cybervie logo

Garud – Sub-domain Scanner, Sub-domain Takeover With XSS, SSRF, SSTI

In this article we are going to talk about Garud a tool to scan sub-domains and also check for sub-domain takeover with XSS, SSRF, SSTI, etc

In Web application penetration testing scanning for sub-domains is one of the crucial parts. Sub-domains can give hackers and bug bounty hunters lots of bugs to exploit if they are scanned thoroughly. But there are lots of sub-domains of one domain and it can’t be checked manually.

To tackle this problem many hackers and penetration tester use automated tools to do this. Today we are going to talk about one of the tools which can be used to scan the sub-domains and also checks for possible sub-domain takeover.

The name of the tool is Garud by R0X4R.

What is “Garud”?

Garud is a collection of tools like Assetfinder, get-titles, httprobe, subjack, subzy, sublister, etc. All combined in one single tool.

The script first enumerates all the subdomains of the given target domain using assetfinder and sublister then filters all live domains from the whole subdomain list then extracts titles of the subdomains using get-title then it scans for subdomain takeover using subjack and subzy. Then it uses gau to extract parameters of the given subdomains then it uses gf patterns to filters XSS, ssti, ssrf, SQL params from that given subdomains, and then it scans for low hanging fruits as well. Then it’ll save all the output in a text file like target-xss.txt.

How to install Garud?

As Garud requires Go and Python as a prerequisite and root access, it can be installed in any device like Linux, Termux(if root).

System requirements: Recommended to run on vps with 1VCPU and 2GB ram.

Installation – Make sure you’re root before installing the tool

Linux(recommended)

Clone the repository 

git clone https://github.com/R0X4R/Garud.git

Change Directory to Garud

cd Garud/

Changing the access persmissions

chmod +x garud install.sh

Moving garud to usr/bin

mv garud /usr/bin/

Installing the tool

./install.sh

Termux

If you have rooted android you can install this tool into you phone in termux by following the exactly same steps as Linux.

Usage

█▀▀ ▄▀█ █▀█ █░█ █▀▄
█▄█ █▀█ █▀▄ █▄█ █▄▀

coded by R0X4R with <3

Usage: -d       target you want to scan (target.com)
Usage: -f       output directory where you want to save file (~/target-output/)
Usage: -x       Exclude out of scope domains (~/out-domains.txt)
garud -d target.com -f target-output

Official GIF below

Garud official GIF

Warning: This code was originally created for personal use, it generates a substantial amount of traffic, please use it with caution.

check for more tool and hacking content on out blog page

Share the Post...
WhatsApp

About Cybervie

Cybervie provides best cyber security training program in hyderabad, India.This cyber security course enables you to detect vulnerablities of a system, wardoff attacks and manage emergency situations. Taking a proactive approach to security that can help organisations to protect their data, Cybervie has designed its training module based on the cyber security industry requirements with three levels of training in both offensive and defensive manner, and use real time scenarios which can help our students to understand the market up-to its standard certification which is an add on advantage for our students to stand out of competition in an cyber security interview.

More Info – Click Here

Facebook-f Twitter Instagram Whatsapp Youtube Linkedin

Recent Posts

Follow Us on Youtube

CSEP : Certified Security Engineer Professional

Certified Security Engineer Professional (CSEP) certification is a comprehensive program designed for individuals aspiring to become cybersecurity engineers. It equips candidates with hands-on knowledge across various in-demand cybersecurity domains, ensuring they are well-prepared for current and future industry needs.

Organizations today seek candidates with a diverse set of skills beyond just one tool or area of expertise. The CSEP certification addresses this need by providing essential hands-on experience, making you proficient in multiple cybersecurity domains.

The program includes live classes featuring practical exercises, followed by a real-time project that offers valuable industrial knowledge.

Domains covered in the CSEP certification:

  • Cybersecurity Essentials
  • Penetration Testing
  • Application Security
  • Security Operations
  • AI in Cybersecurity
  • Multi-Cloud Security
  • Threat Intelligence

 

This certification is ideal for those looking to secure a role as a cybersecurity engineer and want to gain a competitive edge in the cybersecurity field.

For Further kindly feel free to fill out the profile form  for relevant information on our counselor will get in touch with you

Visit Program

Sign up for our Newsletter

Interested in Cyber Security Training Program 2024 – Click Here

Subscribe to Cybervie Weekly Insights

Get in Touch! Now.

Academy

Service

Company

Contact Us

Office Address

  • Hyderabad India - 91springboard, LVS Arcade, Jubilee Enclave, Hitech City, Hyderabad 500081.
  • Sydney Australia - Cybervie 2/4 eastbourne road homebush west NSW 2140 Australia.
  • US - Cybervie 14621 Juventus St Charlotte, North Carolina 28277-4117 United States.
Facebook-f Twitter Instagram Whatsapp Youtube Linkedin

© 2024 Ionots Technologies Pvt.Ltd | All Rights Reserved.

© 2024 Ionots Technologies Pvt.Ltd | All Rights Reserved. |  Created By Mohit Goyal

© 2024 Ionots Technologies Pvt. Ltd. | Website Design and Development By Inspired Monks
Open chat
1
Hello 👋
How can we help you?