BOOK THIS SPACE FOR AD
ARTICLE ADMass automation for finding vulnerabilities in large scope targets can be a esay getway to find multiple bugs on multiple websites faster and in less time. If you’ve been struggling to find bugs on platforms like HackerOne and want to explore alternative avenues, government websites under programs like NCIIPC RVDP can offer a wide scope for discovery.
Here’s a refined strategy:
Discovering Target Domains: Utilize tools like Assetfinder to discover government domains. You can leverage pre-made lists available online for efficiency. For instance:assetfinder gov.in >> urls.txtConsider using curated lists from trusted sources, such as:
2. Finding Live Hosts: After acquiring the target domains, determine which ones are live using tools like Httpx:
httpx -l urls.txtThis step ensures you focus your efforts on active websites, saving time and resources.
3. Discovering Endpoints: Utilize tools like Katana to discover as many endpoints as possible within the live hosts:
katana -u livehosts -o endpoints.txtThis step helps in expanding your attack surface and increases the chances of discovering vulnerabilities.
4. XSS Vulnerability Testing: Finally, employ XSS testing tools like XSS_Vibes to scan the discovered endpoints for vulnerabilities. You can clone the tool from its GitHub repository:
python3 main.py -f endpoints.txt -o vulnerabilities.txt -t 10This command initiates the XSS scanning process with a specified thread count for efficiency.
you can insert more payloads in payloads.json to improve its findings
5. Reporting and Follow-Up:
I actually discovered simple XSS vulnerabilities in a government website using this strategy:
Reflected XSS2. DOM XSS
These vulnerabilities were reported, and they no longer exist. Additionally, I received an acknowledgment email from NCIIPC for finding these vulnerabilities.