Sigurlx – A Web Application Attack Surface Mapping Tool

January 23, 2021

sigurlx a web application attack surface mapping tool, it does …:

  • Categorize URLs URLs’ categories: 
     > endpoint
     > js {js}
     > style {css}
     > data {json|xml|csv}
     > archive {zip|tar|tar.gz}
     > doc {pdf|xlsx|doc|docx|txt}
     > media {jpg|jpeg|png|ico|svg|gif|webp|mp3|mp4|woff|woff2|ttf|eot|tif|tiff}
  • Next, probe HTTP requests to the URLs for status_code, content_type, e.t.c
  • Next, for every URL of category endpoint with a query:
    • Probe for commonly vulnerable parameters (inspired by Somdev Sangwan’s Parth).
    • Probe for reflected parameters (inspired by Tom Hudson’s kxss).

Usage

To display help message for sigurlx use the -h flag:

$ sigurlx -h

     _                  _      
 ___(_) __ _ _   _ _ __| |_  __
/ __| |/ _` | | | | '__|  / /
__  | (_| | |_| | |  | |>  < 
|___/_|__, |__,_|_|  |_/_/_ v2.1.0
       |___/

USAGE:
  sigurlx [OPTIONS]

GENERAL OPTIONS:
  -iL                       input urls list (use `-iL -` to read from stdin)
  -threads                  number concurrent threads (default: 20)
  -update-params            update params file

HTTP OPTIONS:
  -delay                    delay between requests (default: 100ms)
  -follow-redirects         follow redirects (default: false)
  -follow-host-redirects    follow internal redirects i.e, same host redirects (default: false)
  -http-proxy               HTTP Proxy URL
  -timeout                  HTTP request timeout (default: 10s)
  -UA                       HTTP user agent

OUTPUT OPTIONS:
  -nC                       no color    mode
  -oJ                       JSON output file (default: ./sigurlx.json)
  -v                        verbose mode

Installation

From Binary

You can download the pre-built binary for your platform from this repository’s releases page, extract, then move it to your $PATHand you’re ready to go.

From Source

sigurlx requires go1.14+ to install successfully. Run the following command to get the repo

▶ go get -u github.com/drsigned/sigurlx/cmd/sigurlx

From Github

▶ git clone https://github.com/drsigned/sigurlx.git
▶ cd sigurlx/cmd/sigurlx/
▶ go build .
▶ mv sigurlx /usr/local/bin/
▶ sigurlx -h

Contribution

Issues and Pull Requests are welcome!

Download Sigurlx

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Tags: , , , ,

You may have missed

CISA Logo

CISA: CISA Adds One Known Exploited Vulnerability to Catalog

April 20, 2024
CISA Logo

CISA: Joint Guidance on Deploying AI Systems Securely

April 20, 2024
CISA Logo

CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

April 20, 2024
CISA Logo

CISA: Citrix Releases Security Updates for XenServer and Citrix Hypervisor

April 20, 2024
CISA Logo

CISA: Palo Alto Networks Releases Guidance for Vulnerability in PAN-OS, CVE-2024-3400

April 20, 2024