Recon Tool: fetchmeurls
Reading Time: 2 Minutes
Description
FetchmeURLs is a Powerful Recon Tool written by Chris ‘SaintDruG’ Abou-Chabké from Black Hat Ethical Hacking, designed for Bug Bounty Hunters to quickly fetch URLs for multiple domains as part of a small or large scope actively and passively. It uses Waybackurls and GoBuster to fetch URLs, combining both powers Active / Passive and then pipes the results after saving them into a new file probing each one using httpx. It will also display the status and progress such as how many URLs it found before and after the probing is done so that the user is aware what sort of attack vectors they can use after the Recon has been done.
See Also: So you want to be a hacker?
Offensive Security and Ethical Hacking Course
Double Action: Passive and Active combined and Probed
The idea is, you need to perform this once, then after you have the final URLs, you can use things like gf patterns from the URLs you fetched, to plan your next attack vectors. For example, you can use cariddi to find secrets, Nuclei on specific templates, Dalfox to find XSS Injection, SQLMap to find SQLi Injections, SSRF, Open Redirect, Website screenshots or just manual exploration.
Because it allows you to choose a custom wordlist, you have the flexibility to choose small, medium or big wordlists for the active fuzzing part with Gobuster. As this takes time but gets you more results than passive, you control the time because you provide the wordlist according to your needs. Can work well with SecLists too.
Recon is the most important part, if you want to one-line all that so you can then focus on the attack Vectors, this tool will help you do that accurately and does what it says it does.
Installation
git clone https://github.com/blackhatethicalhacking/fetchmeurls.git
cd fetchmeurls
chmod +x fetchmeurls.sh
./fetchmeurls.sh
Once the results are saved, make sure to check this: final_urls_probed_for_domainname.txt
See Also: Offensive Security Tool: XSSRocket
Requirements
You need to have:
Make sure to have these 3 installed, before you run our Tool. It works on Debian, MacOS, Ubuntu, Kali Linux, Parrot.
Screenshots
Clone the repo from here: GitHub Link