webcopilot
v2.0-beta
الميزات • التثبيت • الاستخدام • WebCopilot • الأدوات المستخدمة • شكر وتقدير
WebCopilot هي أداة أتمتة مصممة لتعداد النطاقات الفرعية للهدف واكتشاف الأخطاء باستخدام أدوات مختلفة مفتوحة المصدر.
يقوم البرنامج النصي أولاً بتعداد جميع النطاقات الفرعية للنطاق المستهدف المحدد باستخدام assetfinder وsublister وsubfinder وamass وfindomain وhackertarget وriddler وcrt ثم قم بإجراء تعداد النطاق الفرعي النشط باستخدام gobuster من قائمة كلمات SecLists ثم يقوم بتصفية جميع النطاقات الفرعية المباشرة باستخدام dnsx ثم يقوم باستخراجها عناوين النطاقات الفرعية باستخدام httpx والمسح الضوئي للاستيلاء على النطاق الفرعي باستخدام subjack. ثم يستخدم gau/gauplus أو waybackurls أو waymore للزحف إلى جميع نقاط النهاية للنطاقات الفرعية المحددة ثم يستخدم أنماط gf لتصفية xss وlfi وssrf وsqli ومعلمات إعادة التوجيه المفتوحة وrce من تلك النطاقات الفرعية المحددة، ثم يقوم بالمسح لنقاط الضعف في النطاقات الفرعية باستخدام أدوات مختلفة مفتوحة المصدر (مثل kxss، وdalfox، وopenredirex، وnuclei، وما إلى ذلك). ثم سيقوم بطباعة نتيجة الفحص وحفظ جميع المخرجات في دليل محدد.
g ! 2m0: ~ webcopilot -h ──────▄▀▄─────▄▀▄
─────▄█░░▀▀▀▀▀░░█▄
─▄▄──█░░░░░░░░░░░█──▄▄
█▄▄█─█░░▀░░┬░░▀░░█─█▄▄█
██╗░░░░░░░██╗███████╗██████╗░░█████╗░░█████╗░██████╗░██╗██╗░░░░░░█████╗░████████╗
░██║░░██╗░░██║██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔══██╗██║██║░░░░░██╔══██╗╚══██╔══╝
░╚██╗████╗██╔╝█████╗░░██████╦╝██║░░╚═╝██║░░██║██████╔╝██║██║░░░░░██║░░██║░░░██║░░░
░░████╔═████║░██╔══╝░░██╔══██╗██║░░██╗██║░░██║██╔═══╝░██║██║░░░░░██║░░██║░░░██║░░░
░░╚██╔╝░╚██╔╝░███████╗██████╦╝╚█████╔╝╚█████╔╝██║░░░░░██║███████╗╚█████╔╝░░░██║░░░
░░░╚═╝░░░╚═╝░░╚══════╝╚═════╝░░╚════╝░░╚════╝░╚═╝░░░░░╚═╝╚══════╝░╚════╝░░░░╚═╝░░░
[ ● ] Version: 2.0 .0
[ ● ] @ h4r5h1t | G ! 2 m0
[ ] Warning: Use with caution . You are responsible for your own actions .
[ ] Developers assume no liability and are not responsible for any misuse or damage cause by this tool .
Usage :
webcopilot - d < target >
webcopilot - d < target > - a
webcopilot [ - d target ] [ - o output destination ] [ - t threads ] [ - b blind server URL ] [ - x exclude domains ] [ - f subdomains file ] [ - a ] [ - v ] [ - h ]
Flags :
- d Add your target [ Optional ]
- o To save outputs in folder [ Default : webcopilot - < timestamp > ]
-t Number of threads [Default: 100]
-b Add your server for BXSS [Default: False]
-x Exclude out of scope domains [Default: False]
-f Specify a file containing subdomains, this will skip subdomain enumeration [Optional]
-a Run all Enumeration by default it will run only subdomain enumeration [Default: False][Time Consuming]
-v Show version of the tool
-h Show this help message
Example:./webcopilot -d domain.com -a -o domain -t 333 -x exclude.txt -b testServer.oast.fun
You can use https://app.interactsh.com/ to get your serverيتطلب WebCopilot تثبيت git بنجاح. قم بتشغيل الأمر التالي كجذر لتثبيت webcopilot
git clone https://github.com/h4r5h1t/webcopilot && cd webcopilot/ && chmod +x webcopilot install.sh && mv webcopilot /usr/bin/ && ./install.sh [ * ] Installing Tools
[ * ] Creating Directories
[ * ] Installing Dependencies and Checking is Installed or Not
[ * ] git is already installed
[ * ] python3 is already installed
[ * ] python3 - pip is already installed
[ * ] ruby is already installed
[ * ] golang - go is already installed
[ * ] snapd could not be found [ * ] Installing snapd
[ * ] snapd is not installed successfully , Please install it manually
[ * ] cmake is already installed
[ * ] jq is already installed
[ * ] gobuster is already installed
[ * ] chromium is already installed
[ * ] parallel is already installed
[ * ] Installing Python Tools
[ * ] Sublist3r could not be found [ * ] Installing Sublist3r
[ * ] Sublist3r is installed successfully
[ * ] sqlmap is already installed
[ * ] urldedupe is already installed
[ * ] openredirex is already installed
[ * ] waymore is already installed
[ * ] findomain is already installed
[ * ] uro is already installed
[ * ] Installing Wordlists and Payloads
[ * ] Skipping payloads / lfi . txt , already exists .
[ * ] Skipping resolvers . txt , already exists .
[ * ] Skipping subdomains . txt , already exists .
[ * ] Skipping fuzz . txt , already exists .
[ * ] Skipping dicc . txt , already exists .
[ * ] Skipping big . txt , already exists .
[ * ] Skipping dns . txt , already exists .
[ * ] Installing Go Tools
[ * ] anew is already installed
[ * ] gf is already installed
[ * ] aquatone could not be found [ * ] Installing aquatone
[ * ] aquatone is not installed successfully , Please install it manually
[ * ] assetfinder is already installed
[ * ] gau is already installed
[ * ] waybackurls is already installed
[ * ] httpx could not be found [ * ] Installing httpx
[ * ] httpx is not installed successfully , Please install it manually
[ * ] amass could not be found [ * ] Installing amass
[ * ] amass is not installed successfully , Please install it manually
[ * ] kxss is already installed
[ * ] subjack is already installed
[ * ] qsreplace is already installed
[ * ] dnsx could not be found [ * ] Installing dnsx
[ * ] dnsx is not installed successfully , Please install it manually
[ * ] dalfox is already installed
[ * ] crlfuzz is already installed
[ * ] nuclei could not be found [ * ] Installing nuclei
[ * ] nuclei is not installed successfully , Please install it manually
[ * ] subfinder could not be found [ * ] Installing subfinder
[ * ] subfinder is not installed successfully , Please install it manually
[ * ] Configuring Tools and Setting Up Environment
[ * ] All Tools are installed successfullySubFinder • Sublist3r • Findomain • gf • OpenRedireX • dnsx • sqlmap • gobuster • الأصول • httpx • kxss • qsreplace • Nuclei • dalfox • anew • jq • aquatone • urldedupe • Amass • gauplus • waybackurls • crlfuzz • gau • waymore • SUBLIST3R_V2. 0 • اليورو
لتشغيل الأداة على هدف، ما عليك سوى استخدام الأمر التالي.
g ! 2m0: ~ webcopilot -d example.com يمكن استخدام الأمر -o لتحديد مسار الإخراج.
g ! 2m0: ~ webcopilot -d example.com -o example يمكن استخدام الأمر -a لتشغيل كافة التعدادات (تعداد النطاق الفرعي + فحص الثغرات الأمنية).
g ! 2m0: ~ webcopilot -d example.com -o example -a يمكن استخدام الأمر -t لإضافة سلاسل رسائل إلى الفحص الخاص بك للحصول على نتيجة أسرع.
g ! 2m0: ~ webcopilot -d example.com -o example -t 333 يمكن استخدام الأمر -b لـ xss (OOB) الأعمى، ويمكنك الحصول على الخادم الخاص بك من التفاعل
g ! 2m0: ~ webcopilot -d example.com -o example -t 333 -b eeuyhzfnsezrraragtd70ex5oc2hsw.oast.fun يمكن استخدام الأمر -x لاستبعاد المجالات خارج النطاق.
g ! 2m0: ~ echo out.example.com > excludeDomain.txt
g ! 2m0: ~ webcopilot -d example.com -o example -t 333 -x excludeDomain.txt -b eeuyhzfnsezrraragtd70ex5oc2hsw.oast.fun يمكن استخدام الأمر -f لتمرير ملف يحتوي على نطاقات فرعية (باستخدام تعداد النطاق الفرعي النشط + السلبي)
g ! 2m0: ~ webcopilot -d example.com -o example -f /home/ubuntu/subdomains.txt -aتبدو الخيارات الافتراضية كما يلي:
g ! 2m0: ~ webcopilot -d http://testphp.vulnweb.com/ -a -b eeuyhzfpwgnsezrraragtd70ex5oc2hsw.oast.fun ──────▄▀▄─────▄▀▄
─────▄█░░▀▀▀▀▀░░█▄
─▄▄──█░░░░░░░░░░░█──▄▄
█▄▄█─█░░▀░░┬░░▀░░█─█▄▄█
██╗░░░░░░░██╗███████╗██████╗░░█████╗░░█████╗░██████╗░██╗██╗░░░░░░█████╗░████████╗
░██║░░██╗░░██║██╔════╝██╔══██╗██╔══██╗██╔══██╗██╔══██╗██║██║░░░░░██╔══██╗╚══██╔══╝
░╚██╗████╗██╔╝█████╗░░██████╦╝██║░░╚═╝██║░░██║██████╔╝██║██║░░░░░██║░░██║░░░██║░░░
░░████╔═████║░██╔══╝░░██╔══██╗██║░░██╗██║░░██║██╔═══╝░██║██║░░░░░██║░░██║░░░██║░░░
░░╚██╔╝░╚██╔╝░███████╗██████╦╝╚█████╔╝╚█████╔╝██║░░░░░██║███████╗╚█████╔╝░░░██║░░░
░░░╚═╝░░░╚═╝░░╚══════╝╚═════╝░░╚════╝░░╚════╝░╚═╝░░░░░╚═╝╚══════╝░╚════╝░░░░╚═╝░░░
[ ● ] Version: 2.0 .0
[ ● ] @ h4r5h1t | G ! 2 m0
[ ] Warning: Use with caution . You are responsible for your own actions .
[ ] Developers assume no liability and are not responsible for any misuse or damage cause by this tool .
Target : http: //testphp.vulnweb.com/
Output: / home / ubuntu / github / webcopilot / webcopilot - 1714304809
Threads: 100
Server: eeuyhzfpwgnsezdyeragtd70ex5oc2hsw . oast . fun
Exclude: False
Mode: Running all Enumeration
Time : 28 - 04 - 2024 17 : 16 : 49
[ ! ] Please wait while scanning . . .
[ ● ] Passive Subdomain Scanning is in progress :
[ ● ] Subdomain Scanned - [ assetfinder✔ ] Subdomain Found : 0
[ ● ] Subdomain Scanned - [ SUBLIST3R_V2 .0 ✔ ] Subdomain Found : 0
[ ● ] Subdomain Scanned - [ subfinder✔ ] Subdomain Found : 1
[ ● ] Subdomain Scanned - [ amass✔ ] Subdomain Found : 0
[ ● ] Subdomain Scanned - [ findomain✔ ] Subdomain Found : 1
[ ● ] Subdomain Scanned - [ crt . sh✔ ] Subdomain Found : 0
[ ● ] Subdomain Scanned - [ hackertarget✔ ] Subdomain Found : 1
[ ● ] Subdomain Scanned - [ riddler✔ ] Subdomain Found : 0
[ ● ] Subdomain Scanned - [ certspotter✔ ] Subdomain Found : 0
[ ● ] Active Subdomain Scanning is in progress :
[ ! ] Please be patient . This may take a while ...
[ ● ] Active Subdomain Scanned - [ gobuster✔ ] Subdomain Found : 0
[ ● ] Active Subdomain Scanned - [ amass✔ ] Subdomain Found : 0
[ ● ] Subdomain Filtering : Filtering Alive subdomains
[ ● ] Subdomain Filtering - Filtering alive subdomains is completed . Check : / subdomains / alivesub . txt
[ ● ] Subdomain Scanning : Getting titles of valid subdomains
[ ● ] Visual inspection of Subdomains is completed . Check : / subdomains / aquatone /
[ ● ] Subdomain Enumeration Completed . Total : 1 | Alive : 1
[ ● ] Endpoints Scanning Completed . Total : 0
[ ● ] Vulnerabilities Scanning is in progress : Getting all vulnerabilities of
[ ● ] Vulnerabilities Scanning is in progress :
[ ● ] Vulnerabilities Scanned - [ XSS✔ ] Found : 0
[ ● ] Vulnerabilities Scanned - [ SQLi✔ ] Found : 0
[ ● ] Vulnerabilities Scanned - [ LFI✔ ] Found : 0
[ ● ] Vulnerabilities Scanned - [ CRLF✔ ] Found : 0
[ ● ] Vulnerabilities Scanned - [ SSRF✔ ] Found : 0
[ ● ] Vulnerabilities Scanned - [ Open redirect✔ ] Found : 0
[ ● ] Vulnerabilities Scanned - [ Subdomain Takeover✔ ] Found : 0
[ ● ] Vulnerabilities Scanned - [ Nuclie✔ ] Found : 0
[ ● ] Vulnerabilities Scanning Completed . Check : / vulnerabilities /
▒█▀▀█ █▀▀ █▀▀ █░░█ █░░ ▀▀█▀▀
▒█▄▄▀ █▀▀ ▀▀█ █░░█ █░░ ░░█░░
▒█░▒█ ▀▀▀ ▀▀▀ ░▀▀▀ ▀▀▀ ░░▀░░
[ + ] Subdomains of http : //testphp.vulnweb.com/
[ + ] Subdomains Found : 1
[ + ] Subdomains Alive : 1
[ + ] Endpoints : 0
[ + ] XSS : 0
[ + ] SQLi : 0
[ + ] Open Redirect : 0
[ + ] SSRF : 0
[ + ] CRLF : 0
[ + ] LFI : 0
[ + ] Subdomain Takeover : 0
[ + ] Nuclei : 0WebCopilot مستوحى من Garud & Pinaak بواسطة ROX4R.
@aboul3la @tomnomnom @lc @hahwul @projectdiscovery @maurosoria @shelld3v @devanshbatham @michenriksen @defparam @projectdiscovery @bp0lr @ameenmaali @sqlmapproject @dwisiswant0 @OWASP @OJ @Findomain @danielmiessler @1ndianl33t @ROX4R @xnl-h4ck3r @hx lxmjxbbxs @s0md3v
| تحذير: لا يتحمل المطورون أية مسؤولية وليسوا مسؤولين عن أي سوء استخدام أو ضرر تسببه هذه الأداة. لذا يرجى توخي الحذر لأنك مسؤول عن تصرفاتك. |
