Recon Tool: fetchmeurls

by | Oct 13, 2023 | Tools

Post Views: 2,247

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Patreon

Reading Time: 2 Minutes

Description

FetchmeURLs is a Powerful Recon Tool written by Chris ‘SaintDruG’ Abou-Chabké from Black Hat Ethical Hacking, designed for Bug Bounty Hunters to quickly fetch URLs for multiple domains as part of a small or large scope actively and passively. It uses Waybackurls and GoBuster to fetch URLs, combining both powers Active / Passive and then pipes the results after saving them into a new file probing each one using httpx. It will also display the status and progress such as how many URLs it found before and after the probing is done so that the user is aware what sort of attack vectors they can use after the Recon has been done.

See Also: So you want to be a hacker?
Offensive Security and Ethical Hacking Course

Double Action: Passive and Active combined and Probed

The idea is, you need to perform this once, then after you have the final URLs, you can use things like gf patterns from the URLs you fetched, to plan your next attack vectors. For example, you can use cariddi to find secrets, Nuclei on specific templates, Dalfox to find XSS Injection, SQLMap to find SQLi Injections, SSRF, Open Redirect, Website screenshots or just manual exploration.

Because it allows you to choose a custom wordlist, you have the flexibility to choose small, medium or big wordlists for the active fuzzing part with Gobuster. As this takes time but gets you more results than passive, you control the time because you provide the wordlist according to your needs. Can work well with SecLists too.

Recon is the most important part, if you want to one-line all that so you can then focus on the attack Vectors, this tool will help you do that accurately and does what it says it does.

Installation

git clone https://github.com/blackhatethicalhacking/fetchmeurls.git

cd fetchmeurls

chmod +x fetchmeurls.sh

./fetchmeurls.sh

Once the results are saved, make sure to check this: final_urls_probed_for_domainname.txt

See Also: Optimize your Bug Bounty approach, Key Factors for choosing Ideal Programs

See Also: Offensive Security Tool: XSSRocket

 

Requirements

You need to have:

 

Make sure to have these 3 installed, before you run our Tool. It works on Debian, MacOS, Ubuntu, Kali Linux, Parrot.

 

Screenshots

 

Clone the repo from here: GitHub Link

 

See Also: Necurs: Uncovering the Sophisticated Botnet

Merch

Recent Tools

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This