baddns`, `badsecrets`, `bevigil`, `binaryedge`, `bucket_amazon`, `bucket_azure`, `bucket_digitalocean`, `bucket_file_enum`, `bucket_firebase`, `bucket_google`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `code_repository`, `crt`, `dehashed`, `digitorus`, `dnsbimi`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `dnstlsrpt`, `docker_pull`, `dockerhub`, `emailformat`, `ffuf_shortnames`, `ffuf`, `filedownload`, `fullhunt`, `git_clone`, `git`, `gitdumper`, `github_codesearch`, `github_org`, `github_workflows`, `gitlab`, `google_playstore`, `gowitness`, `hackertarget`, `httpx`, `hunterio`, `iis_shortnames`, `internetdb`, `ipneighbor`, `jadx`, `leakix`, `myssl`, `ntlm`, `oauth`, `otx`, `paramminer_cookies`, `paramminer_getparams`, `paramminer_headers`, `passivetotal`, `pgp`, `postman_download`, `postman`, `rapiddns`, `robots`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `skymem`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `trufflehog`, `urlscan`, `virustotal`, `wappalyzer`, `wayback`, `zoomeye`") ## **nuclei** @@ -941,37 +941,37 @@ Modules: [29]("`ajaxpro`, `azure_realm`, `baddns`, `badsecrets`, `bucket_amazon` Here is a the same data, but in a table: -| Preset | Category | Description | # Modules | Modules | -|-------------------|------------|------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| baddns-intense | | Run all baddns modules and submodules. | 4 | baddns, baddns_direct, baddns_zone, httpx | -| cloud-enum | | Enumerate cloud resources such as storage buckets, etc. | 59 | anubisdb, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, crt, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, virustotal, wayback, zoomeye | -| code-enum | | Enumerate Git repositories, Docker images, etc. | 17 | apkpure, code_repository, docker_pull, dockerhub, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, httpx, jadx, postman, postman_download, social, trufflehog | -| dirbust-heavy | web | Recursive web directory brute-force (aggressive) | 5 | ffuf, ffuf_shortnames, httpx, iis_shortnames, wayback | -| dirbust-heavy | | Recursive web directory brute-force (aggressive) | 5 | ffuf, ffuf_shortnames, httpx, iis_shortnames, wayback | -| dirbust-light | web | Basic web directory brute-force (surface-level directories only) | 4 | ffuf, ffuf_shortnames, httpx, iis_shortnames | -| dirbust-light | | Basic web directory brute-force (surface-level directories only) | 4 | ffuf, ffuf_shortnames, httpx, iis_shortnames | -| dotnet-audit | web | Comprehensive scan for all IIS/.NET specific modules and module settings | 8 | ajaxpro, badsecrets, dotnetnuke, ffuf, ffuf_shortnames, httpx, iis_shortnames, telerik | -| dotnet-audit | | Comprehensive scan for all IIS/.NET specific modules and module settings | 8 | ajaxpro, badsecrets, dotnetnuke, ffuf, ffuf_shortnames, httpx, iis_shortnames, telerik | -| email-enum | | Enumerate email addresses from APIs, web crawling, etc. | 8 | dehashed, dnscaa, dnstlsrpt, emailformat, hunterio, pgp, skymem, sslcert | -| fast | | Scan only the provided targets as fast as possible - no extra discovery | 0 | | -| iis-shortnames | web | Recursively enumerate IIS shortnames | 3 | ffuf_shortnames, httpx, iis_shortnames | -| iis-shortnames | | Recursively enumerate IIS shortnames | 3 | ffuf_shortnames, httpx, iis_shortnames | -| kitchen-sink | | Everything everywhere all at once | 86 | anubisdb, apkpure, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, crt, dehashed, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, docker_pull, dockerhub, emailformat, ffuf, ffuf_shortnames, filedownload, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, gowitness, hackertarget, httpx, hunterio, iis_shortnames, internetdb, ipneighbor, jadx, leakix, myssl, ntlm, oauth, otx, paramminer_cookies, paramminer_getparams, paramminer_headers, passivetotal, pgp, postman, postman_download, rapiddns, robots, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, subdomainradar, trickest, trufflehog, urlscan, virustotal, wappalyzer, wayback, zoomeye | -| nuclei | nuclei | Run nuclei scans against all discovered targets | 3 | httpx, nuclei, portfilter | -| nuclei | | Run nuclei scans against all discovered targets | 3 | httpx, nuclei, portfilter | -| nuclei-budget | nuclei | Run nuclei scans against all discovered targets, using budget mode to look for low hanging fruit with greatly reduced number of requests | 3 | httpx, nuclei, portfilter | -| nuclei-budget | | Run nuclei scans against all discovered targets, using budget mode to look for low hanging fruit with greatly reduced number of requests | 3 | httpx, nuclei, portfilter | -| nuclei-intense | nuclei | Run nuclei scans against all discovered targets, allowing for spidering, against ALL URLs, and with additional discovery modules. | 6 | httpx, nuclei, portfilter, robots, urlscan, wayback | -| nuclei-intense | | Run nuclei scans against all discovered targets, allowing for spidering, against ALL URLs, and with additional discovery modules. | 6 | httpx, nuclei, portfilter, robots, urlscan, wayback | -| nuclei-technology | nuclei | Run nuclei scans against all discovered targets, running templates which match discovered technologies | 3 | httpx, nuclei, portfilter | -| nuclei-technology | | Run nuclei scans against all discovered targets, running templates which match discovered technologies | 3 | httpx, nuclei, portfilter | -| paramminer | web | Discover new web parameters via brute-force | 4 | httpx, paramminer_cookies, paramminer_getparams, paramminer_headers | -| paramminer | | Discover new web parameters via brute-force | 4 | httpx, paramminer_cookies, paramminer_getparams, paramminer_headers | -| spider | | Recursive web spider | 1 | httpx | -| spider-intense | | Recursive web spider with more aggressive settings | 1 | httpx | -| subdomain-enum | | Enumerate subdomains via APIs, brute-force | 52 | anubisdb, asn, azure_realm, azure_tenant, baddns_direct, baddns_zone, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, crt, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, virustotal, wayback, zoomeye | -| tech-detect | | Detect technologies via Wappalyzer, Nuclei, and FingerprintX | 4 | fingerprintx, httpx, nuclei, wappalyzer | -| web-basic | | Quick web scan | 18 | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, ffuf_shortnames, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, securitytxt, sslcert, wappalyzer | -| web-screenshots | | Take screenshots of webpages | 3 | gowitness, httpx, social | -| web-thorough | | Aggressive web scan | 29 | ajaxpro, azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dotnetnuke, ffuf_shortnames, filedownload, generic_ssrf, git, host_header, httpx, hunt, iis_shortnames, ntlm, oauth, robots, securitytxt, smuggler, sslcert, telerik, url_manipulation, wappalyzer | +| Preset | Category | Description | # Modules | Modules | +|-------------------|------------|------------------------------------------------------------------------------------------------------------------------------------------|-------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| baddns-intense | | Run all baddns modules and submodules. | 4 | baddns, baddns_direct, baddns_zone, httpx | +| cloud-enum | | Enumerate cloud resources such as storage buckets, etc. | 59 | anubisdb, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, crt, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, virustotal, wayback, zoomeye | +| code-enum | | Enumerate Git repositories, Docker images, etc. | 18 | apkpure, code_repository, docker_pull, dockerhub, git, git_clone, gitdumper, github_codesearch, github_org, github_workflows, gitlab, google_playstore, httpx, jadx, postman, postman_download, social, trufflehog | +| dirbust-heavy | web | Recursive web directory brute-force (aggressive) | 5 | ffuf, ffuf_shortnames, httpx, iis_shortnames, wayback | +| dirbust-heavy | | Recursive web directory brute-force (aggressive) | 5 | ffuf, ffuf_shortnames, httpx, iis_shortnames, wayback | +| dirbust-light | web | Basic web directory brute-force (surface-level directories only) | 4 | ffuf, ffuf_shortnames, httpx, iis_shortnames | +| dirbust-light | | Basic web directory brute-force (surface-level directories only) | 4 | ffuf, ffuf_shortnames, httpx, iis_shortnames | +| dotnet-audit | web | Comprehensive scan for all IIS/.NET specific modules and module settings | 8 | ajaxpro, badsecrets, dotnetnuke, ffuf, ffuf_shortnames, httpx, iis_shortnames, telerik | +| dotnet-audit | | Comprehensive scan for all IIS/.NET specific modules and module settings | 8 | ajaxpro, badsecrets, dotnetnuke, ffuf, ffuf_shortnames, httpx, iis_shortnames, telerik | +| email-enum | | Enumerate email addresses from APIs, web crawling, etc. | 8 | dehashed, dnscaa, dnstlsrpt, emailformat, hunterio, pgp, skymem, sslcert | +| fast | | Scan only the provided targets as fast as possible - no extra discovery | 0 | | +| iis-shortnames | web | Recursively enumerate IIS shortnames | 3 | ffuf_shortnames, httpx, iis_shortnames | +| iis-shortnames | | Recursively enumerate IIS shortnames | 3 | ffuf_shortnames, httpx, iis_shortnames | +| kitchen-sink | | Everything everywhere all at once | 87 | anubisdb, apkpure, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, crt, dehashed, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, docker_pull, dockerhub, emailformat, ffuf, ffuf_shortnames, filedownload, fullhunt, git, git_clone, gitdumper, github_codesearch, github_org, github_workflows, gitlab, google_playstore, gowitness, hackertarget, httpx, hunterio, iis_shortnames, internetdb, ipneighbor, jadx, leakix, myssl, ntlm, oauth, otx, paramminer_cookies, paramminer_getparams, paramminer_headers, passivetotal, pgp, postman, postman_download, rapiddns, robots, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, subdomainradar, trickest, trufflehog, urlscan, virustotal, wappalyzer, wayback, zoomeye | +| nuclei | nuclei | Run nuclei scans against all discovered targets | 3 | httpx, nuclei, portfilter | +| nuclei | | Run nuclei scans against all discovered targets | 3 | httpx, nuclei, portfilter | +| nuclei-budget | nuclei | Run nuclei scans against all discovered targets, using budget mode to look for low hanging fruit with greatly reduced number of requests | 3 | httpx, nuclei, portfilter | +| nuclei-budget | | Run nuclei scans against all discovered targets, using budget mode to look for low hanging fruit with greatly reduced number of requests | 3 | httpx, nuclei, portfilter | +| nuclei-intense | nuclei | Run nuclei scans against all discovered targets, allowing for spidering, against ALL URLs, and with additional discovery modules. | 6 | httpx, nuclei, portfilter, robots, urlscan, wayback | +| nuclei-intense | | Run nuclei scans against all discovered targets, allowing for spidering, against ALL URLs, and with additional discovery modules. | 6 | httpx, nuclei, portfilter, robots, urlscan, wayback | +| nuclei-technology | nuclei | Run nuclei scans against all discovered targets, running templates which match discovered technologies | 3 | httpx, nuclei, portfilter | +| nuclei-technology | | Run nuclei scans against all discovered targets, running templates which match discovered technologies | 3 | httpx, nuclei, portfilter | +| paramminer | web | Discover new web parameters via brute-force | 4 | httpx, paramminer_cookies, paramminer_getparams, paramminer_headers | +| paramminer | | Discover new web parameters via brute-force | 4 | httpx, paramminer_cookies, paramminer_getparams, paramminer_headers | +| spider | | Recursive web spider | 1 | httpx | +| spider-intense | | Recursive web spider with more aggressive settings | 1 | httpx | +| subdomain-enum | | Enumerate subdomains via APIs, brute-force | 52 | anubisdb, asn, azure_realm, azure_tenant, baddns_direct, baddns_zone, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, crt, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, dnstlsrpt, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, virustotal, wayback, zoomeye | +| tech-detect | | Detect technologies via Wappalyzer, Nuclei, and FingerprintX | 4 | fingerprintx, httpx, nuclei, wappalyzer | +| web-basic | | Quick web scan | 18 | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, ffuf_shortnames, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, securitytxt, sslcert, wappalyzer | +| web-screenshots | | Take screenshots of webpages | 3 | gowitness, httpx, social | +| web-thorough | | Aggressive web scan | 29 | ajaxpro, azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dotnetnuke, ffuf_shortnames, filedownload, generic_ssrf, git, host_header, httpx, hunt, iis_shortnames, ntlm, oauth, robots, securitytxt, smuggler, sslcert, telerik, url_manipulation, wappalyzer |