Getting started

Knowledge hub



Get all URLs and classify by vulnerability type

While [get-all-public-urls](get-all-public-urls "mention") will give us only the URL results, this workflow will sort out all of the found URLs into appropriate categories. You can check out the vulnerability categories that are supported below.

Complexity: advanced

Category: Web Discovery




The input is a list of webservers or hostnames, this workflow will gather all of the URLs archived by different providers and classify them by vulnerability type:

  • Image Traversal
  • SQL Injection
  • Debug Logic
  • Server Side Template Injection
  • Server-Side Request Forgery
  • Remote Code Execution
  • Open Redirect
  • Local File Inclusion
  • Interesting Parameters
  • JS Variables
  • Cross-Site Scripting
  • Insecure Direct Object Reference

Workflow Targets Setup

Execution and results

After setup workflow is ready to be executed. Once workflow last nodes, gf tools, are finished results can be viewed and downloaded.

Each of gf tool nodes will contain URLs for a particular vulnerability category.

Try it out!

This workflow is available in the Library, you can copy it and execute it immediately!

Improve this workflow

  • Execute vulnerability scanners like nuclei on particular vulnerability findings per tag
  • Add more vulnerability categories and improve gf patterns