Sign Up

Get all URLs and classify by vulnerability type

While "Get-all-public-urls" workflow will give us only the URL results, this workflow will sort out all of the found URLs into appropriate categories. You can check out the vulnerability categories that are supported below.

Complexity: advanced

Category: Web Discovery




The input is a list of webservers or hostnames, this workflow will gather all of the URLs archived by different providers and classify them by vulnerability type:

  • Image Traversal
  • SQL Injection
  • Debug Logic
  • Server Side Template Injection
  • Server-Side Request Forgery
  • Remote Code Execution
  • Open Redirect
  • Local File Inclusion
  • Interesting Parameters
  • JS Variables
  • Cross-Site Scripting
  • Insecure Direct Object Reference
Get all URLs and classify by vulnerability type workflow targets setup

Workflow Targets Setup

Execution and results

After setup workflow is ready to be executed. Once workflow last nodes, gf tools, are finished results can be viewed and downloaded.

Each of gf tool nodes will contain URLs for a particular vulnerability category.

Get all URLs and classify by vulnerability type workflow results

Try it out!

This workflow is available in the Library, you can copy it and execute it immediately!

Improve this workflow

  • Execute vulnerability scanners like nuclei on particular vulnerability findings per tag
  • Add more vulnerability categories and improve gf patterns

Check out also this Web Discovery workflow - Get All Public URLs!