▄▄· ▄▄▌ ·▄▄▄▄
▐█ ▌▪▪ ██• ██▪ ██
██ ▄▄ ▄█▀▄ ██▪ ▐█· ▐█▌: Crawl >> Links || Discover >> Endopints >> Params || Scan >> JavaScript >> Secrets || Analyze >> Everything
▐███▌▐█▌.▐▌▐█▌▐▌██. ██
·▀▀▀ ▀█▄▀▪.▀▀▀ ▀▀▀▀▀•
About:
Col(lect) D(ata): A Fancy Bash Wrapper around gau, github-endpoints, gospider, hakrawler, JSA, katana, subJS, waymore & xnLinkFinder to find as much Links, Endpoints & Params as possible on a single $URL
.
Installation:
- Bash:
sudo wget https://raw.githubusercontent.com/Azathothas/BugGPT-Tools/main/cold/cold.sh -O /usr/local/bin/cold && sudo chmod +xwr /usr/local/bin/cold && cold --help
Initialization:
cold -init
# Essentially dry runs and attempts auto install of dependencies and Initialize upon first & second run:
# cold -u https://example5.com -o /tmp/example5.com -gh ghp_xyz ; cold -u https://example5.com -o /tmp/example.com -gh ghp_xyz
Usage:
cold --help
▄▄· ▄▄▌ ·▄▄▄▄
▐█ ▌▪▪ ██• ██▪ ██
██ ▄▄ ▄█▀▄ ██▪ ▐█· ▐█▌
▐███▌▐█▌.▐▌▐█▌▐▌██. ██
·▀▀▀ ▀█▄▀▪.▀▀▀ ▀▀▀▀▀•
➼ Usage: cold -u <url> -o /path/to/outputdir -gh <github_token> <other options>
Extended Help
-u, --url Specify the URL to scrape (Required)
-o, --output_dir Specify the directory to save the output files (Required)
-gh, --github_token Specify manually: ghp_xxx (Not Required if $HOME/.config/.github_tokens exists)
-d, --deep Specify if Gospider, Hakrawler, Katana & XnLinkfinder should run with depth 5.(Slow)
-h, --headers Specify additional headers or cookies to use in the HTTP request (optional)
-init, --init Initialize ➼ cold by dry-running it against example.com (Only run on a fresh Install)
-up, --update Update cold
-ctmp, --clean-tmp Cleans /tmp/ files after run
-curls, --clean-urls Removes noisy junk urls (godeclutter | urless)
-params, --discover-params Runs Arjun for parameter discovery (Basic & Slow)
-secrets, --scan-secrets Runs gf-secrets + TruffleHog (Massive Output, Resource-Intensive & Slow)
Example Usage:
Basic:
cold --url https://example.com --output_dir /path/to/outputdir --github_token ghp_xyz
Extensive:
cold --url https://example.com --output_dir /path/to/outputdir --github_token ghp_xyz --headers "Authorization: Bearer token; Cookie: cookie_value" --deep --discover-params --scan-secrets
Tips:
➼ Include UrlScan API keys in $HOME/Tools/waymore/config.yml to find more links
➼ Include multiple github_tokens in $HOME/.config/.github_tokens to avoid rate limits
➼ --scan-secrets produces massive files (Several GBs). So TuffleHog is run by default. Best run with --deep
➼ Don't Worry if your Terminal Hangs for a bit.. It's a feature not a bug