[gau + burp | dalfox] GAU : Get complete URLs from site such as wayback machine, common crawler (kinda shoda for URLs) and Allien Vault incidents db. DALFOX : web vuln scanner, mainly for XSS.
"getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain."
GO111MODULE=on go get -u -v github.com/lc/gau
gau -b png,jpg,gif example.com > gau.rpt <==a bunch of URLS with arguments (if they exist on those providers)
* Chained with Burp :
for url in `cat gau.rpt`; do http --verify no --proxy https:https://127.0.0.1:8080 $url; done
Then, active scan over them (they will appear in site map)
* Chained with Dalfox
GO111MODULE=on go get -v github.com/hahwul/dalfox/v2
cat gau.rpt | dalfox pipe
