webcopilot – All-in-One Web Vulnerability Scanner: Find XSS, SQLi, RCE, and More

WebCopilot

WebCopilot is an automation tool designed to enumerate subdomains of the target and detect bugs using different open-source tools.

The script first enumerates all the subdomains of the given target domain using assetfinder, sublister, subfinder, amass, findomain, hackertarget, riddled, and crt then does active subdomain enumeration using gobuster from SecLists wordlist then filters out all the live subdomains using dnsx then it extracts titles of the subdomains using httpx & scans for subdomain takeover using subjack. Then it uses gau/gauplus, waybackurls, or waymore to crawl all the endpoints of the given subdomains then it uses gf patterns to filter out xss, lfi, ssrf, sqli, open redirect & rce parameters from that given subdomains, and then it scans for vulnerabilities on the subdomains using different open-source tools (like kxss, dalfox, openredirex, nuclei, etc). Then it’ll print out the result of the scan and save all the output in a specified directory.

Features

• Subdomain Enumeration using assetfinder, SUBLIST3R_V2.0, subfinder, amass, findomain, etc.
• Active Subdomain Enumeration using gobuster & amass from SecLists/DNS wordlist.
• Extract titles and take screenshots of live subdomains using aquatone & httpx.
• Crawl all the endpoints of the subdomains using waymore and filter out XSS, SQLi, SSRF, etc parameters using gf patterns.
• Run different open-source tools (like dalfox, nuclei, sqlmap, etc) to search for vulnerabilities on these parameters and then save all the outputs in the folder.

Install & Use

Copyright (c) 2021 Harshit Raj Singh