BOOK THIS SPACE FOR AD
ARTICLE ADHack from anywhere — even your smart fridge if it had a browser. With Google CloudShell, you don’t need a high-end device or lightning-fast internet; it’s all cloud magic! So, grab your snack, kick back, and let’s get you set up to hunt bugs while your fridge judges your life choices!
Step 1: Install GoLang
Install GoLang, as it’s the foundation for many tools:
apt install golangStep 2: Install GoLang Tools
Install these essential tools using Go:
(It looks complicated but trust me it’s not)
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/tomnomnom/assetfinder@latest
go install -v github.com/owasp-amass/amass/v4/...@master
# HTTP Probing & Fuzzing
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/ffuf/ffuf/v2@latest
# Archive Data and Pattern Matching
go install -v github.com/tomnomnom/waybackurls@latest
go install -v github.com/tomnomnom/gf@latest
# Vulnerability Scanning
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
# Subdomain Takeover
go install -v github.com/PentestPad/subzy@latest
Download these scripts from Github and store them in your tools folder:Dirsearch
Install via apt: apt install dirsearch
Use tools like Subfinder, Assetfinder, and Amass to collect subdomains:
Subfinder:subfinder -d vk.com -t 100 -v -o subfinder.txtAmass (with IP brute force):amass enum -src -ip -brute -d vk.com -o amass.txtAssetfinder:cat subdomains.txt | assetfinder > assetfinder.txtCombine results from all tools and filter unique subdomains:
sort subfinder.txt amass.txt assetfinder.txt | uniq > sorted_subdomains.txtUse Httpx to check for active subdomains:
cat sorted_subdomains.txt | httpx -threads 200 | tee -a live_subdomains.txtFetch historical data using WaybackURLs:
cat live_subdomains.txt | waybackurls | tee -a wayback_urls.txtFilter for potential vulnerabilities using GF and other techniques:
Cross-Site Scripting (XSS):cat wayback_urls.txt | gf xss | tee -a potential_xss.txtSQL Injection (SQLi):cat wayback_urls.txt | gf sqli | tee -a potential_sqli.txtJavaScript Files:cat wayback_urls.txt | grep js | tee -a js_files.txtManual Testing: Use the parameters extracted (e.g., potential_xss.txt and potential_sqli.txt) to look for vulnerabilities using burpsuite.Automated Testing with Nuclei:
cat wayback_urls.txt | nuclei -t /root/nuclei-templates/vulnerabilitiesWasn’t that a breeze? If you enjoyed it, be sure to follow me on Twitter and LinkedIn for more fun adventures in hacking!