Tool for automate bughunting process π.
βΆοΈ π£πΊ ππ¦π· ππͺπ«π’πΊ ππ-129 π«πΆπ―π¦ 2024βοΈ
Presenting the Sub-Ringan Framework, a user-friendly bug hunting tool designed to automate the process of identifying vulnerabilities in web applications. This tool is created specifically for bug bounty hunters and cybersecurity experts, By automating much of the work, it allows testers to focus on uncovering critical vulnerabilities and improving web application security.
Key Features π:
Subdomain Discovery from everywhere including many websites-db β: Quickly identify all subdomains associated with your target, providing you with a comprehensive overview.
Fetch every live π· URL from every assets,subs,webs-db πΈ: Find and then Scan live URLs for potential vulnerabilities, ensuring thorough coverage of your target's web presence.
XSS (Cross-Site Scripting) Detection all π Reflected parameters with inbuild and customizable polyglot payload π¦: Uncover XSS vulnerabilities that could compromise user data and application security.
One and only header base SSRF (Server-Side Request Forgery) π Detection: Identify potential SSRF vulnerabilities that might lead to unauthorized data access.
SQLi ( time base , header base SQL Injection) Analysis π: Detect SQL injection points and potential weaknesses in your target's database.
LFI (Local File Inclusion) Search π: Hunt for LFI vulnerabilities that could lead to unauthorized access to sensitive files.
Sub-Ringan Framework automatically arranges target files in a structured directory, enhancing your workflow and enabling seamless collaboration with fellow bug bounty hunters.
Required π Dependencies:
gf: A powerful pattern-matching utility for extracting URLs and other useful information from web pages.
Install it from: https://github.com/tomnomnom/gf
httpx: A fast and multi-purpose HTTP utility.
Install it from: https://github.com/projectdiscovery/httpx
tee: A command-line utility for redirecting output to multiple files. It's usually available by default on most Unix-like systems.
assetfinder: A tool to discover assets from a domain.
Install it from: https://github.com/tomnomnom/assetfinder
getallurls: A tool to fetch all URLs from a web page.
Install it from: https://github.com/lc/gau
waybackurls: A tool to fetch URLs from the Wayback Machine.
Install it from: https://github.com/tomnomnom/waybackurls
gxss: A tool for finding reflected parameters.
Install it from: https://github.com/KathanP19/Gxss
anew: A tool for filtering and manipulating text output.
Install it from: https://github.com/tomnomnom/anew
git clone https://github.com/R4GN4R0K-SEC/Sub-Ringan-Framework.git
cd Sub-Ringan-Framework
cd Sub-ringan
chmod +x Sub-Ringan.sh
sh Sub-Ringan.sh
Interface 1 π§
Interface 2 π₯
Interface 3 βοΈ
π Special Thanks to the Awesome Tools that Power Sub-Ringan Framework! π
- gf: Rohan Aggarwal (@rohank1337)
- sqlmap: Bernardo Damele A. G. (@MiroslavStampar)
- amass: Jeff Foley (@caffix)
- subfinder: Ice3man (@Ice3man543)
- ffuf: Magnus Stubman (@ffuf)
- httpx, qsreplace, getallurls, waybackurls, gxss ,anew, asset finder : Tom Hudson (@tomnomnom)
Kudos to these talented individuals for their invaluable contributions! π
- Sub-Ringan-Framework: is not just relying on other tools β it brings some fresh techniques to the table, like header-based SSRF detection π and an inbuilt polyglot XSS payload. and detect time basedβ³ SQL injection with temper bypass technique It's not just a wrapper for other programs.
This project is licensed under the MIT License. See LICENSE for details.