Skip to content

SpeTr0x/megplus

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
lists
lists
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
cors.sh
cors.sh
 
 
fetch.php
fetch.php
 
 
findstrings.sh
findstrings.sh
 
 
findtakeovers.sh
findtakeovers.sh
 
 
megplus.sh
megplus.sh
 
 

Repository files navigation

meg+

Automated reconnaissance wrapper — TomNomNom's meg on steroids.

Built by TomNomNom and EdOverflow.

Installation

You will need Golang and PHP to use all the features provided by this tool. On top of that, make sure to install meg, waybackurls, and gio.

go get github.com/tomnomnom/meg
go get github.com/tomnomnom/waybackurls

Usage

You can either scan a list of hosts or use your HackerOne X-Auth-Token token to scan all the bug bounty programs that you participate in.

$ ./megplus.sh
Usage:   ./megplus.sh <list of domains>
Usage:   ./megplus.sh -x <H1 X-Auth-Token>
Example: ./megplus.sh domains
Example: ./megplus.sh -x XXXXXXXXXXXXXXXX

Scanner

meg+ will scan for the following things:

[+] Finding configuration files.

[+] Finding interesting strings.

[+] Finding open redirects.

[+] Finding CRLF injection.

[+] Finding CORS misconfigurations.

[+] Finding path-based XSS.

[+] Searching for (sub)domain takeovers.

Contributing

I welcome contributions from the public.

Using the issue tracker 💡

The issue tracker is the preferred channel for bug reports and features requests.

Issues and labels 🏷

The bug tracker utilizes several labels to help organize and identify issues.

Guidelines for bug reports 🐛

Use the GitHub issue search — check if the issue has already been reported.

About

Automated reconnaissance wrapper — TomNomNom's meg on steroids.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 67.2%
  • PHP 32.8%