An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for vulnerabilities.
MIT License
Bot releases are hidden (Show)
This version includes a series of significant updates and improvements that enhance the toolset's efficiency and functionality. Below are the details of the changes included in this release.
Tool and Configuration Checks: We've introduced checks for the presence of tools, wordlists, and configurations before installations or updates, ensuring a smoother setup process.
Tool Installation Commands: Updated and optimized to ensure compatibility and efficiency.
lfi.txt
payload and gf
patterns within the Garud tool.amass_linux_i386
to the latest version.Tool Changes: Added the uro
tool to filter out duplicate endpoints, streamlining data processing.
Flag Updates: Enhanced functionality and flexibility in command-line options:
-v
flag for checking tool versions.-f
flag to specify a file containing subdomains, effectively addressing and closing Issues #1 and #4.-s
flag; subdomain enumeration is now the default behavior.-a
flag to automatically initiate complete enumeration by default, addressing and closing Issue #16.@0x71rex, @mr-vill4in, @Pxmme and @CicadaMikoto.
Thank you to our community for the continuous feedback and support that helps us improve and push boundaries with each version.
Published by h4r5h1t 9 months ago
Special thanks to Jaggar Henry for the responsible disclosure of this issue.
Users are advised to update to v1.0.1 immediately. For details, see the README or run webcopilot -h
.
Your feedback and contributions help make WebCopilot safer and better.
Published by h4r5h1t 9 months ago
We are excited to announce the first official release of WebCopilot, v1.0.0. WebCopilot is a comprehensive tool designed for security professionals and penetration testers to automate the process of subdomain enumeration and vulnerability scanning.
assetfinder
, sublist3r
, subfinder
, and amass
to discover subdomains efficiently.gobuster
for DNS brute-forcing to uncover active subdomains.httpx
, nuclei
, and dalfox
to identify potential security vulnerabilities in identified subdomains.WebCopilot is designed to be user-friendly with a straightforward CLI interface. For detailed usage instructions, please refer to the README.md file or use the -h
flag to get help directly in the terminal.
This release marks the beginning of official versioning for WebCopilot. Future releases will include more features, enhancements, and fixes based on community feedback and ongoing development.
We welcome contributions, feedback, and suggestions from the community to make WebCopilot even better. Please feel free to open issues or pull requests on GitHub.
Thank you for supporting WebCopilot!