GAU stands for Get All URL. This tool is used by Penetration Testers and Bug Bounty Hunters to crawl through the URL. This tool helps researchers to find all possible conditioned reconnaissance for better finding the vulnerable point inside the scope. This is a free and open-source tool available on GitHub. This is a command-line tool and even has the capability to save the output to the text file. This tool helps to get subdomains of all HTTPS as well as HTTP websites.
You can check the official GitHub repository for more information - https://github.com/lc/gau.
Installation
Gau tool is written in go language. Therefore, you must have
go language installed into your Kali Linux in order to use this
tool.
- Start Terminal and enter the following command to install GAU - go install github.com/lc/gau/v2/cmd/gau@latest.
Installation of the tool |
Usage
This tool is very easy to use. Type gau and the
URL for the domain. For the sake of the tutorial, we will be
using testphp.vulnweb.com.
Usage of the tool |
Important flags you should know
Flag | Description | Example |
---|---|---|
--blacklist | list of extensions to skip | gau --blacklist ttf,woff,svg,png |
--fc | list of status codes to filter | gau --fc 404,302 |
--json | output as json | gau --json |
--mc | list of status codes to match | gau --mc 200,500 |
--o | filename to write results to | gau --o out.txt |
--subs | include subdomains of target domain | gau example.com --subs |
--threads | number of workers to spawn | gau example.com --threads |
--verbose | show verbose output | gau --verbose example.com |
This tool is very helpful for Bug Hunters to easily crawl the URL and save
everything in an output file. That can be used with other tools to further
automate the process and find vulnerabilities.
We hope this helps. If any suggestions or doubts you can add a comment and we
will reply as soon as possible.
No comments:
Post a Comment