Home

Following

Library

Reading history

Stories

Stats

Installation of GF tool and its different patterns

3 min readDec 6, 2022

--

Today we will discuss how to install gf tool and different patterns

GF tool is used for filtering the collected URLs according to our need

If I do some spelling or grammatical mistakes please ignore them.

If you want to read my previous blogs I have mentioned the links

My previous blogs

Creating Your Own Telegram Bot For Recon Bug Bounty

Hello Friends this is my fourth blog regarding bug hunting

santoshdbobade.medium.com

How I Got An Appreciation Letter From Harvard University

Hello guys, my name is Santosh Bobade. This is my first write-up, so any spelling mistake and grammatical mistake…

santoshdbobade.medium.com

How I got Reflected Cross Site Scripting(RXSS) on Manchester Metropolitan University

Hello Everyone I hope you all are going well and good So this is my third blog regarding bug hunting

santoshdbobade.medium.com

An Accidental XSS on uu.nl

Hello guys, I hope you enjoyed my previous blog. Today I am talking about how I got an accidental XSS on uu.nl Let's…

santoshdbobade.blogspot.com

Go language must be present in your system

To install go language use the following command

┌──(root💀kali)-[~/Desktop]
└─# apt install golang

for checking the version use the following command

┌──(root💀kali)-[~/Desktop]
└─# go version

Installation of tools

go install github.com/tomnomnom/gf@latest
go install github.com/tomnomnom/waybackurls@latest
go install github.com/bp0lr/gauplus@latest
go install github.com/lc/gau/v2/cmd/gau@latest

create a hidden directory in root directory using the following command

┌──(root💀kali)-[~/Desktop]
└─# cd

┌──(root💀kali)-[~]
└─# mkdir .gf

download the gf pattern(git cloning the gf pattern)

┌──(root💀kali)-[~]
└─# git clone https://github.com/NitinYadav00/gf-patterns.git

change the directory to the gf-pattern

┌──(root💀kali)-[~]
└─# cd gf-patterns

copy all the patterns in the hidden directory (.gf)

┌──(root💀kali)-[~/gf-patterns]
└─# cp -r /root/gf-patterns/*.json ~/.gf

now go to the .gf directory and check the copy content

┌──(root💀kali)-[~/Desktop]
└─# cd

┌──(root💀kali)-[~]
└─# cd .gf

┌──(root💀kali)-[~/.gf]
└─# ls

goto the go > bin directory and copy gau gauplus waybackurls gf in usr > local > bin directory

┌──(root💀kali)-[~/Desktop]
└─# cd

┌──(root💀kali)-[~]
└─# cd go/bin

┌──(root💀kali)-[~/go/bin]
└─# cp gau gauplus waybackurls gf /usr/local/bin/

exit from the terminal and again reopen the terminal and check the gf tool is perfectly installed or not

┌──(root💀kali)-[~/Desktop]
└─# gf -h

┌──(root💀kali)-[~/Desktop]
└─# gf -list

its time to test the web-application

┌──(root💀kali)-[~/Desktop]
└─# waybackurls testphp.vulnweb.com | gf xss | tee xssfilter.txt

now we got the URL which is possible to XSS now we can use other XSS payload or check it manually to confirm whether the XSS is present or not

I also disclosed some interesting video POC regarding my submission on youtube

Youtube: https://www.youtube.com/channel/UCD1HKXD7o-mLV9jmkS-emGw

LinkedIn: https://www.linkedin.com/in/santosh-bobade-531094192/

Twitter Handle: https://twitter.com/Santosh88267387

Bugbounty Writeup

Ethical Hacking

Written by Santosh Bobade

CEH

Responses (3)

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech