xurlfind3r is a command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
- Fetches URLs from curated passive sources to maximize results.
- Parses URLs from wayback webpages and
robots.txtsnapshots. - Filters out duplicate URLs.
- Supports URLs matching and filtering.
- Supports
stdinandstdoutfor easy integration into workflows. - Cross-Platform (Windows, Linux & macOS).
Visit the releases page and find the appropriate archive for your operating system and architecture. Download the archive from your browser or copy its URL and retrieve it with wget or curl:
-
...with
wget:wget https://github.com/hueristiq/xurlfind3r/releases/download/v<version>/xurlfind3r-<version>-linux-amd64.tar.gz
-
...or, with
curl:curl -OL https://github.com/hueristiq/xurlfind3r/releases/download/v<version>/xurlfind3r-<version>-linux-amd64.tar.gz
...then, extract the binary:
tar xf xurlfind3r-<version>-linux-amd64.tar.gzTIP: The above steps, download and extract, can be combined into a single step with this onliner
curl -sL https://github.com/hueristiq/xurlfind3r/releases/download/v<version>/xurlfind3r-<version>-linux-amd64.tar.gz | tar -xzv
NOTE: On Windows systems, you should be able to double-click the zip archive to extract the xurlfind3r executable.
...move the xurlfind3r binary to somewhere in your PATH. For example, on GNU/Linux and OS X systems:
sudo mv xurlfind3r /usr/local/bin/NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add xurlfind3r to their PATH.
Before you install from source, you need to make sure that Go is installed on your system. You can install Go by following the official instructions for your operating system. For this, we will assume that Go is already installed.
go install -v github.com/hueristiq/xurlfind3r/cmd/xurlfind3r@latest-
Clone the repository
git clone https://github.com/hueristiq/xurlfind3r.git
-
Build the utility
cd xurlfind3r/cmd/xurlfind3r && \ go build .
-
Move the
xurlfind3rbinary to somewhere in yourPATH. For example, on GNU/Linux and OS X systems:sudo mv xurlfind3r /usr/local/bin/
NOTE: Windows users can follow How to: Add Tool Locations to the PATH Environment Variable in order to add
xurlfind3rto theirPATH.
NOTE: While the development version is a good way to take a peek at xurlfind3r's latest features before they get released, be aware that it may have bugs. Officially released versions will generally be more stable.
xurlfind3r will work right after installation. However, BeVigil, Github and Intelligence X require API keys to work, URLScan supports API key but not required. The API keys are stored in the $HOME/.hueristiq/xurlfind3r/config.yaml file - created upon first run - and uses the YAML format. Multiple API keys can be specified for each of these source from which one of them will be used.
Example config.yaml:
NOTE: The keys/tokens below are invalid, use your own keys/tokens!
version: 0.4.0
sources:
- bevigil
- commoncrawl
- github
- intelx
- otx
- urlscan
- wayback
keys:
bevigil:
- awA5nvpKU3N8ygkZ
github:
- d23a554bbc1aabb208c9acfbd2dd41ce7fc9db39
- asdsd54bbc1aabb208c9acfbd2dd41ce7fc9db39
intelx:
- 2.intelx.io:00000000-0000-0000-0000-000000000000
urlscan:
- d4c85d34-e425-446e-d4ab-f5a3412acbe8To display help message for xurlfind3r use the -h flag:
xurlfind3r -hhelp message:
_ __ _ _ _____
__ ___ _ _ __| |/ _(_)_ __ __| |___ / _ __
\ \/ / | | | '__| | |_| | '_ \ / _` | |_ \| '__|
> <| |_| | | | | _| | | | | (_| |___) | |
/_/\_\\__,_|_| |_|_| |_|_| |_|\__,_|____/|_|
v0.4.0
with <3 by Hueristiq Open Source
USAGE:
xurlfind3r [OPTIONS]
CONFIGURATION:
-c, --configuration string configuration file path (default: $HOME/.config/xurlfind3r/config.yaml)
INPUT:
-d, --domain string[] target domain
-l, --list string target domains' list file path
TIP: For multiple input domains use comma(,) separated value with `-d`,
specify multiple `-d`, load from file with `-l` or load from stdin.
SCOPE:
--include-subdomains bool match subdomain's URLs
SOURCES:
--sources bool list supported sources
-u, --use-sources string[] comma(,) separated sources to use
-e, --exclude-sources string[] comma(,) separated sources to exclude
--parse-wayback-robots bool with wayback, parse robots.txt snapshots
--parse-wayback-source bool with wayback, parse source code snapshots
FILTER & MATCH:
-f, --filter string regex to filter URLs
-m, --match string regex to match URLs
OUTPUT:
--no-color bool disable colored output
-o, --output string output URLs file path
-O, --output-directory string output URLs directory path
-s, --silent bool display output subdomains only
-v, --verbose bool display verbose output
xurlfind3r -d hackerone.com --include-subdomains# filter images
xurlfind3r -d hackerone.com --include-subdomains -f '`^https?://[^/]*?/.*\.(jpg|jpeg|png|gif|bmp)(\?[^\s]*)?$`'# match js URLs
xurlfind3r -d hackerone.com --include-subdomains -m '^https?://[^/]*?/.*\.js(\?[^\s]*)?$'Issues and Pull Requests are welcome! Check out the contribution guidelines.
This utility is distributed under the MIT license.
Thanks to the amazing contributors for keeping this project alive.
Thanks to similar open source projects - check them out, may fit in your workflow.
gau ◇ waybackurls ◇ waymore