Generate an endpoint list from burp proxy history file:
1. You can collect additional parameters not present in your parameter list and write them to it using using -p [FILE_NAME]
2. You can filter out specified filetypes from your list using -ft .[EXT]
Generate an endpoint list from gau/httpx output file:
1. You can collect additional parameters not present in your parameter list and write them to it using using -p [FILE_NAME]
2. You can filter out specified filetypes from your list using -ft .[EXT]
1. -e = endpoints file you want to scan
2. -p = parameter file you want to use to scan for hidden param reflection
3. -o = output file for scan results.
4. --mode [0, 1, 2, 3 or 4] where 0 is a reflection scan with GET endpoints, 1 is a reflection scan with POST endpoints, 2 is a reflection scan with GET and POST, 3 is a XSS scan on confirmed reflected parameters generated by the 3 commands below and 4 is the SQLI endpoint scanner.
5. -rec [on] optional choice, '-rec on' will do a recursive search of parameters and return all reflected parameters instead of stopping after 1 is found.
6. -t [THREAD_COUNT] use this to specify your thread count.
7. --cookie [COOKIES] use this to provide your authentication cookies.
8. --discord [WEBHOOK_URL] for result output to discord (can be used with -o)
9. -fp [PARAM1,PARAM2] can be used to filter out params from being used in scanning - great for globally reflected params.
10. [-v on] is used for detailed output which includes full url, clean url and reflected code snippet.
11. -hi [FILENAME] generates all of the hidden input names to the file specified (credits to bendtheory for the idea!)
12. -bc [BURP-COLLABORATOR] run a burp collaborator and insert the URL here to check for any callsbacks.