From 39796f0ebec85258f0df21302bbe1bce38e3423b Mon Sep 17 00:00:00 2001 From: TheTechromancer <20261699+TheTechromancer@users.noreply.github.com> Date: Sun, 17 Nov 2024 02:51:53 +0000 Subject: [PATCH] [create-pull-request] automated change --- docs/data/chord_graph/entities.json | 687 ++++++++++++++-------------- docs/data/chord_graph/rels.json | 553 +++++++++++----------- docs/modules/list_of_modules.md | 1 + docs/scanning/advanced.md | 6 +- docs/scanning/configuration.md | 5 +- docs/scanning/events.md | 69 +-- docs/scanning/index.md | 48 +- docs/scanning/presets_list.md | 40 +- 8 files changed, 726 insertions(+), 683 deletions(-) diff --git a/docs/data/chord_graph/entities.json b/docs/data/chord_graph/entities.json index bcc000611..7fb11654f 100644 --- a/docs/data/chord_graph/entities.json +++ b/docs/data/chord_graph/entities.json @@ -23,11 +23,11 @@ ] }, { - "id": 126, + "id": 128, "name": "AZURE_TENANT", "parent": 88888888, "consumes": [ - 125 + 127 ], "produces": [] }, @@ -36,20 +36,20 @@ "name": "CODE_REPOSITORY", "parent": 88888888, "consumes": [ - 59, - 79, - 82, + 61, + 81, 84, - 114, - 133 + 86, + 116, + 135 ], "produces": [ 42, - 60, - 80, - 81, + 62, + 82, 83, - 113 + 85, + 115 ] }, { @@ -82,39 +82,40 @@ 52, 53, 54, - 55, 56, 57, 58, - 64, - 76, - 80, - 87, - 91, + 59, + 60, + 66, + 78, + 82, + 89, 93, - 99, - 100, - 104, - 105, - 109, - 110, + 95, + 101, + 102, + 106, + 107, 111, - 115, - 118, - 119, + 112, + 113, + 117, 120, 121, 122, - 125, - 128, - 129, + 123, + 124, + 127, 130, + 131, 132, - 135, - 138, - 139, - 142, - 145 + 134, + 137, + 140, + 141, + 144, + 147 ], "produces": [ 6, @@ -130,36 +131,36 @@ 44, 50, 53, - 54, - 55, 56, 57, 58, - 76, - 87, - 91, + 59, + 60, + 78, + 89, 93, - 99, - 100, + 95, + 101, 102, 104, - 105, - 109, - 115, - 118, + 106, + 107, + 111, + 117, 120, - 121, - 125, + 122, + 123, 127, - 128, 129, - 132, - 135, - 136, + 130, + 131, + 134, + 137, 138, - 139, - 142, - 145 + 140, + 141, + 144, + 147 ] }, { @@ -168,8 +169,8 @@ "parent": 88888888, "consumes": [ 21, - 125, - 130 + 127, + 132 ], "produces": [] }, @@ -178,18 +179,18 @@ "name": "EMAIL_ADDRESS", "parent": 88888888, "consumes": [ - 65 + 67 ], "produces": [ 45, 52, - 56, - 64, - 91, - 110, - 119, - 122, - 127 + 58, + 66, + 93, + 112, + 121, + 124, + 129 ] }, { @@ -197,18 +198,18 @@ "name": "FILESYSTEM", "parent": 88888888, "consumes": [ - 69, - 98, - 133 + 71, + 100, + 135 ], "produces": [ 8, - 59, - 73, - 79, - 82, - 98, - 114 + 61, + 75, + 81, + 84, + 100, + 116 ] }, { @@ -217,7 +218,7 @@ "parent": 88888888, "consumes": [ 14, - 143 + 145 ], "produces": [ 1, @@ -232,33 +233,33 @@ 34, 37, 51, - 78, - 83, - 88, + 80, + 85, 90, - 93, - 101, - 102, + 92, + 95, 103, - 106, - 107, - 117, - 123, + 104, + 105, + 108, + 109, + 119, 125, - 131, + 127, 133, - 134, - 144 + 135, + 136, + 146 ] }, { - "id": 95, + "id": 97, "name": "GEOLOCATION", "parent": 88888888, "consumes": [], "produces": [ - 94, - 97 + 96, + 99 ] }, { @@ -280,24 +281,24 @@ 14, 26, 51, - 63, - 66, - 73, - 83, - 88, - 101, - 102, - 106, - 107, + 65, + 68, + 75, + 85, + 90, + 103, + 104, 108, - 117, - 125, - 131, - 141, - 144 + 109, + 110, + 119, + 127, + 133, + 143, + 146 ], "produces": [ - 89 + 91 ] }, { @@ -307,26 +308,26 @@ "consumes": [ 11, 14, - 93, - 94, + 95, 96, - 97, - 111, - 125 + 98, + 99, + 113, + 127 ], "produces": [ 14, - 96, - 125 + 98, + 127 ] }, { - "id": 112, + "id": 114, "name": "IP_RANGE", "parent": 88888888, "consumes": [ - 111, - 125 + 113, + 127 ], "produces": [] }, @@ -338,7 +339,7 @@ 8 ], "produces": [ - 84 + 86 ] }, { @@ -347,29 +348,29 @@ "parent": 88888888, "consumes": [ 14, - 74, - 89, - 127 + 76, + 91, + 129 ], "produces": [ 14, - 93, - 111, - 125 + 95, + 113, + 127 ] }, { - "id": 61, + "id": 63, "name": "ORG_STUB", "parent": 88888888, "consumes": [ - 60, - 81, - 84, - 113 + 62, + 83, + 86, + 115 ], "produces": [ - 125 + 127 ] }, { @@ -383,41 +384,50 @@ ] }, { - "id": 75, + "id": 77, "name": "PROTOCOL", "parent": 88888888, "consumes": [], "produces": [ - 74 + 76 ] }, { - "id": 67, + "id": 55, + "name": "RAW_DNS_RECORD", + "parent": 88888888, + "consumes": [], + "produces": [ + 54 + ] + }, + { + "id": 69, "name": "RAW_TEXT", "parent": 88888888, "consumes": [ - 66 + 68 ], "produces": [ - 69 + 71 ] }, { - "id": 62, + "id": 64, "name": "SOCIAL", "parent": 88888888, "consumes": [ - 60, - 81, + 62, 83, 85, - 113, - 125 + 87, + 115, + 127 ], "produces": [ - 60, - 83, - 124 + 62, + 85, + 126 ] }, { @@ -432,7 +442,7 @@ 32, 33, 34, - 125 + 127 ], "produces": [ 29, @@ -448,19 +458,19 @@ "parent": 88888888, "consumes": [ 14, - 83, - 143, - 144 + 85, + 145, + 146 ], "produces": [ 26, - 63, - 83, + 65, 85, - 93, - 103, - 141, - 144 + 87, + 95, + 105, + 143, + 146 ] }, { @@ -472,37 +482,37 @@ 14, 23, 37, - 70, - 77, - 78, - 85, - 89, - 92, - 102, - 103, - 116, - 123, + 72, + 79, + 80, + 87, + 91, + 94, + 104, + 105, + 118, 125, - 131, - 134, + 127, + 133, 136, - 140, - 143 + 138, + 142, + 145 ], "produces": [ - 85, - 89 + 87, + 91 ] }, { - "id": 72, + "id": 74, "name": "URL_HINT", "parent": 88888888, "consumes": [ - 71 + 73 ], "produces": [ - 92 + 94 ] }, { @@ -510,30 +520,31 @@ "name": "URL_UNVERIFIED", "parent": 88888888, "consumes": [ - 42, - 73, - 89, - 104, - 124, - 125 - ], - "produces": [ - 18, - 27, - 32, - 56, - 60, - 66, - 70, - 71, - 80, - 85, - 91, - 116, - 119, - 135, - 142, - 144 + 42, + 75, + 91, + 106, + 126, + 127 + ], + "produces": [ + 18, + 27, + 32, + 54, + 58, + 62, + 68, + 72, + 73, + 82, + 87, + 93, + 118, + 121, + 137, + 144, + 146 ] }, { @@ -541,7 +552,7 @@ "name": "USERNAME", "parent": 88888888, "consumes": [ - 125 + 127 ], "produces": [ 45, @@ -549,14 +560,14 @@ ] }, { - "id": 137, + "id": 139, "name": "VHOST", "parent": 88888888, "consumes": [ - 143 + 145 ], "produces": [ - 136 + 138 ] }, { @@ -565,7 +576,7 @@ "parent": 88888888, "consumes": [ 14, - 143 + 145 ], "produces": [ 1, @@ -574,13 +585,13 @@ 25, 26, 51, - 63, - 77, - 93, - 103, - 131, + 65, + 79, + 95, + 105, 133, - 144 + 135, + 146 ] }, { @@ -591,33 +602,33 @@ 14 ], "produces": [ - 140 + 142 ] }, { - "id": 86, + "id": 88, "name": "WEBSCREENSHOT", "parent": 88888888, "consumes": [], "produces": [ - 85 + 87 ] }, { - "id": 68, + "id": 70, "name": "WEB_PARAMETER", "parent": 88888888, "consumes": [ - 90, - 106, - 107, - 108 + 92, + 108, + 109, + 110 ], "produces": [ - 66, - 106, - 107, - 108 + 68, + 108, + 109, + 110 ] }, { @@ -1021,6 +1032,18 @@ }, { "id": 54, + "name": "dnsbimi", + "parent": 99999999, + "consumes": [ + 7 + ], + "produces": [ + 55, + 19 + ] + }, + { + "id": 56, "name": "dnsbrute", "parent": 99999999, "consumes": [ @@ -1031,7 +1054,7 @@ ] }, { - "id": 55, + "id": 57, "name": "dnsbrute_mutations", "parent": 99999999, "consumes": [ @@ -1042,7 +1065,7 @@ ] }, { - "id": 56, + "id": 58, "name": "dnscaa", "parent": 99999999, "consumes": [ @@ -1055,7 +1078,7 @@ ] }, { - "id": 57, + "id": 59, "name": "dnscommonsrv", "parent": 99999999, "consumes": [ @@ -1066,7 +1089,7 @@ ] }, { - "id": 58, + "id": 60, "name": "dnsdumpster", "parent": 99999999, "consumes": [ @@ -1077,7 +1100,7 @@ ] }, { - "id": 59, + "id": 61, "name": "docker_pull", "parent": 99999999, "consumes": [ @@ -1088,21 +1111,21 @@ ] }, { - "id": 60, + "id": 62, "name": "dockerhub", "parent": 99999999, "consumes": [ - 61, - 62 + 63, + 64 ], "produces": [ 43, - 62, + 64, 19 ] }, { - "id": 63, + "id": 65, "name": "dotnetnuke", "parent": 99999999, "consumes": [ @@ -1114,7 +1137,7 @@ ] }, { - "id": 64, + "id": 66, "name": "emailformat", "parent": 99999999, "consumes": [ @@ -1125,7 +1148,7 @@ ] }, { - "id": 65, + "id": 67, "name": "emails", "parent": 99999999, "consumes": [ @@ -1134,31 +1157,31 @@ "produces": [] }, { - "id": 66, + "id": 68, "name": "excavate", "parent": 99999999, "consumes": [ 2, - 67 + 69 ], "produces": [ 19, - 68 + 70 ] }, { - "id": 69, + "id": 71, "name": "extractous", "parent": 99999999, "consumes": [ 10 ], "produces": [ - 67 + 69 ] }, { - "id": 70, + "id": 72, "name": "ffuf", "parent": 99999999, "consumes": [ @@ -1169,18 +1192,18 @@ ] }, { - "id": 71, + "id": 73, "name": "ffuf_shortnames", "parent": 99999999, "consumes": [ - 72 + 74 ], "produces": [ 19 ] }, { - "id": 73, + "id": 75, "name": "filedownload", "parent": 99999999, "consumes": [ @@ -1192,18 +1215,18 @@ ] }, { - "id": 74, + "id": 76, "name": "fingerprintx", "parent": 99999999, "consumes": [ 15 ], "produces": [ - 75 + 77 ] }, { - "id": 76, + "id": 78, "name": "fullhunt", "parent": 99999999, "consumes": [ @@ -1214,7 +1237,7 @@ ] }, { - "id": 77, + "id": 79, "name": "generic_ssrf", "parent": 99999999, "consumes": [ @@ -1225,7 +1248,7 @@ ] }, { - "id": 78, + "id": 80, "name": "git", "parent": 99999999, "consumes": [ @@ -1236,7 +1259,7 @@ ] }, { - "id": 79, + "id": 81, "name": "git_clone", "parent": 99999999, "consumes": [ @@ -1247,7 +1270,7 @@ ] }, { - "id": 80, + "id": 82, "name": "github_codesearch", "parent": 99999999, "consumes": [ @@ -1259,19 +1282,19 @@ ] }, { - "id": 81, + "id": 83, "name": "github_org", "parent": 99999999, "consumes": [ - 61, - 62 + 63, + 64 ], "produces": [ 43 ] }, { - "id": 82, + "id": 84, "name": "github_workflows", "parent": 99999999, "consumes": [ @@ -1282,50 +1305,50 @@ ] }, { - "id": 83, + "id": 85, "name": "gitlab", "parent": 99999999, "consumes": [ 2, - 62, + 64, 16 ], "produces": [ 43, 4, - 62, + 64, 16 ] }, { - "id": 84, + "id": 86, "name": "google_playstore", "parent": 99999999, "consumes": [ 43, - 61 + 63 ], "produces": [ 9 ] }, { - "id": 85, + "id": 87, "name": "gowitness", "parent": 99999999, "consumes": [ - 62, + 64, 3 ], "produces": [ 16, 3, 19, - 86 + 88 ] }, { - "id": 87, + "id": 89, "name": "hackertarget", "parent": 99999999, "consumes": [ @@ -1336,7 +1359,7 @@ ] }, { - "id": 88, + "id": 90, "name": "host_header", "parent": 99999999, "consumes": [ @@ -1347,7 +1370,7 @@ ] }, { - "id": 89, + "id": 91, "name": "httpx", "parent": 99999999, "consumes": [ @@ -1361,18 +1384,18 @@ ] }, { - "id": 90, + "id": 92, "name": "hunt", "parent": 99999999, "consumes": [ - 68 + 70 ], "produces": [ 4 ] }, { - "id": 91, + "id": 93, "name": "hunterio", "parent": 99999999, "consumes": [ @@ -1385,18 +1408,18 @@ ] }, { - "id": 92, + "id": 94, "name": "iis_shortnames", "parent": 99999999, "consumes": [ 3 ], "produces": [ - 72 + 74 ] }, { - "id": 93, + "id": 95, "name": "internetdb", "parent": 99999999, "consumes": [ @@ -1412,18 +1435,18 @@ ] }, { - "id": 94, + "id": 96, "name": "ip2location", "parent": 99999999, "consumes": [ 12 ], "produces": [ - 95 + 97 ] }, { - "id": 96, + "id": 98, "name": "ipneighbor", "parent": 99999999, "consumes": [ @@ -1434,18 +1457,18 @@ ] }, { - "id": 97, + "id": 99, "name": "ipstack", "parent": 99999999, "consumes": [ 12 ], "produces": [ - 95 + 97 ] }, { - "id": 98, + "id": 100, "name": "jadx", "parent": 99999999, "consumes": [ @@ -1456,7 +1479,7 @@ ] }, { - "id": 99, + "id": 101, "name": "leakix", "parent": 99999999, "consumes": [ @@ -1467,7 +1490,7 @@ ] }, { - "id": 100, + "id": 102, "name": "myssl", "parent": 99999999, "consumes": [ @@ -1478,7 +1501,7 @@ ] }, { - "id": 101, + "id": 103, "name": "newsletters", "parent": 99999999, "consumes": [ @@ -1489,7 +1512,7 @@ ] }, { - "id": 102, + "id": 104, "name": "ntlm", "parent": 99999999, "consumes": [ @@ -1502,7 +1525,7 @@ ] }, { - "id": 103, + "id": 105, "name": "nuclei", "parent": 99999999, "consumes": [ @@ -1515,7 +1538,7 @@ ] }, { - "id": 104, + "id": 106, "name": "oauth", "parent": 99999999, "consumes": [ @@ -1527,7 +1550,7 @@ ] }, { - "id": 105, + "id": 107, "name": "otx", "parent": 99999999, "consumes": [ @@ -1538,45 +1561,45 @@ ] }, { - "id": 106, + "id": 108, "name": "paramminer_cookies", "parent": 99999999, "consumes": [ 2, - 68 + 70 ], "produces": [ 4, - 68 + 70 ] }, { - "id": 107, + "id": 109, "name": "paramminer_getparams", "parent": 99999999, "consumes": [ 2, - 68 + 70 ], "produces": [ 4, - 68 + 70 ] }, { - "id": 108, + "id": 110, "name": "paramminer_headers", "parent": 99999999, "consumes": [ 2, - 68 + 70 ], "produces": [ - 68 + 70 ] }, { - "id": 109, + "id": 111, "name": "passivetotal", "parent": 99999999, "consumes": [ @@ -1587,7 +1610,7 @@ ] }, { - "id": 110, + "id": 112, "name": "pgp", "parent": 99999999, "consumes": [ @@ -1598,32 +1621,32 @@ ] }, { - "id": 111, + "id": 113, "name": "portscan", "parent": 99999999, "consumes": [ 7, 12, - 112 + 114 ], "produces": [ 15 ] }, { - "id": 113, + "id": 115, "name": "postman", "parent": 99999999, "consumes": [ - 61, - 62 + 63, + 64 ], "produces": [ 43 ] }, { - "id": 114, + "id": 116, "name": "postman_download", "parent": 99999999, "consumes": [ @@ -1634,7 +1657,7 @@ ] }, { - "id": 115, + "id": 117, "name": "rapiddns", "parent": 99999999, "consumes": [ @@ -1645,7 +1668,7 @@ ] }, { - "id": 116, + "id": 118, "name": "robots", "parent": 99999999, "consumes": [ @@ -1656,7 +1679,7 @@ ] }, { - "id": 117, + "id": 119, "name": "secretsdb", "parent": 99999999, "consumes": [ @@ -1667,7 +1690,7 @@ ] }, { - "id": 118, + "id": 120, "name": "securitytrails", "parent": 99999999, "consumes": [ @@ -1678,7 +1701,7 @@ ] }, { - "id": 119, + "id": 121, "name": "securitytxt", "parent": 99999999, "consumes": [ @@ -1690,7 +1713,7 @@ ] }, { - "id": 120, + "id": 122, "name": "shodan_dns", "parent": 99999999, "consumes": [ @@ -1701,7 +1724,7 @@ ] }, { - "id": 121, + "id": 123, "name": "sitedossier", "parent": 99999999, "consumes": [ @@ -1712,7 +1735,7 @@ ] }, { - "id": 122, + "id": 124, "name": "skymem", "parent": 99999999, "consumes": [ @@ -1723,7 +1746,7 @@ ] }, { - "id": 123, + "id": 125, "name": "smuggler", "parent": 99999999, "consumes": [ @@ -1734,28 +1757,28 @@ ] }, { - "id": 124, + "id": 126, "name": "social", "parent": 99999999, "consumes": [ 19 ], "produces": [ - 62 + 64 ] }, { - "id": 125, + "id": 127, "name": "speculate", "parent": 99999999, "consumes": [ - 126, + 128, 7, 22, 2, 12, - 112, - 62, + 114, + 64, 24, 3, 19, @@ -1766,11 +1789,11 @@ 4, 12, 15, - 61 + 63 ] }, { - "id": 127, + "id": 129, "name": "sslcert", "parent": 99999999, "consumes": [ @@ -1782,7 +1805,7 @@ ] }, { - "id": 128, + "id": 130, "name": "subdomaincenter", "parent": 99999999, "consumes": [ @@ -1793,7 +1816,7 @@ ] }, { - "id": 129, + "id": 131, "name": "subdomainradar", "parent": 99999999, "consumes": [ @@ -1804,7 +1827,7 @@ ] }, { - "id": 130, + "id": 132, "name": "subdomains", "parent": 99999999, "consumes": [ @@ -1814,7 +1837,7 @@ "produces": [] }, { - "id": 131, + "id": 133, "name": "telerik", "parent": 99999999, "consumes": [ @@ -1827,7 +1850,7 @@ ] }, { - "id": 132, + "id": 134, "name": "trickest", "parent": 99999999, "consumes": [ @@ -1838,7 +1861,7 @@ ] }, { - "id": 133, + "id": 135, "name": "trufflehog", "parent": 99999999, "consumes": [ @@ -1851,7 +1874,7 @@ ] }, { - "id": 134, + "id": 136, "name": "url_manipulation", "parent": 99999999, "consumes": [ @@ -1862,7 +1885,7 @@ ] }, { - "id": 135, + "id": 137, "name": "urlscan", "parent": 99999999, "consumes": [ @@ -1874,7 +1897,7 @@ ] }, { - "id": 136, + "id": 138, "name": "vhost", "parent": 99999999, "consumes": [ @@ -1882,11 +1905,11 @@ ], "produces": [ 7, - 137 + 139 ] }, { - "id": 138, + "id": 140, "name": "viewdns", "parent": 99999999, "consumes": [ @@ -1897,7 +1920,7 @@ ] }, { - "id": 139, + "id": 141, "name": "virustotal", "parent": 99999999, "consumes": [ @@ -1908,7 +1931,7 @@ ] }, { - "id": 140, + "id": 142, "name": "wafw00f", "parent": 99999999, "consumes": [ @@ -1919,7 +1942,7 @@ ] }, { - "id": 141, + "id": 143, "name": "wappalyzer", "parent": 99999999, "consumes": [ @@ -1930,7 +1953,7 @@ ] }, { - "id": 142, + "id": 144, "name": "wayback", "parent": 99999999, "consumes": [ @@ -1942,20 +1965,20 @@ ] }, { - "id": 143, + "id": 145, "name": "web_report", "parent": 99999999, "consumes": [ 4, 16, 3, - 137, + 139, 5 ], "produces": [] }, { - "id": 144, + "id": 146, "name": "wpscan", "parent": 99999999, "consumes": [ @@ -1970,7 +1993,7 @@ ] }, { - "id": 145, + "id": 147, "name": "zoomeye", "parent": 99999999, "consumes": [ diff --git a/docs/data/chord_graph/rels.json b/docs/data/chord_graph/rels.json index 9cd5f0b9e..96980c3fd 100644 --- a/docs/data/chord_graph/rels.json +++ b/docs/data/chord_graph/rels.json @@ -515,1173 +515,1188 @@ "type": "consumes" }, { - "source": 7, + "source": 55, "target": 54, "type": "produces" }, { - "source": 55, + "source": 19, + "target": 54, + "type": "produces" + }, + { + "source": 56, "target": 7, "type": "consumes" }, { "source": 7, - "target": 55, + "target": 56, "type": "produces" }, { - "source": 56, + "source": 57, "target": 7, "type": "consumes" }, { "source": 7, - "target": 56, + "target": 57, + "type": "produces" + }, + { + "source": 58, + "target": 7, + "type": "consumes" + }, + { + "source": 7, + "target": 58, "type": "produces" }, { "source": 46, - "target": 56, + "target": 58, "type": "produces" }, { "source": 19, - "target": 56, + "target": 58, "type": "produces" }, { - "source": 57, + "source": 59, "target": 7, "type": "consumes" }, { "source": 7, - "target": 57, + "target": 59, "type": "produces" }, { - "source": 58, + "source": 60, "target": 7, "type": "consumes" }, { "source": 7, - "target": 58, + "target": 60, "type": "produces" }, { - "source": 59, + "source": 61, "target": 43, "type": "consumes" }, { "source": 10, - "target": 59, + "target": 61, "type": "produces" }, { - "source": 60, - "target": 61, + "source": 62, + "target": 63, "type": "consumes" }, { - "source": 60, - "target": 62, + "source": 62, + "target": 64, "type": "consumes" }, { "source": 43, - "target": 60, + "target": 62, "type": "produces" }, { - "source": 62, - "target": 60, + "source": 64, + "target": 62, "type": "produces" }, { "source": 19, - "target": 60, + "target": 62, "type": "produces" }, { - "source": 63, + "source": 65, "target": 2, "type": "consumes" }, { "source": 16, - "target": 63, + "target": 65, "type": "produces" }, { "source": 5, - "target": 63, + "target": 65, "type": "produces" }, { - "source": 64, + "source": 66, "target": 7, "type": "consumes" }, { "source": 46, - "target": 64, + "target": 66, "type": "produces" }, { - "source": 65, + "source": 67, "target": 46, "type": "consumes" }, { - "source": 66, + "source": 68, "target": 2, "type": "consumes" }, { - "source": 66, - "target": 67, + "source": 68, + "target": 69, "type": "consumes" }, { "source": 19, - "target": 66, + "target": 68, "type": "produces" }, { - "source": 68, - "target": 66, + "source": 70, + "target": 68, "type": "produces" }, { - "source": 69, + "source": 71, "target": 10, "type": "consumes" }, { - "source": 67, - "target": 69, + "source": 69, + "target": 71, "type": "produces" }, { - "source": 70, + "source": 72, "target": 3, "type": "consumes" }, { "source": 19, - "target": 70, + "target": 72, "type": "produces" }, { - "source": 71, - "target": 72, + "source": 73, + "target": 74, "type": "consumes" }, { "source": 19, - "target": 71, + "target": 73, "type": "produces" }, { - "source": 73, + "source": 75, "target": 2, "type": "consumes" }, { - "source": 73, + "source": 75, "target": 19, "type": "consumes" }, { "source": 10, - "target": 73, + "target": 75, "type": "produces" }, { - "source": 74, + "source": 76, "target": 15, "type": "consumes" }, { - "source": 75, - "target": 74, + "source": 77, + "target": 76, "type": "produces" }, { - "source": 76, + "source": 78, "target": 7, "type": "consumes" }, { "source": 7, - "target": 76, + "target": 78, "type": "produces" }, { - "source": 77, + "source": 79, "target": 3, "type": "consumes" }, { "source": 5, - "target": 77, + "target": 79, "type": "produces" }, { - "source": 78, + "source": 80, "target": 3, "type": "consumes" }, { "source": 4, - "target": 78, + "target": 80, "type": "produces" }, { - "source": 79, + "source": 81, "target": 43, "type": "consumes" }, { "source": 10, - "target": 79, + "target": 81, "type": "produces" }, { - "source": 80, + "source": 82, "target": 7, "type": "consumes" }, { "source": 43, - "target": 80, + "target": 82, "type": "produces" }, { "source": 19, - "target": 80, + "target": 82, "type": "produces" }, { - "source": 81, - "target": 61, + "source": 83, + "target": 63, "type": "consumes" }, { - "source": 81, - "target": 62, + "source": 83, + "target": 64, "type": "consumes" }, { "source": 43, - "target": 81, + "target": 83, "type": "produces" }, { - "source": 82, + "source": 84, "target": 43, "type": "consumes" }, { "source": 10, - "target": 82, + "target": 84, "type": "produces" }, { - "source": 83, + "source": 85, "target": 2, "type": "consumes" }, { - "source": 83, - "target": 62, + "source": 85, + "target": 64, "type": "consumes" }, { - "source": 83, + "source": 85, "target": 16, "type": "consumes" }, { "source": 43, - "target": 83, + "target": 85, "type": "produces" }, { "source": 4, - "target": 83, + "target": 85, "type": "produces" }, { - "source": 62, - "target": 83, + "source": 64, + "target": 85, "type": "produces" }, { "source": 16, - "target": 83, + "target": 85, "type": "produces" }, { - "source": 84, + "source": 86, "target": 43, "type": "consumes" }, { - "source": 84, - "target": 61, + "source": 86, + "target": 63, "type": "consumes" }, { "source": 9, - "target": 84, + "target": 86, "type": "produces" }, { - "source": 85, - "target": 62, + "source": 87, + "target": 64, "type": "consumes" }, { - "source": 85, + "source": 87, "target": 3, "type": "consumes" }, { "source": 16, - "target": 85, + "target": 87, "type": "produces" }, { "source": 3, - "target": 85, + "target": 87, "type": "produces" }, { "source": 19, - "target": 85, + "target": 87, "type": "produces" }, { - "source": 86, - "target": 85, + "source": 88, + "target": 87, "type": "produces" }, { - "source": 87, + "source": 89, "target": 7, "type": "consumes" }, { "source": 7, - "target": 87, + "target": 89, "type": "produces" }, { - "source": 88, + "source": 90, "target": 2, "type": "consumes" }, { "source": 4, - "target": 88, + "target": 90, "type": "produces" }, { - "source": 89, + "source": 91, "target": 15, "type": "consumes" }, { - "source": 89, + "source": 91, "target": 3, "type": "consumes" }, { - "source": 89, + "source": 91, "target": 19, "type": "consumes" }, { "source": 2, - "target": 89, + "target": 91, "type": "produces" }, { "source": 3, - "target": 89, + "target": 91, "type": "produces" }, { - "source": 90, - "target": 68, + "source": 92, + "target": 70, "type": "consumes" }, { "source": 4, - "target": 90, + "target": 92, "type": "produces" }, { - "source": 91, + "source": 93, "target": 7, "type": "consumes" }, { "source": 7, - "target": 91, + "target": 93, "type": "produces" }, { "source": 46, - "target": 91, + "target": 93, "type": "produces" }, { "source": 19, - "target": 91, + "target": 93, "type": "produces" }, { - "source": 92, + "source": 94, "target": 3, "type": "consumes" }, { - "source": 72, - "target": 92, + "source": 74, + "target": 94, "type": "produces" }, { - "source": 93, + "source": 95, "target": 7, "type": "consumes" }, { - "source": 93, + "source": 95, "target": 12, "type": "consumes" }, { "source": 7, - "target": 93, + "target": 95, "type": "produces" }, { "source": 4, - "target": 93, + "target": 95, "type": "produces" }, { "source": 15, - "target": 93, + "target": 95, "type": "produces" }, { "source": 16, - "target": 93, + "target": 95, "type": "produces" }, { "source": 5, - "target": 93, + "target": 95, "type": "produces" }, { - "source": 94, + "source": 96, "target": 12, "type": "consumes" }, { - "source": 95, - "target": 94, + "source": 97, + "target": 96, "type": "produces" }, { - "source": 96, + "source": 98, "target": 12, "type": "consumes" }, { "source": 12, - "target": 96, + "target": 98, "type": "produces" }, { - "source": 97, + "source": 99, "target": 12, "type": "consumes" }, { - "source": 95, - "target": 97, + "source": 97, + "target": 99, "type": "produces" }, { - "source": 98, + "source": 100, "target": 10, "type": "consumes" }, { "source": 10, - "target": 98, + "target": 100, "type": "produces" }, { - "source": 99, + "source": 101, "target": 7, "type": "consumes" }, { "source": 7, - "target": 99, + "target": 101, "type": "produces" }, { - "source": 100, + "source": 102, "target": 7, "type": "consumes" }, { "source": 7, - "target": 100, + "target": 102, "type": "produces" }, { - "source": 101, + "source": 103, "target": 2, "type": "consumes" }, { "source": 4, - "target": 101, + "target": 103, "type": "produces" }, { - "source": 102, + "source": 104, "target": 2, "type": "consumes" }, { - "source": 102, + "source": 104, "target": 3, "type": "consumes" }, { "source": 7, - "target": 102, + "target": 104, "type": "produces" }, { "source": 4, - "target": 102, + "target": 104, "type": "produces" }, { - "source": 103, + "source": 105, "target": 3, "type": "consumes" }, { "source": 4, - "target": 103, + "target": 105, "type": "produces" }, { "source": 16, - "target": 103, + "target": 105, "type": "produces" }, { "source": 5, - "target": 103, + "target": 105, "type": "produces" }, { - "source": 104, + "source": 106, "target": 7, "type": "consumes" }, { - "source": 104, + "source": 106, "target": 19, "type": "consumes" }, { "source": 7, - "target": 104, + "target": 106, "type": "produces" }, { - "source": 105, + "source": 107, "target": 7, "type": "consumes" }, { "source": 7, - "target": 105, + "target": 107, "type": "produces" }, { - "source": 106, + "source": 108, "target": 2, "type": "consumes" }, { - "source": 106, - "target": 68, + "source": 108, + "target": 70, "type": "consumes" }, { "source": 4, - "target": 106, + "target": 108, "type": "produces" }, { - "source": 68, - "target": 106, + "source": 70, + "target": 108, "type": "produces" }, { - "source": 107, + "source": 109, "target": 2, "type": "consumes" }, { - "source": 107, - "target": 68, + "source": 109, + "target": 70, "type": "consumes" }, { "source": 4, - "target": 107, + "target": 109, "type": "produces" }, { - "source": 68, - "target": 107, + "source": 70, + "target": 109, "type": "produces" }, { - "source": 108, + "source": 110, "target": 2, "type": "consumes" }, { - "source": 108, - "target": 68, + "source": 110, + "target": 70, "type": "consumes" }, { - "source": 68, - "target": 108, + "source": 70, + "target": 110, "type": "produces" }, { - "source": 109, + "source": 111, "target": 7, "type": "consumes" }, { "source": 7, - "target": 109, + "target": 111, "type": "produces" }, { - "source": 110, + "source": 112, "target": 7, "type": "consumes" }, { "source": 46, - "target": 110, + "target": 112, "type": "produces" }, { - "source": 111, + "source": 113, "target": 7, "type": "consumes" }, { - "source": 111, + "source": 113, "target": 12, "type": "consumes" }, { - "source": 111, - "target": 112, + "source": 113, + "target": 114, "type": "consumes" }, { "source": 15, - "target": 111, + "target": 113, "type": "produces" }, { - "source": 113, - "target": 61, + "source": 115, + "target": 63, "type": "consumes" }, { - "source": 113, - "target": 62, + "source": 115, + "target": 64, "type": "consumes" }, { "source": 43, - "target": 113, + "target": 115, "type": "produces" }, { - "source": 114, + "source": 116, "target": 43, "type": "consumes" }, { "source": 10, - "target": 114, + "target": 116, "type": "produces" }, { - "source": 115, + "source": 117, "target": 7, "type": "consumes" }, { "source": 7, - "target": 115, + "target": 117, "type": "produces" }, { - "source": 116, + "source": 118, "target": 3, "type": "consumes" }, { "source": 19, - "target": 116, + "target": 118, "type": "produces" }, { - "source": 117, + "source": 119, "target": 2, "type": "consumes" }, { "source": 4, - "target": 117, + "target": 119, "type": "produces" }, { - "source": 118, + "source": 120, "target": 7, "type": "consumes" }, { "source": 7, - "target": 118, + "target": 120, "type": "produces" }, { - "source": 119, + "source": 121, "target": 7, "type": "consumes" }, { "source": 46, - "target": 119, + "target": 121, "type": "produces" }, { "source": 19, - "target": 119, + "target": 121, "type": "produces" }, { - "source": 120, + "source": 122, "target": 7, "type": "consumes" }, { "source": 7, - "target": 120, + "target": 122, "type": "produces" }, { - "source": 121, + "source": 123, "target": 7, "type": "consumes" }, { "source": 7, - "target": 121, + "target": 123, "type": "produces" }, { - "source": 122, + "source": 124, "target": 7, "type": "consumes" }, { "source": 46, - "target": 122, + "target": 124, "type": "produces" }, { - "source": 123, + "source": 125, "target": 3, "type": "consumes" }, { "source": 4, - "target": 123, + "target": 125, "type": "produces" }, { - "source": 124, + "source": 126, "target": 19, "type": "consumes" }, { - "source": 62, - "target": 124, + "source": 64, + "target": 126, "type": "produces" }, { - "source": 125, - "target": 126, + "source": 127, + "target": 128, "type": "consumes" }, { - "source": 125, + "source": 127, "target": 7, "type": "consumes" }, { - "source": 125, + "source": 127, "target": 22, "type": "consumes" }, { - "source": 125, + "source": 127, "target": 2, "type": "consumes" }, { - "source": 125, + "source": 127, "target": 12, "type": "consumes" }, { - "source": 125, - "target": 112, + "source": 127, + "target": 114, "type": "consumes" }, { - "source": 125, - "target": 62, + "source": 127, + "target": 64, "type": "consumes" }, { - "source": 125, + "source": 127, "target": 24, "type": "consumes" }, { - "source": 125, + "source": 127, "target": 3, "type": "consumes" }, { - "source": 125, + "source": 127, "target": 19, "type": "consumes" }, { - "source": 125, + "source": 127, "target": 49, "type": "consumes" }, { "source": 7, - "target": 125, + "target": 127, "type": "produces" }, { "source": 4, - "target": 125, + "target": 127, "type": "produces" }, { "source": 12, - "target": 125, + "target": 127, "type": "produces" }, { "source": 15, - "target": 125, + "target": 127, "type": "produces" }, { - "source": 61, - "target": 125, + "source": 63, + "target": 127, "type": "produces" }, { - "source": 127, + "source": 129, "target": 15, "type": "consumes" }, { "source": 7, - "target": 127, + "target": 129, "type": "produces" }, { "source": 46, - "target": 127, + "target": 129, "type": "produces" }, { - "source": 128, + "source": 130, "target": 7, "type": "consumes" }, { "source": 7, - "target": 128, + "target": 130, "type": "produces" }, { - "source": 129, + "source": 131, "target": 7, "type": "consumes" }, { "source": 7, - "target": 129, + "target": 131, "type": "produces" }, { - "source": 130, + "source": 132, "target": 7, "type": "consumes" }, { - "source": 130, + "source": 132, "target": 22, "type": "consumes" }, { - "source": 131, + "source": 133, "target": 2, "type": "consumes" }, { - "source": 131, + "source": 133, "target": 3, "type": "consumes" }, { "source": 4, - "target": 131, + "target": 133, "type": "produces" }, { "source": 5, - "target": 131, + "target": 133, "type": "produces" }, { - "source": 132, + "source": 134, "target": 7, "type": "consumes" }, { "source": 7, - "target": 132, + "target": 134, "type": "produces" }, { - "source": 133, + "source": 135, "target": 43, "type": "consumes" }, { - "source": 133, + "source": 135, "target": 10, "type": "consumes" }, { "source": 4, - "target": 133, + "target": 135, "type": "produces" }, { "source": 5, - "target": 133, + "target": 135, "type": "produces" }, { - "source": 134, + "source": 136, "target": 3, "type": "consumes" }, { "source": 4, - "target": 134, + "target": 136, "type": "produces" }, { - "source": 135, + "source": 137, "target": 7, "type": "consumes" }, { "source": 7, - "target": 135, + "target": 137, "type": "produces" }, { "source": 19, - "target": 135, + "target": 137, "type": "produces" }, { - "source": 136, + "source": 138, "target": 3, "type": "consumes" }, { "source": 7, - "target": 136, + "target": 138, "type": "produces" }, { - "source": 137, - "target": 136, + "source": 139, + "target": 138, "type": "produces" }, { - "source": 138, + "source": 140, "target": 7, "type": "consumes" }, { "source": 7, - "target": 138, + "target": 140, "type": "produces" }, { - "source": 139, + "source": 141, "target": 7, "type": "consumes" }, { "source": 7, - "target": 139, + "target": 141, "type": "produces" }, { - "source": 140, + "source": 142, "target": 3, "type": "consumes" }, { "source": 17, - "target": 140, + "target": 142, "type": "produces" }, { - "source": 141, + "source": 143, "target": 2, "type": "consumes" }, { "source": 16, - "target": 141, + "target": 143, "type": "produces" }, { - "source": 142, + "source": 144, "target": 7, "type": "consumes" }, { "source": 7, - "target": 142, + "target": 144, "type": "produces" }, { "source": 19, - "target": 142, + "target": 144, "type": "produces" }, { - "source": 143, + "source": 145, "target": 4, "type": "consumes" }, { - "source": 143, + "source": 145, "target": 16, "type": "consumes" }, { - "source": 143, + "source": 145, "target": 3, "type": "consumes" }, { - "source": 143, - "target": 137, + "source": 145, + "target": 139, "type": "consumes" }, { - "source": 143, + "source": 145, "target": 5, "type": "consumes" }, { - "source": 144, + "source": 146, "target": 2, "type": "consumes" }, { - "source": 144, + "source": 146, "target": 16, "type": "consumes" }, { "source": 4, - "target": 144, + "target": 146, "type": "produces" }, { "source": 16, - "target": 144, + "target": 146, "type": "produces" }, { "source": 19, - "target": 144, + "target": 146, "type": "produces" }, { "source": 5, - "target": 144, + "target": 146, "type": "produces" }, { - "source": 145, + "source": 147, "target": 7, "type": "consumes" }, { "source": 7, - "target": 145, + "target": 147, "type": "produces" } ] \ No newline at end of file diff --git a/docs/modules/list_of_modules.md b/docs/modules/list_of_modules.md index 06021d429..e9798983c 100644 --- a/docs/modules/list_of_modules.md +++ b/docs/modules/list_of_modules.md @@ -71,6 +71,7 @@ | crt | scan | No | Query crt.sh (certificate transparency) for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-05-13 | | dehashed | scan | Yes | Execute queries against dehashed.com for exposed credentials | email-enum, passive, safe | DNS_NAME | EMAIL_ADDRESS, HASHED_PASSWORD, PASSWORD, USERNAME | @SpamFaux | 2023-10-12 | | digitorus | scan | No | Query certificatedetails.com for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2023-07-25 | +| dnsbimi | scan | No | Check DNS_NAME's for BIMI records to find image and certificate hosting URL's | cloud-enum, passive, safe, subdomain-enum | DNS_NAME | RAW_DNS_RECORD, URL_UNVERIFIED | @colin-stubbs | 2024-11-15 | | dnscaa | scan | No | Check for CAA records | email-enum, passive, safe, subdomain-enum | DNS_NAME | DNS_NAME, EMAIL_ADDRESS, URL_UNVERIFIED | @colin-stubbs | 2024-05-26 | | dnsdumpster | scan | No | Query dnsdumpster for subdomains | passive, safe, subdomain-enum | DNS_NAME | DNS_NAME | @TheTechromancer | 2022-03-12 | | docker_pull | scan | No | Download images from a docker repository | code-enum, passive, safe, slow | CODE_REPOSITORY | FILESYSTEM | @domwhewell-sage | 2024-03-24 | diff --git a/docs/scanning/advanced.md b/docs/scanning/advanced.md index bfe28e696..355aabc25 100644 --- a/docs/scanning/advanced.md +++ b/docs/scanning/advanced.md @@ -69,14 +69,14 @@ Presets: Modules: -m MODULE [MODULE ...], --modules MODULE [MODULE ...] - Modules to enable. Choices: filedownload,ffuf,bucket_google,newsletters,ipstack,sitedossier,bypass403,nuclei,hunt,azure_realm,builtwith,otx,paramminer_headers,dnscaa,bucket_amazon,extractous,bufferoverrun,ipneighbor,smuggler,github_codesearch,c99,dnscommonsrv,sslcert,code_repository,url_manipulation,gitlab,dnsbrute_mutations,oauth,anubisdb,viewdns,dnsdumpster,azure_tenant,fingerprintx,leakix,dotnetnuke,paramminer_getparams,vhost,urlscan,wpscan,trickest,social,postman,crt,bucket_file_enum,baddns_zone,rapiddns,credshed,subdomainradar,ajaxpro,secretsdb,internetdb,fullhunt,certspotter,censys,jadx,chaos,ntlm,iis_shortnames,wafw00f,dockerhub,bucket_azure,git,bucket_digitalocean,digitorus,hunterio,skymem,ip2location,github_workflows,baddns_direct,pgp,myssl,dehashed,portscan,securitytxt,generic_ssrf,ffuf_shortnames,httpx,virustotal,docker_pull,columbus,asn,telerik,paramminer_cookies,apkpure,git_clone,postman_download,hackertarget,affiliates,dastardly,robots,securitytrails,trufflehog,zoomeye,passivetotal,host_header,wayback,binaryedge,shodan_dns,subdomaincenter,emailformat,google_playstore,badsecrets,wappalyzer,dnsbrute,gowitness,bevigil,github_org,baddns,bucket_firebase + Modules to enable. Choices: sitedossier,crt,postman,ipneighbor,bucket_amazon,baddns_direct,ipstack,extractous,bucket_google,host_header,internetdb,jadx,baddns_zone,bucket_azure,ajaxpro,skymem,censys,postman_download,dockerhub,generic_ssrf,ip2location,gitlab,url_manipulation,paramminer_getparams,builtwith,emailformat,gowitness,github_workflows,bevigil,wayback,subdomaincenter,nuclei,bucket_firebase,bucket_file_enum,badsecrets,httpx,apkpure,leakix,paramminer_headers,chaos,git,filedownload,git_clone,sslcert,virustotal,trufflehog,ffuf,pgp,shodan_dns,certspotter,ntlm,secretsdb,wappalyzer,c99,securitytrails,securitytxt,newsletters,urlscan,dnsdumpster,credshed,baddns,wafw00f,dastardly,azure_tenant,docker_pull,columbus,fullhunt,fingerprintx,hackertarget,github_codesearch,dnsbrute,zoomeye,affiliates,oauth,azure_realm,binaryedge,bufferoverrun,dehashed,dnscaa,dnscommonsrv,myssl,ffuf_shortnames,robots,rapiddns,digitorus,wpscan,hunterio,passivetotal,code_repository,bypass403,vhost,google_playstore,dnsbrute_mutations,anubisdb,viewdns,trickest,portscan,smuggler,iis_shortnames,paramminer_cookies,bucket_digitalocean,dnsbimi,social,otx,github_org,hunt,telerik,subdomainradar,dotnetnuke,asn -l, --list-modules List available modules. -lmo, --list-module-options Show all module config options -em MODULE [MODULE ...], --exclude-modules MODULE [MODULE ...] Exclude these modules. -f FLAG [FLAG ...], --flags FLAG [FLAG ...] - Enable modules by flag. Choices: web-screenshots,code-enum,iis-shortnames,subdomain-hijack,active,deadly,report,email-enum,web-thorough,web-basic,passive,portscan,service-enum,cloud-enum,safe,subdomain-enum,social-enum,baddns,web-paramminer,aggressive,affiliates,slow + Enable modules by flag. Choices: email-enum,affiliates,web-screenshots,subdomain-hijack,baddns,portscan,iis-shortnames,safe,web-thorough,active,cloud-enum,web-basic,passive,report,code-enum,subdomain-enum,slow,aggressive,social-enum,deadly,web-paramminer,service-enum -lf, --list-flags List available flags. -rf FLAG [FLAG ...], --require-flags FLAG [FLAG ...] Only enable modules with these flags (e.g. -rf passive) @@ -101,7 +101,7 @@ Output: -o DIR, --output-dir DIR Directory to output scan results -om MODULE [MODULE ...], --output-modules MODULE [MODULE ...] - Output module(s). Choices: subdomains,python,http,neo4j,web_report,discord,emails,json,asset_inventory,websocket,sqlite,stdout,txt,teams,splunk,slack,csv + Output module(s). Choices: asset_inventory,discord,python,slack,http,json,web_report,teams,subdomains,emails,websocket,sqlite,txt,csv,stdout,neo4j,splunk --json, -j Output scan data in JSON format --brief, -br Output only the data itself --event-types EVENT_TYPES [EVENT_TYPES ...] diff --git a/docs/scanning/configuration.md b/docs/scanning/configuration.md index aa33b48c4..51f9cc3f0 100644 --- a/docs/scanning/configuration.md +++ b/docs/scanning/configuration.md @@ -387,6 +387,9 @@ Many modules accept their own configuration options. These options have the abil | modules.credshed.username | str | Credshed username | | | modules.dehashed.api_key | str | DeHashed API Key | | | modules.dehashed.username | str | Email Address associated with your API key | | +| modules.dnsbimi.emit_raw_dns_records | bool | Emit RAW_DNS_RECORD events | False | +| modules.dnsbimi.emit_urls | bool | Emit URL_UNVERIFIED events | True | +| modules.dnsbimi.selectors | str | CSV list of BIMI selectors to check | default,email,mail,bimi | | modules.dnscaa.dns_names | bool | emit DNS_NAME events | True | | modules.dnscaa.emails | bool | emit EMAIL_ADDRESS events | True | | modules.dnscaa.in_scope_only | bool | Only check in-scope domains | True | @@ -427,7 +430,7 @@ Many modules accept their own configuration options. These options have the abil | modules.trufflehog.config | str | File path or URL to YAML trufflehog config | | | modules.trufflehog.deleted_forks | bool | Scan for deleted github forks. WARNING: This is SLOW. For a smaller repository, this process can take 20 minutes. For a larger repository, it could take hours. | False | | modules.trufflehog.only_verified | bool | Only report credentials that have been verified | True | -| modules.trufflehog.version | str | trufflehog version | 3.83.6 | +| modules.trufflehog.version | str | trufflehog version | 3.83.7 | | modules.urlscan.urls | bool | Emit URLs in addition to DNS_NAMEs | False | | modules.virustotal.api_key | str | VirusTotal API Key | | | modules.wayback.garbage_threshold | int | Dedupe similar urls if they are in a group of this size or higher (lower values == less garbage data) | 10 | diff --git a/docs/scanning/events.md b/docs/scanning/events.md index 5168d93df..48a98515a 100644 --- a/docs/scanning/events.md +++ b/docs/scanning/events.md @@ -104,40 +104,41 @@ Below is a full list of event types along with which modules produce/consume the ## List of Event Types -| Event Type | # Consuming Modules | # Producing Modules | Consuming Modules | Producing Modules | -|---------------------|-----------------------|-----------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| * | 16 | 0 | affiliates, cloudcheck, csv, discord, dnsresolve, http, json, neo4j, python, slack, splunk, sqlite, stdout, teams, txt, websocket | | -| ASN | 0 | 1 | | asn | -| AZURE_TENANT | 1 | 0 | speculate | | -| CODE_REPOSITORY | 6 | 6 | docker_pull, git_clone, github_workflows, google_playstore, postman_download, trufflehog | code_repository, dockerhub, github_codesearch, github_org, gitlab, postman | -| DNS_NAME | 58 | 43 | anubisdb, asset_inventory, azure_realm, azure_tenant, baddns, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, credshed, crt, dehashed, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, emailformat, fullhunt, github_codesearch, hackertarget, hunterio, internetdb, leakix, myssl, oauth, otx, passivetotal, pgp, portscan, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, speculate, subdomaincenter, subdomainradar, subdomains, trickest, urlscan, viewdns, virustotal, wayback, zoomeye | anubisdb, azure_tenant, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, hackertarget, hunterio, internetdb, leakix, myssl, ntlm, oauth, otx, passivetotal, rapiddns, securitytrails, shodan_dns, sitedossier, speculate, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, vhost, viewdns, virustotal, wayback, zoomeye | -| DNS_NAME_UNRESOLVED | 3 | 0 | baddns, speculate, subdomains | | -| EMAIL_ADDRESS | 1 | 9 | emails | credshed, dehashed, dnscaa, emailformat, hunterio, pgp, securitytxt, skymem, sslcert | -| FILESYSTEM | 3 | 7 | extractous, jadx, trufflehog | apkpure, docker_pull, filedownload, git_clone, github_workflows, jadx, postman_download | -| FINDING | 2 | 29 | asset_inventory, web_report | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, git, gitlab, host_header, hunt, internetdb, newsletters, ntlm, nuclei, paramminer_cookies, paramminer_getparams, secretsdb, smuggler, speculate, telerik, trufflehog, url_manipulation, wpscan | -| GEOLOCATION | 0 | 2 | | ip2location, ipstack | -| HASHED_PASSWORD | 0 | 2 | | credshed, dehashed | -| HTTP_RESPONSE | 19 | 1 | ajaxpro, asset_inventory, badsecrets, dastardly, dotnetnuke, excavate, filedownload, gitlab, host_header, newsletters, ntlm, paramminer_cookies, paramminer_getparams, paramminer_headers, secretsdb, speculate, telerik, wappalyzer, wpscan | httpx | -| IP_ADDRESS | 8 | 3 | asn, asset_inventory, internetdb, ip2location, ipneighbor, ipstack, portscan, speculate | asset_inventory, ipneighbor, speculate | -| IP_RANGE | 2 | 0 | portscan, speculate | | -| MOBILE_APP | 1 | 1 | apkpure | google_playstore | -| OPEN_TCP_PORT | 4 | 4 | asset_inventory, fingerprintx, httpx, sslcert | asset_inventory, internetdb, portscan, speculate | -| ORG_STUB | 4 | 1 | dockerhub, github_org, google_playstore, postman | speculate | -| PASSWORD | 0 | 2 | | credshed, dehashed | -| PROTOCOL | 0 | 1 | | fingerprintx | -| RAW_TEXT | 1 | 1 | excavate | extractous | -| SOCIAL | 6 | 3 | dockerhub, github_org, gitlab, gowitness, postman, speculate | dockerhub, gitlab, social | -| STORAGE_BUCKET | 8 | 5 | baddns_direct, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, speculate | bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google | -| TECHNOLOGY | 4 | 8 | asset_inventory, gitlab, web_report, wpscan | badsecrets, dotnetnuke, gitlab, gowitness, internetdb, nuclei, wappalyzer, wpscan | -| URL | 20 | 2 | ajaxpro, asset_inventory, baddns_direct, bypass403, ffuf, generic_ssrf, git, gowitness, httpx, iis_shortnames, ntlm, nuclei, robots, smuggler, speculate, telerik, url_manipulation, vhost, wafw00f, web_report | gowitness, httpx | -| URL_HINT | 1 | 1 | ffuf_shortnames | iis_shortnames | -| URL_UNVERIFIED | 6 | 16 | code_repository, filedownload, httpx, oauth, social, speculate | azure_realm, bevigil, bucket_file_enum, dnscaa, dockerhub, excavate, ffuf, ffuf_shortnames, github_codesearch, gowitness, hunterio, robots, securitytxt, urlscan, wayback, wpscan | -| USERNAME | 1 | 2 | speculate | credshed, dehashed | -| VHOST | 1 | 1 | web_report | vhost | -| VULNERABILITY | 2 | 13 | asset_inventory, web_report | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, dastardly, dotnetnuke, generic_ssrf, internetdb, nuclei, telerik, trufflehog, wpscan | -| WAF | 1 | 1 | asset_inventory | wafw00f | -| WEBSCREENSHOT | 0 | 1 | | gowitness | -| WEB_PARAMETER | 4 | 4 | hunt, paramminer_cookies, paramminer_getparams, paramminer_headers | excavate, paramminer_cookies, paramminer_getparams, paramminer_headers | +| Event Type | # Consuming Modules | # Producing Modules | Consuming Modules | Producing Modules | +|---------------------|-----------------------|-----------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| * | 16 | 0 | affiliates, cloudcheck, csv, discord, dnsresolve, http, json, neo4j, python, slack, splunk, sqlite, stdout, teams, txt, websocket | | +| ASN | 0 | 1 | | asn | +| AZURE_TENANT | 1 | 0 | speculate | | +| CODE_REPOSITORY | 6 | 6 | docker_pull, git_clone, github_workflows, google_playstore, postman_download, trufflehog | code_repository, dockerhub, github_codesearch, github_org, gitlab, postman | +| DNS_NAME | 59 | 43 | anubisdb, asset_inventory, azure_realm, azure_tenant, baddns, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, credshed, crt, dehashed, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, emailformat, fullhunt, github_codesearch, hackertarget, hunterio, internetdb, leakix, myssl, oauth, otx, passivetotal, pgp, portscan, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, speculate, subdomaincenter, subdomainradar, subdomains, trickest, urlscan, viewdns, virustotal, wayback, zoomeye | anubisdb, azure_tenant, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, hackertarget, hunterio, internetdb, leakix, myssl, ntlm, oauth, otx, passivetotal, rapiddns, securitytrails, shodan_dns, sitedossier, speculate, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, vhost, viewdns, virustotal, wayback, zoomeye | +| DNS_NAME_UNRESOLVED | 3 | 0 | baddns, speculate, subdomains | | +| EMAIL_ADDRESS | 1 | 9 | emails | credshed, dehashed, dnscaa, emailformat, hunterio, pgp, securitytxt, skymem, sslcert | +| FILESYSTEM | 3 | 7 | extractous, jadx, trufflehog | apkpure, docker_pull, filedownload, git_clone, github_workflows, jadx, postman_download | +| FINDING | 2 | 29 | asset_inventory, web_report | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, git, gitlab, host_header, hunt, internetdb, newsletters, ntlm, nuclei, paramminer_cookies, paramminer_getparams, secretsdb, smuggler, speculate, telerik, trufflehog, url_manipulation, wpscan | +| GEOLOCATION | 0 | 2 | | ip2location, ipstack | +| HASHED_PASSWORD | 0 | 2 | | credshed, dehashed | +| HTTP_RESPONSE | 19 | 1 | ajaxpro, asset_inventory, badsecrets, dastardly, dotnetnuke, excavate, filedownload, gitlab, host_header, newsletters, ntlm, paramminer_cookies, paramminer_getparams, paramminer_headers, secretsdb, speculate, telerik, wappalyzer, wpscan | httpx | +| IP_ADDRESS | 8 | 3 | asn, asset_inventory, internetdb, ip2location, ipneighbor, ipstack, portscan, speculate | asset_inventory, ipneighbor, speculate | +| IP_RANGE | 2 | 0 | portscan, speculate | | +| MOBILE_APP | 1 | 1 | apkpure | google_playstore | +| OPEN_TCP_PORT | 4 | 4 | asset_inventory, fingerprintx, httpx, sslcert | asset_inventory, internetdb, portscan, speculate | +| ORG_STUB | 4 | 1 | dockerhub, github_org, google_playstore, postman | speculate | +| PASSWORD | 0 | 2 | | credshed, dehashed | +| PROTOCOL | 0 | 1 | | fingerprintx | +| RAW_DNS_RECORD | 0 | 1 | | dnsbimi | +| RAW_TEXT | 1 | 1 | excavate | extractous | +| SOCIAL | 6 | 3 | dockerhub, github_org, gitlab, gowitness, postman, speculate | dockerhub, gitlab, social | +| STORAGE_BUCKET | 8 | 5 | baddns_direct, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, speculate | bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google | +| TECHNOLOGY | 4 | 8 | asset_inventory, gitlab, web_report, wpscan | badsecrets, dotnetnuke, gitlab, gowitness, internetdb, nuclei, wappalyzer, wpscan | +| URL | 20 | 2 | ajaxpro, asset_inventory, baddns_direct, bypass403, ffuf, generic_ssrf, git, gowitness, httpx, iis_shortnames, ntlm, nuclei, robots, smuggler, speculate, telerik, url_manipulation, vhost, wafw00f, web_report | gowitness, httpx | +| URL_HINT | 1 | 1 | ffuf_shortnames | iis_shortnames | +| URL_UNVERIFIED | 6 | 17 | code_repository, filedownload, httpx, oauth, social, speculate | azure_realm, bevigil, bucket_file_enum, dnsbimi, dnscaa, dockerhub, excavate, ffuf, ffuf_shortnames, github_codesearch, gowitness, hunterio, robots, securitytxt, urlscan, wayback, wpscan | +| USERNAME | 1 | 2 | speculate | credshed, dehashed | +| VHOST | 1 | 1 | web_report | vhost | +| VULNERABILITY | 2 | 13 | asset_inventory, web_report | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, dastardly, dotnetnuke, generic_ssrf, internetdb, nuclei, telerik, trufflehog, wpscan | +| WAF | 1 | 1 | asset_inventory | wafw00f | +| WEBSCREENSHOT | 0 | 1 | | gowitness | +| WEB_PARAMETER | 4 | 4 | hunt, paramminer_cookies, paramminer_getparams, paramminer_headers | excavate, paramminer_cookies, paramminer_getparams, paramminer_headers | ## Findings Vs. Vulnerabilities diff --git a/docs/scanning/index.md b/docs/scanning/index.md index 5cc2b837a..a7359730a 100644 --- a/docs/scanning/index.md +++ b/docs/scanning/index.md @@ -107,30 +107,30 @@ A single module can have multiple flags. For example, the `securitytrails` modul ### List of Flags -| Flag | # Modules | Description | Modules | -|------------------|-------------|----------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| safe | 90 | Non-intrusive, safe to run | affiliates, aggregate, ajaxpro, anubisdb, apkpure, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crt, dehashed, digitorus, dnscaa, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, extractous, filedownload, fingerprintx, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, gowitness, hackertarget, httpx, hunt, hunterio, iis_shortnames, internetdb, ip2location, ipstack, jadx, leakix, myssl, newsletters, ntlm, oauth, otx, passivetotal, pgp, portscan, postman, postman_download, rapiddns, robots, secretsdb, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, subdomainradar, trickest, trufflehog, urlscan, viewdns, virustotal, wappalyzer, wayback, zoomeye | -| passive | 65 | Never connects to target systems | affiliates, aggregate, anubisdb, apkpure, asn, azure_realm, azure_tenant, bevigil, binaryedge, bucket_file_enum, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crt, dehashed, digitorus, dnscaa, dnsdumpster, docker_pull, dockerhub, emailformat, excavate, extractous, fullhunt, git_clone, github_codesearch, github_org, github_workflows, google_playstore, hackertarget, hunterio, internetdb, ip2location, ipneighbor, ipstack, jadx, leakix, myssl, otx, passivetotal, pgp, postman, postman_download, rapiddns, securitytrails, shodan_dns, sitedossier, skymem, social, speculate, subdomaincenter, subdomainradar, trickest, trufflehog, urlscan, viewdns, virustotal, wayback, zoomeye | -| subdomain-enum | 51 | Enumerates subdomains | anubisdb, asn, azure_realm, azure_tenant, baddns_direct, baddns_zone, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, sslcert, subdomaincenter, subdomainradar, subdomains, trickest, urlscan, virustotal, wayback, zoomeye | -| active | 47 | Makes active connections to target systems | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dnsbrute, dnsbrute_mutations, dnscommonsrv, dotnetnuke, ffuf, ffuf_shortnames, filedownload, fingerprintx, generic_ssrf, git, gitlab, gowitness, host_header, httpx, hunt, iis_shortnames, newsletters, ntlm, nuclei, oauth, paramminer_cookies, paramminer_getparams, paramminer_headers, portscan, robots, secretsdb, securitytxt, smuggler, sslcert, telerik, url_manipulation, vhost, wafw00f, wappalyzer, wpscan | -| aggressive | 20 | Generates a large amount of network traffic | bypass403, dastardly, dnsbrute, dnsbrute_mutations, dotnetnuke, ffuf, ffuf_shortnames, generic_ssrf, host_header, ipneighbor, nuclei, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, telerik, url_manipulation, vhost, wafw00f, wpscan | -| web-basic | 18 | Basic, non-intrusive web scan functionality | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, sslcert, wappalyzer | -| cloud-enum | 14 | Enumerates cloud resources | azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, httpx, oauth, securitytxt | -| code-enum | 14 | Find public code repositories and search them for secrets etc. | apkpure, code_repository, docker_pull, dockerhub, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, postman, postman_download, trufflehog | -| web-thorough | 12 | More advanced web scanning functionality | ajaxpro, bucket_digitalocean, bypass403, dastardly, dotnetnuke, ffuf_shortnames, generic_ssrf, host_header, hunt, smuggler, telerik, url_manipulation | -| slow | 11 | May take a long time to complete | bucket_digitalocean, dastardly, dnsbrute_mutations, docker_pull, fingerprintx, git_clone, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, vhost | -| affiliates | 9 | Discovers affiliated hostnames/domains | affiliates, azure_realm, azure_tenant, builtwith, oauth, sslcert, trickest, viewdns, zoomeye | -| email-enum | 8 | Enumerates email addresses | dehashed, dnscaa, emailformat, emails, hunterio, pgp, skymem, sslcert | -| deadly | 4 | Highly aggressive | dastardly, ffuf, nuclei, vhost | -| baddns | 3 | Runs all modules from the DNS auditing tool BadDNS | baddns, baddns_direct, baddns_zone | -| web-paramminer | 3 | Discovers HTTP parameters through brute-force | paramminer_cookies, paramminer_getparams, paramminer_headers | -| iis-shortnames | 2 | Scans for IIS Shortname vulnerability | ffuf_shortnames, iis_shortnames | -| portscan | 2 | Discovers open ports | internetdb, portscan | -| report | 2 | Generates a report at the end of the scan | affiliates, asn | -| social-enum | 2 | Enumerates social media | httpx, social | -| service-enum | 1 | Identifies protocols running on open ports | fingerprintx | -| subdomain-hijack | 1 | Detects hijackable subdomains | baddns | -| web-screenshots | 1 | Takes screenshots of web pages | gowitness | +| Flag | # Modules | Description | Modules | +|------------------|-------------|----------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| safe | 91 | Non-intrusive, safe to run | affiliates, aggregate, ajaxpro, anubisdb, apkpure, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crt, dehashed, digitorus, dnsbimi, dnscaa, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, extractous, filedownload, fingerprintx, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, gowitness, hackertarget, httpx, hunt, hunterio, iis_shortnames, internetdb, ip2location, ipstack, jadx, leakix, myssl, newsletters, ntlm, oauth, otx, passivetotal, pgp, portscan, postman, postman_download, rapiddns, robots, secretsdb, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, subdomainradar, trickest, trufflehog, urlscan, viewdns, virustotal, wappalyzer, wayback, zoomeye | +| passive | 66 | Never connects to target systems | affiliates, aggregate, anubisdb, apkpure, asn, azure_realm, azure_tenant, bevigil, binaryedge, bucket_file_enum, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, credshed, crt, dehashed, digitorus, dnsbimi, dnscaa, dnsdumpster, docker_pull, dockerhub, emailformat, excavate, extractous, fullhunt, git_clone, github_codesearch, github_org, github_workflows, google_playstore, hackertarget, hunterio, internetdb, ip2location, ipneighbor, ipstack, jadx, leakix, myssl, otx, passivetotal, pgp, postman, postman_download, rapiddns, securitytrails, shodan_dns, sitedossier, skymem, social, speculate, subdomaincenter, subdomainradar, trickest, trufflehog, urlscan, viewdns, virustotal, wayback, zoomeye | +| subdomain-enum | 52 | Enumerates subdomains | anubisdb, asn, azure_realm, azure_tenant, baddns_direct, baddns_zone, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, sslcert, subdomaincenter, subdomainradar, subdomains, trickest, urlscan, virustotal, wayback, zoomeye | +| active | 47 | Makes active connections to target systems | ajaxpro, baddns, baddns_direct, baddns_zone, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dnsbrute, dnsbrute_mutations, dnscommonsrv, dotnetnuke, ffuf, ffuf_shortnames, filedownload, fingerprintx, generic_ssrf, git, gitlab, gowitness, host_header, httpx, hunt, iis_shortnames, newsletters, ntlm, nuclei, oauth, paramminer_cookies, paramminer_getparams, paramminer_headers, portscan, robots, secretsdb, securitytxt, smuggler, sslcert, telerik, url_manipulation, vhost, wafw00f, wappalyzer, wpscan | +| aggressive | 20 | Generates a large amount of network traffic | bypass403, dastardly, dnsbrute, dnsbrute_mutations, dotnetnuke, ffuf, ffuf_shortnames, generic_ssrf, host_header, ipneighbor, nuclei, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, telerik, url_manipulation, vhost, wafw00f, wpscan | +| web-basic | 18 | Basic, non-intrusive web scan functionality | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, sslcert, wappalyzer | +| cloud-enum | 15 | Enumerates cloud resources | azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, dnsbimi, httpx, oauth, securitytxt | +| code-enum | 14 | Find public code repositories and search them for secrets etc. | apkpure, code_repository, docker_pull, dockerhub, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, postman, postman_download, trufflehog | +| web-thorough | 12 | More advanced web scanning functionality | ajaxpro, bucket_digitalocean, bypass403, dastardly, dotnetnuke, ffuf_shortnames, generic_ssrf, host_header, hunt, smuggler, telerik, url_manipulation | +| slow | 11 | May take a long time to complete | bucket_digitalocean, dastardly, dnsbrute_mutations, docker_pull, fingerprintx, git_clone, paramminer_cookies, paramminer_getparams, paramminer_headers, smuggler, vhost | +| affiliates | 9 | Discovers affiliated hostnames/domains | affiliates, azure_realm, azure_tenant, builtwith, oauth, sslcert, trickest, viewdns, zoomeye | +| email-enum | 8 | Enumerates email addresses | dehashed, dnscaa, emailformat, emails, hunterio, pgp, skymem, sslcert | +| deadly | 4 | Highly aggressive | dastardly, ffuf, nuclei, vhost | +| baddns | 3 | Runs all modules from the DNS auditing tool BadDNS | baddns, baddns_direct, baddns_zone | +| web-paramminer | 3 | Discovers HTTP parameters through brute-force | paramminer_cookies, paramminer_getparams, paramminer_headers | +| iis-shortnames | 2 | Scans for IIS Shortname vulnerability | ffuf_shortnames, iis_shortnames | +| portscan | 2 | Discovers open ports | internetdb, portscan | +| report | 2 | Generates a report at the end of the scan | affiliates, asn | +| social-enum | 2 | Enumerates social media | httpx, social | +| service-enum | 1 | Identifies protocols running on open ports | fingerprintx | +| subdomain-hijack | 1 | Detects hijackable subdomains | baddns | +| web-screenshots | 1 | Takes screenshots of web pages | gowitness | ## Dependencies diff --git a/docs/scanning/presets_list.md b/docs/scanning/presets_list.md index 7bc60fe4c..bc06e5be0 100644 --- a/docs/scanning/presets_list.md +++ b/docs/scanning/presets_list.md @@ -42,7 +42,7 @@ Enumerate cloud resources such as storage buckets, etc. -Modules: [58]("`anubisdb`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `baddns`, `bevigil`, `binaryedge`, `bucket_amazon`, `bucket_azure`, `bucket_digitalocean`, `bucket_file_enum`, `bucket_firebase`, `bucket_google`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `columbus`, `crt`, `digitorus`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `fullhunt`, `github_codesearch`, `github_org`, `hackertarget`, `httpx`, `hunterio`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `oauth`, `otx`, `passivetotal`, `postman_download`, `postman`, `rapiddns`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `urlscan`, `virustotal`, `wayback`, `zoomeye`") +Modules: [59]("`anubisdb`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `baddns`, `bevigil`, `binaryedge`, `bucket_amazon`, `bucket_azure`, `bucket_digitalocean`, `bucket_file_enum`, `bucket_firebase`, `bucket_google`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `columbus`, `crt`, `digitorus`, `dnsbimi`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `fullhunt`, `github_codesearch`, `github_org`, `hackertarget`, `httpx`, `hunterio`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `oauth`, `otx`, `passivetotal`, `postman_download`, `postman`, `rapiddns`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `urlscan`, `virustotal`, `wayback`, `zoomeye`") ## **code-enum** @@ -241,7 +241,7 @@ Everything everywhere all at once -Modules: [85]("`anubisdb`, `apkpure`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `baddns`, `badsecrets`, `bevigil`, `binaryedge`, `bucket_amazon`, `bucket_azure`, `bucket_digitalocean`, `bucket_file_enum`, `bucket_firebase`, `bucket_google`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `code_repository`, `columbus`, `crt`, `dehashed`, `digitorus`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `docker_pull`, `dockerhub`, `emailformat`, `ffuf_shortnames`, `ffuf`, `filedownload`, `fullhunt`, `git_clone`, `git`, `github_codesearch`, `github_org`, `github_workflows`, `gitlab`, `google_playstore`, `gowitness`, `hackertarget`, `httpx`, `hunterio`, `iis_shortnames`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `ntlm`, `oauth`, `otx`, `paramminer_cookies`, `paramminer_getparams`, `paramminer_headers`, `passivetotal`, `pgp`, `postman_download`, `postman`, `rapiddns`, `robots`, `secretsdb`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `skymem`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `trufflehog`, `urlscan`, `virustotal`, `wappalyzer`, `wayback`, `zoomeye`") +Modules: [86]("`anubisdb`, `apkpure`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `baddns`, `badsecrets`, `bevigil`, `binaryedge`, `bucket_amazon`, `bucket_azure`, `bucket_digitalocean`, `bucket_file_enum`, `bucket_firebase`, `bucket_google`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `code_repository`, `columbus`, `crt`, `dehashed`, `digitorus`, `dnsbimi`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `docker_pull`, `dockerhub`, `emailformat`, `ffuf_shortnames`, `ffuf`, `filedownload`, `fullhunt`, `git_clone`, `git`, `github_codesearch`, `github_org`, `github_workflows`, `gitlab`, `google_playstore`, `gowitness`, `hackertarget`, `httpx`, `hunterio`, `iis_shortnames`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `ntlm`, `oauth`, `otx`, `paramminer_cookies`, `paramminer_getparams`, `paramminer_headers`, `passivetotal`, `pgp`, `postman_download`, `postman`, `rapiddns`, `robots`, `secretsdb`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `skymem`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `trufflehog`, `urlscan`, `virustotal`, `wappalyzer`, `wayback`, `zoomeye`") ## **paramminer** @@ -324,7 +324,7 @@ Enumerate subdomains via APIs, brute-force -Modules: [51]("`anubisdb`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `bevigil`, `binaryedge`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `columbus`, `crt`, `digitorus`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `fullhunt`, `github_codesearch`, `github_org`, `hackertarget`, `httpx`, `hunterio`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `oauth`, `otx`, `passivetotal`, `postman_download`, `postman`, `rapiddns`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `urlscan`, `virustotal`, `wayback`, `zoomeye`") +Modules: [52]("`anubisdb`, `asn`, `azure_realm`, `azure_tenant`, `baddns_direct`, `baddns_zone`, `bevigil`, `binaryedge`, `bufferoverrun`, `builtwith`, `c99`, `censys`, `certspotter`, `chaos`, `columbus`, `crt`, `digitorus`, `dnsbimi`, `dnsbrute_mutations`, `dnsbrute`, `dnscaa`, `dnscommonsrv`, `dnsdumpster`, `fullhunt`, `github_codesearch`, `github_org`, `hackertarget`, `httpx`, `hunterio`, `internetdb`, `ipneighbor`, `leakix`, `myssl`, `oauth`, `otx`, `passivetotal`, `postman_download`, `postman`, `rapiddns`, `securitytrails`, `securitytxt`, `shodan_dns`, `sitedossier`, `social`, `sslcert`, `subdomaincenter`, `subdomainradar`, `trickest`, `urlscan`, `virustotal`, `wayback`, `zoomeye`") ## **web-basic** @@ -397,21 +397,21 @@ Modules: [30]("`ajaxpro`, `azure_realm`, `baddns`, `badsecrets`, `bucket_amazon` Here is a the same data, but in a table: -| Preset | Category | Description | # Modules | Modules | -|-----------------|------------|--------------------------------------------------------------------------|-------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| baddns-thorough | | Run all baddns modules and submodules. | 4 | baddns, baddns_direct, baddns_zone, httpx | -| cloud-enum | | Enumerate cloud resources such as storage buckets, etc. | 58 | anubisdb, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, virustotal, wayback, zoomeye | -| code-enum | | Enumerate Git repositories, Docker images, etc. | 16 | apkpure, code_repository, docker_pull, dockerhub, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, httpx, postman, postman_download, social, trufflehog | -| dirbust-heavy | web | Recursive web directory brute-force (aggressive) | 5 | ffuf, ffuf_shortnames, httpx, iis_shortnames, wayback | -| dirbust-light | web | Basic web directory brute-force (surface-level directories only) | 4 | ffuf, ffuf_shortnames, httpx, iis_shortnames | -| dotnet-audit | web | Comprehensive scan for all IIS/.NET specific modules and module settings | 8 | ajaxpro, badsecrets, dotnetnuke, ffuf, ffuf_shortnames, httpx, iis_shortnames, telerik | -| email-enum | | Enumerate email addresses from APIs, web crawling, etc. | 7 | dehashed, dnscaa, emailformat, hunterio, pgp, skymem, sslcert | -| iis-shortnames | web | Recursively enumerate IIS shortnames | 3 | ffuf_shortnames, httpx, iis_shortnames | -| kitchen-sink | | Everything everywhere all at once | 85 | anubisdb, apkpure, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, crt, dehashed, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, ffuf, ffuf_shortnames, filedownload, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, gowitness, hackertarget, httpx, hunterio, iis_shortnames, internetdb, ipneighbor, leakix, myssl, ntlm, oauth, otx, paramminer_cookies, paramminer_getparams, paramminer_headers, passivetotal, pgp, postman, postman_download, rapiddns, robots, secretsdb, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, subdomainradar, trickest, trufflehog, urlscan, virustotal, wappalyzer, wayback, zoomeye | -| paramminer | web | Discover new web parameters via brute-force | 4 | httpx, paramminer_cookies, paramminer_getparams, paramminer_headers | -| spider | | Recursive web spider | 1 | httpx | -| subdomain-enum | | Enumerate subdomains via APIs, brute-force | 51 | anubisdb, asn, azure_realm, azure_tenant, baddns_direct, baddns_zone, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, virustotal, wayback, zoomeye | -| web-basic | | Quick web scan | 19 | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, ffuf_shortnames, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, sslcert, wappalyzer | -| web-screenshots | | Take screenshots of webpages | 3 | gowitness, httpx, social | -| web-thorough | | Aggressive web scan | 30 | ajaxpro, azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dotnetnuke, ffuf_shortnames, filedownload, generic_ssrf, git, host_header, httpx, hunt, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, smuggler, sslcert, telerik, url_manipulation, wappalyzer | +| Preset | Category | Description | # Modules | Modules | +|-----------------|------------|--------------------------------------------------------------------------|-------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| baddns-thorough | | Run all baddns modules and submodules. | 4 | baddns, baddns_direct, baddns_zone, httpx | +| cloud-enum | | Enumerate cloud resources such as storage buckets, etc. | 59 | anubisdb, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, virustotal, wayback, zoomeye | +| code-enum | | Enumerate Git repositories, Docker images, etc. | 16 | apkpure, code_repository, docker_pull, dockerhub, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, httpx, postman, postman_download, social, trufflehog | +| dirbust-heavy | web | Recursive web directory brute-force (aggressive) | 5 | ffuf, ffuf_shortnames, httpx, iis_shortnames, wayback | +| dirbust-light | web | Basic web directory brute-force (surface-level directories only) | 4 | ffuf, ffuf_shortnames, httpx, iis_shortnames | +| dotnet-audit | web | Comprehensive scan for all IIS/.NET specific modules and module settings | 8 | ajaxpro, badsecrets, dotnetnuke, ffuf, ffuf_shortnames, httpx, iis_shortnames, telerik | +| email-enum | | Enumerate email addresses from APIs, web crawling, etc. | 7 | dehashed, dnscaa, emailformat, hunterio, pgp, skymem, sslcert | +| iis-shortnames | web | Recursively enumerate IIS shortnames | 3 | ffuf_shortnames, httpx, iis_shortnames | +| kitchen-sink | | Everything everywhere all at once | 86 | anubisdb, apkpure, asn, azure_realm, azure_tenant, baddns, baddns_direct, baddns_zone, badsecrets, bevigil, binaryedge, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_file_enum, bucket_firebase, bucket_google, bufferoverrun, builtwith, c99, censys, certspotter, chaos, code_repository, columbus, crt, dehashed, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, docker_pull, dockerhub, emailformat, ffuf, ffuf_shortnames, filedownload, fullhunt, git, git_clone, github_codesearch, github_org, github_workflows, gitlab, google_playstore, gowitness, hackertarget, httpx, hunterio, iis_shortnames, internetdb, ipneighbor, leakix, myssl, ntlm, oauth, otx, paramminer_cookies, paramminer_getparams, paramminer_headers, passivetotal, pgp, postman, postman_download, rapiddns, robots, secretsdb, securitytrails, securitytxt, shodan_dns, sitedossier, skymem, social, sslcert, subdomaincenter, subdomainradar, trickest, trufflehog, urlscan, virustotal, wappalyzer, wayback, zoomeye | +| paramminer | web | Discover new web parameters via brute-force | 4 | httpx, paramminer_cookies, paramminer_getparams, paramminer_headers | +| spider | | Recursive web spider | 1 | httpx | +| subdomain-enum | | Enumerate subdomains via APIs, brute-force | 52 | anubisdb, asn, azure_realm, azure_tenant, baddns_direct, baddns_zone, bevigil, binaryedge, bufferoverrun, builtwith, c99, censys, certspotter, chaos, columbus, crt, digitorus, dnsbimi, dnsbrute, dnsbrute_mutations, dnscaa, dnscommonsrv, dnsdumpster, fullhunt, github_codesearch, github_org, hackertarget, httpx, hunterio, internetdb, ipneighbor, leakix, myssl, oauth, otx, passivetotal, postman, postman_download, rapiddns, securitytrails, securitytxt, shodan_dns, sitedossier, social, sslcert, subdomaincenter, subdomainradar, trickest, urlscan, virustotal, wayback, zoomeye | +| web-basic | | Quick web scan | 19 | azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_firebase, bucket_google, ffuf_shortnames, filedownload, git, httpx, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, sslcert, wappalyzer | +| web-screenshots | | Take screenshots of webpages | 3 | gowitness, httpx, social | +| web-thorough | | Aggressive web scan | 30 | ajaxpro, azure_realm, baddns, badsecrets, bucket_amazon, bucket_azure, bucket_digitalocean, bucket_firebase, bucket_google, bypass403, dastardly, dotnetnuke, ffuf_shortnames, filedownload, generic_ssrf, git, host_header, httpx, hunt, iis_shortnames, ntlm, oauth, robots, secretsdb, securitytxt, smuggler, sslcert, telerik, url_manipulation, wappalyzer |