loading
loading
Utilities
A wrapper around grep to avoid typing common patterns.
overview
gf wraps grep so you stop retyping the long, error-prone regexes that recon work depends on. Each pattern lives in a small JSON file that names a class of interesting strings, such as URLs carrying parameters that look prone to XSS, SSRF, open redirect, or SQL injection. Point gf at a file of collected URLs and it pulls out only the lines that match the pattern you ask for.
The tool is built for the stage right after URL collection. Crawlers and archive scrapers produce huge, undifferentiated lists, and gf is the filter that turns that noise into a focused candidate set worth testing. Because patterns are plain JSON, a team can keep a shared library of them and apply the same triage logic across every target.
In a Trickest workflow, gf takes an input file and a pattern JSON file and writes a file and a folder of matches. Chain it after a URL-collection step and before a fuzzer or scanner so injection testing runs only against the parameters that fit a known-risky shape.
source github.com/tomnomnom/gf
use cases
Run gf over the output of a URL scraper to keep only lines that match a chosen pattern, cutting a list of tens of thousands down to the handful worth a closer look.
Apply patterns for XSS, SSRF, open redirect, or SQL injection to flag URLs whose parameters match those shapes, then hand the survivors to a fuzzing stage.
Supply a curated JSON pattern file so the same triage logic runs across every target in a workflow instead of living in one person's shell history.
Drop URLs that cannot match a risk class so a scanner or active tester only spends time on parameters that already look interesting.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| input | FILE | · | Input file |
| gf-json | FILE | · | Name of JSON file |
Showing key inputs. gf exposes 2 inputs in total.
example
# gf: apply xss.json pattern to URLs collected for example.comcat urls.txt | gf xss# Trickest node equivalent: input=urls.txt, gf-json=xss.jsonhttps://api.example.com/search?q=testhttps://app.example.com/redirect?url=https://example.comhttps://staging.example.com/page?id=1https://www.example.com/login?next=/dashboardhttps://dev.example.com/proxy?target=http://example.nethttps://mail.example.com/view?file=report.pdfhttps://cdn.example.com/asset?path=/static/app.jsguidance
Reach for gf when a recon stage has produced a large URL list and you want to keep only the lines matching a known-risky pattern. It is a filter, not a collector or a scanner, so run it after a URL source and before active testing.
Collects URLs from archives. It produces the list gf then filters, so they pair rather than compete.
Rewrites query-string values on URLs. Useful right after gf to template the candidates it surfaces.
The underlying tool. gf just saves and names the patterns so you do not retype them.
faq
related
Import, export, and link workflow data with Airtable.
Decode Android APK files into smali sources and resources.
Check a file's values against conditions and exit with a matching code.
Extract all hosted zones from AWS Route53.
Output file lines by batch size, given START_LINE and END_LINE.
Extract a batch range from a file's lines or a folder's files, with parallel processing.
A target feeds gau, which collects URLs from archives, then gf filters them against a pattern and writes the matching candidates as a queryable output.
Facts on this page come from the live Trickest tool library.