getallurls (gau) - Tool For Discovering URL

GAU stands for Get All URL. This tool is used by Penetration Testers and Bug Bounty Hunters to crawl through the URL. This tool helps researchers to find all possible conditioned reconnaissance for better finding the vulnerable point inside the scope. This is a free and open-source tool available on GitHub. This is a command-line tool and even has the capability to save the output to the text file. This tool helps to get subdomains of all HTTPS as well as HTTP websites.


You can check the official GitHub repository for more information - https://github.com/lc/gau.

Installation

Gau tool is written in go language. Therefore, you must have go language installed into your Kali Linux in order to use this tool. 
  • Start Terminal and enter the following command to install GAU - go install github.com/lc/gau/v2/cmd/gau@latest.
Installation of the tool
Once the installation is finished. We need to put gau at /usr/bin for using the tool directly.

Usage

This tool is very easy to use. Type gau and the URL for the domain. For the sake of the tutorial, we will be using testphp.vulnweb.com.

Usage of the tool

Important flags you should know

Flag Description Example
--blacklist list of extensions to skip gau --blacklist ttf,woff,svg,png
--fc list of status codes to filter gau --fc 404,302
--json output as json gau --json
--mc list of status codes to match gau --mc 200,500
--o filename to write results to gau --o out.txt
--subs include subdomains of target domain gau example.com --subs
--threads number of workers to spawn gau example.com --threads
--verbose show verbose output gau --verbose example.com

This tool is very helpful for Bug Hunters to easily crawl the URL and save everything in an output file. That can be used with other tools to further automate the process and find vulnerabilities.

We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment