sigurlx-a-web-application-attack-surface-mapping-tool

sigurlx a web application attack surface mapping tool, it does …:

  • Categorize URLs URLs’ categories:  > endpoint
    > js {js}
    > style {css}
    > data {json|xml|csv}
    > archive {zip|tar|tar.gz}
    > doc {pdf|xlsx|doc|docx|txt}
    > media {jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff}
  • Next, probe HTTP requests to the URLs for status_codecontent_type, e.t.c 
  • Next, for every URL of category endpoint with a query: 

Usage

To display help message for sigurlx use the -h flag:

$ sigurlx -h

     _                  _      
 ___(_) __ _ _   _ _ __| |_  __
/ __| |/ _` | | | | '__| \ \/ /
\__ \ | (_| | |_| | |  | |>  < 
|___/_|\__, |\__,_|_|  |_/_/\_\ v2.1.0
       |___/

USAGE:
  sigurlx [OPTIONS]

GENERAL OPTIONS:
  -iL                       input urls list (use `-iL -` to read from stdin)
  -threads                  number concurrent threads (default: 20)
  -update-params            update params file

HTTP OPTIONS:
  -delay                    delay between requests (default: 100ms)
  -follow-redirects         follow redirects (default: false)
  -follow-host-redirects    follow internal redirects i.e, same host redirects (default: false)
  -http-proxy               HTTP Proxy URL
  -timeout                  HTTP request timeout (default: 10s)
  -UA                       HTTP user agent

OUTPUT OPTIONS:
  -nC                       no color    mode
  -oJ                       JSON output file (default: ./sigurlx.json)
  -v                        verbose mode

Installation

From Binary

You can download the pre-built binary for your platform from this repository’s releases page, extract, then move it to your $PATHand you’re ready to go.
From Source

sigurlx requires go1.14+ to install successfully. Run the following command to get the repo

▶ go get -u github.com/drsigned/sigurlx/cmd/sigurlx

From Github

▶ git clone https://github.com/drsigned/sigurlx.git
▶ cd sigurlx/cmd/sigurlx/
▶ go build .
▶ mv sigurlx /usr/local/bin/
▶ sigurlx -h

Contribution

Issues and Pull Requests are welcome!

Download Sigurlx

3 thoughts on “sigurlx-a-web-application-attack-surface-mapping-tool

  1. Pingback: Umbrella_android – Digital And Physical Security Advice App - Pentester Club

  2. Pingback: Exif-Gps-Tracer – A Python Script Which Allows You To Parse GeoLocation Data From Your Image Files Stored In A dataset - Pentester Club

  3. Pingback: UhOh365 – A Script That Can See If An Email Address Is Valid In Office365 (User/Email Enumeration) - Pentester Club

Leave a Reply

Your email address will not be published. Required fields are marked *