
Bash All URLs

Primary LanguageShell


Bash All Urls


Spidery Chest

Baú is a shell/bash script program which uses curl to extract all information of a given URL from common crawl and web archive's API
Its purpose is to extract parameters to facilitate for further exploitation, such as XSS, SQLi, Open Redirects... and so on.


Required: curl

git clone https://github.com/RodricBr/bau
cd bau/;chmod +x bau
sudo mv bau /usr/local/bin/
bau -h


# Normal use
bau vulnweb.com -ns "js|svg|png"
bau vulnweb.com -s "js|php|svg|png|jpeg|jpg"
bau vulnweb.com -ns
bau vulnweb.com -s

AiriXSS - Checks for reflected parameters

HTTPx - URL probbing

Uro - Removing unnecessary urls (Highly recommended)

qsReplace - Replaces query string values with a given value

urldedupe - Remove duplicated urls

# Pratical use with XARGS (as an idea, not really needed)
echo "vulnweb.com" | xargs -I{} bash -c 'bau {} -ns' | nilo

# XSS Hunting w/ NILO (Faster)
bau vulnweb.com -s "php|js|svg|png" | urldedupe -qs | uro | qsreplace '"><svg onload=alert(1)>' | airixss -payload "alert(1)"

# XSS Hunting on multiple domains w/ HTTPx (Probbing & slower)
bau $(cat domains.txt) -s "php|js|svg|png" | httpx -silent -mc 200 | qsreplace '"><svg onload=alert(1)>' | airixss -payload "alert(1)"

# With XARGS
echo "vulnweb.com" | xargs -I{} bash -c 'bau {} -s "php|js|svg|png"' | ...

Inspired by gau