Penetration Testing

Automating Asset Discovery and Vulnerability Scanning with Bash

V-Spot Research Division26 October 20238 min read

Bash scripting combining Assetfinder, Arjun, and Dalfox tools to streamline security assessments. Provides ready-to-use scripts for automating reconnaissance workflows.

Automating Asset Discovery and Vulnerability Scanning with Bash

In the fast-paced world of cybersecurity, automating tasks like asset discovery and vulnerability scanning is essential for effective and thorough security assessments. Combining powerful tools like Assetfinder, Arjun, and Dalfox in a bash script not only streamlines the process but also amplifies the potential for uncovering security threats. Let's dive into how we can use these tools together and what kind of results you can expect!

Tools Overview

Assetfinder: Utilized for uncovering subdomains linked to a main domain, Assetfinder is a starting point for penetration testing and reconnaissance work.

Arjun: This tool shines in finding hidden GET and POST parameters within web applications, revealing potentially overlooked surfaces for attacks.

Dalfox: A powerhouse for detecting and validating XSS vulnerabilities, Dalfox tests parameters found, along with other features like parameter analysis.

Combining in a Bash Script

Merging these tools in a bash script, we first gather a list of subdomains using Assetfinder, probe these for potential GET/POST parameters with Arjun, and finally test these parameters for XSS vulnerabilities using Dalfox. Here's a simple bash script example:

#!/bin/bash

# Usage: ./script.sh domain.com

domain=$1

# Find subdomains
echo "Gathering subdomains for $domain..."
subdomains=$(assetfinder --subs-only $domain)

# Scan for parameters and XSS vulnerabilities
echo "Scanning for hidden parameters and testing for XSS..."
for sub in $subdomains; do
 # Finding parameters with Arjun
 params=$(arjun -u $sub)

 # Testing each parameter with Dalfox
 if ! -z "$params" ]; then
 echo "Testing $sub for XSS vulnerabilities..."
 echo $params | dalfox pipe -b your.xss.ht
 fi
done

Usage & Output Examples

</main>Assetfinder Output:

blog.example.com
shop.example.com
dev.example.com

Arjun Output:

+] URL: http://dev.example.com

PARAM TYPE
---- ----
debug GET

Dalfox Output:

*] POC Code: http://dev.example.com?debug=<script>alert(1)</script>
POC] Found alertbox(1)

Combined One-Liner

for sub in $(assetfinder --subs-only example.com); do arjun -u "$sub" | dalfox pipe -b your.xss.ht; done

Conclusion

Combining Assetfinder, Arjun, and Dalfox in a bash script provides a formidable method to automate domain reconnaissance, parameter discovery, and vulnerability scanning. This strategy saves time, offers comprehensive insights, and assists in identifying potential security threats with efficiency and precision.

Related Research

Penetration Testing

Modernising Legacy: The Journey from Python 2 to Python 3 Exploits

Read

Penetration Testing

Honeypot Detection, Rate Limit Testing, and IP Rotation

Read

Penetration Testing

Setting Up the Penetration Testing Lab

Read

#!/bin/bash # Usage: ./script.sh domain.com domain=$1 # Find subdomains echo "Gathering subdomains for $domain..." subdomains=$(assetfinder --subs-only $domain) # Scan for parameters and XSS vulnerabilities echo "Scanning for hidden parameters and testing for XSS..." for sub in $subdomains; do # Finding parameters with Arjun params=$(arjun -u $sub) # Testing each parameter with Dalfox if ! -z "$params" ]; then echo "Testing $sub for XSS vulnerabilities..." echo $params | dalfox pipe -b your.xss.ht fi done

Combined One-Liner

for sub in $(assetfinder --subs-only example.com); do arjun -u "$sub" | dalfox pipe -b your.xss.ht; done

Conclusion