Gf-Patterns V 1.1
GF By 
A wrapper around grep, to help you grep for things
installation
If you've got Go installed and configured you can install waybackurls & Gf with:
▶ go get -u github.com/tomnomnom/waybackurls▶ go get -u github.com/tomnomnom/gfIf you've installed using go get, you can enable auto-completion to your .bashrc like this:
▶ echo 'source $GOPATH/src/github.com/tomnomnom/gf/gf-completion.bash' >> ~/.bashrcNote that you'll have to restart your terminal, or run source ~/.bashrc for the changes to
take effect.
To get started quickly, you can copy the example pattern files to ~/.gf like this:
▶ cp -r $GOPATH/src/github.com/tomnomnom/gf/examples ~/.gfMY Gf Patterns installation
▶ git clone https://github.com/1ndianl33t/Gf-PatternsTo get started quickly, you can copy the example pattern files to ~/.gf like this:
▶ mv ~/Gf-Patterns/*.json ~/.gfUse example
▶ cat subdomains.txt | waybackurls | sort -u >> waybackdata | gf ssrf | tee -a ssfrparams.txt
▶ cat waybackdata | gf redirect | tee -a redirect.txtPattern Files
The pattern definitions are stored in ~/.gf as little JSON files that can be kept under version control:
gf ssrf
▶ cat ~/.gf/ssrf.json
{
"flags": "-iE",
"patterns": [
"access",
"admin",
"dbg",
"debug",
"edit",
"grant",
"test",
"alter",
"clone",
"create",
"delete",
"disable",
"enable",
"exec",
"execute",
"load",
"make",
"modify",
"rename",
"reset",
"shell",
"toggle",
"adm",
"root",
"cfg",
"dest",
"redirect",
"uri",
"path",
"continue",
"url",
"window",
"next",
"data",
"reference",
"site",
"html",
"val",
"validate",
"domain",
"callback",
"return",
"page",
"feed",
"host",
"port",
"to",
"out",
"view",
"dir",
"show",
"navigation",
"open"
]
}
gf redirect
▶ cat ~/.gf/redirect
{
"flags": "-iE",
"patterns": [
"forward=",
"dest=",
"redirect=",
"uri=",
"path=",
"continue=",
"url=",
"window=",
"to=",
"out=",
"view=",
"dir=",
"show=",
"navigation=",
"Open=",
"file=",
"val=",
"validate=",
"domain=",
"callback=",
"return=",
"page=",
"feed=",
"host=",
"port=",
"next=",
"data=",
"reference=",
"site=",
"html="
]
}
gf rce
▶ cat ~/.gf/rce.json
{
"flags": "-iE",
"patterns": [
"daemon",
"upload",
"dir",
"execute",
"download",
"log",
"ip",
"cli",
"cmd"
]
}Gf idor
▶ cat ~/.gf/idor.json
{
"flags": "-iE",
"patterns": [
"id",
"user",
"account",
"number",
"order",
"no",
"doc",
"key",
"email",
"group",
"profile",
"edit",
"report"
]
}
Gf Sqli
▶ cat ~/.gf/sqli.json
{
"flags": "-iE",
"patterns": [
"id",
"select",
"report",
"role",
"update",
"query",
"user",
"name",
"sort",
"where",
"search",
"params",
"process",
"row",
"view",
"table",
"from",
"sel",
"results",
"sleep",
"fetch",
"order",
"keyword",
"column",
"field",
"delete",
"string",
"number",
"filter"
]
}Gf LFI
▶ cat ~/.gf/lfi.json
{
"flags": "-iE",
"patterns": [
"file",
"document",
"folder",
"root",
"path",
"pg",
"style",
"pdf",
"template",
"php_path",
"doc"
]
}Gf ssti
▶ cat ~/.gf/ssti.json
{
"flags": "-iE",
"patterns": [
"template",
"preview",
"id",
"view",
"activity",
"name",
"content",
"redirect"
]
}Gf debug_logic
▶ cat ~/.gf/debug_logic.json
{
"flags": "-iE",
"patterns": [
"access",
"admin",
"dbg",
"debug",
"edit",
"grant",
"test",
"alter",
"clone",
"create",
"delete",
"disable",
"enable",
"exec",
"execute",
"load",
"make",
"modify",
"rename",
"reset",
"shell",
"toggle",
"adm",
"root",
"cfg",
"config"
]
}Credit
Contributers
@victoni added more redirect parameters
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent