Scout - Lightweight URL Fuzzer And Spider: Discover A Web Server'S Undisclosed Files, Directories And VHOSTs

Scout – Lightweight URL Fuzzer And Spider: Discover A Web Server’S Undisclosed Files, Directories And VHOSTs

Scout is a URL fuzzer and spider for discovering undisclosed VHOSTS, files and directories on a web server.

A full word list is included in the binary, meaning maximum portability and minimal configuration. Aim and fire!

Usage

Discover URLs on a given web server. version Display scout version. vhost Discover VHOSTs on a given web server. Flags: -d, –debug Enable debug logging. -h, –help help for scout -n, –no-colours Disable coloured output. -p, –parallelism int Parallel routines to use for sending requests. (default 10) -k, –skip-ssl-verify Skip SSL certificate verification. -w, –wordlist string Path to wordlist file. If this is not specified an internal wordlist will be used. “>

Usage:
scout [command]

Available Commands:
help Help about any command
url Discover URLs on a given web server.
version Display scout version.
vhost Discover VHOSTs on a given web server.

Flags:
-d, --debug Enable debug logging.
-h, --help help for scout
-n, --no-colours Disable coloured output.
-p, --parallelism int Parallel routines to use for sending requests. (default 10)
-k, --skip-ssl-verify Skip SSL certificate verification.
-w, --wordlist string Path to wordlist file. If this is not specified an internal wordlist will be used.

Discover URLs

Flags

-x, --extensions

File extensions to detect. (default php,htm,html,txt])

-f, --filename

Filename to seek in the directory being searched. Useful when all directories report 404 status.

-H, --header

Extra header to send with requests e.g. -H "Cookie: PHPSESSID=blah"

-c, --status-codes

HTTP status codes which indicate a positive find. (default 200,400,403,500,405,204,401,301,302)

-m, --method

HTTP method to use.

-s, --spider

Scan page content for links and confirm their existence.

Full example

$ scout url http://192.168.1.1

[+] Target URL http://192.168.1.1
[+] Routines 10
[+] Extensions php,htm,html
[+] Positive Codes 200,302,301,400,403,500,405,204,401,301,302

[302] http://192.168.1.1/css
[302] http://192.168.1.1/js
[302] http://192.168.1.1/language
[302] http://192.168.1.1/style
[302] http://192.168.1.1/help
[401] http://192.168.1.1/index.htm
[302] http://192.168.1.1/image
[200] http://192.168.1.1/log.htm
[302] http://192.168.1.1/script
[401] http://192.168.1.1/top.html
[200] http://192.168.1.1/shares
[200] http://192.168.1.1/shares.php
[200] http://192.168.1.1/shares.htm
[200] http://192.168.1.1/shares.html
[401] http://192.168.1.1/traffic.htm
[401] http://192.168.1.1/reboot.htm
[302] http://192.168.1.1/debug
[401] http://192.168.1.1/debug.htm
[401] http://192.168.1.1/debug.html
[4 01] http://192.168.1.1/start.htm

Scan complete. 28 results found.

Discover VHOSTs

$ scout vhost https://google.com

[+] Base Domain google.com
[+] Routines 10
[+] IP -
[+] Port -
[+] Using SSL true

account.google.com
accounts.google.com
blog.google.com
code.google.com
dev.google.com
local.google.com
m.google.com
mail.google.com
mobile.google.com
www.google.com
admin.google.com
chat.google.com

Scan complete. 12 results found.

Installation

curl -s "https://raw.githubusercontent.com/liamg/scout/master/scripts/install.sh" | bash

Leave a Reply

Your email address will not be published.

Special Offer for Hackers!Sign up to get your $5 Coupon code, weekly deals and latest hacking tools straight to your inbox!
X