bounty.yaml

vars:
  URL: "urls.txt"
  USAGE: "rayder -w workflow.yaml URL=urls.txt"

parallel: false

modules:  

  - name: gau
    silent: true
    cmds:
      - cat {{URL}} | gauu | tee gau_result.txt

  - name: katana 
    silent: true
    cmds:
      - cat {{URL}} | katana -d 5 -jc -jsl -xhr -kf all -fx -fs dn | tee katana_result.txt
  
  - name: conform
    silent: true
    cmds:
      - cat gau_result.txt katana_result.txt | anew | tee urls_result.txt

  - name: sensitive
    silent: true
    cmds:
      - cat urls_result.txt | gff intersting_ext_bounty | httpx -silent -fc 404 | tee sensitive_result.txt

  - name: lfi
    silent: true
    cmds:
      - cat urls_result.txt | gff lfi | uro | sed 's/=.*/=/' | anew | nuclei -t ~/nuclei-tripse/dast/lfi/ -dast | tee lfi_result.txt

  - name: sqli
    silent: true
    cmds:
      - cat urls_result.txt | gff sqli | uro | sed 's/=.*/=/' | anew | nuclei -t ~/nuclei-tripse/dast/sqli/ -dast | tee sqli_result.txt

  - name: xss
    silent: true
    cmds:
      - cat urls_result.txt | gff xss | uro | sed 's/=.*/=/' | anew | dalfox pipe -o xss_result.txt
  
  - name: ssrf
    silent: true
    cmds:
      - cat urls_result.txt | gff ssrf | uro | sed 's/=.*/=/' | anew | nuclei -t ~/nuclei-tripse/dast/ssrf/ -dast | tee ssrf_result.txt
    
  - name: rce
    silent: true
    cmds:
      - cat urls_result.txt | gff rce | uro | sed 's/=.*/=/' | anew | nuclei -t ~/nuclei-tripse/dast/cmdi/ -dast | tee rce_result.txt

  - name: ssti
    silent: true
    cmds:
      - cat urls_result.txt | gff ssti | uro | sed 's/=.*/=/' | anew | nuclei -t ~/nuclei-tripse/dast/ssti/ -dast | tee ssti_result.txt
  
  - name: nuclei
    silent: true
    cmds:
      - cat urls_result.txt | nuclei -t ~/nuclei-tripse/bounty | tee bounty_template_result.txt

  - name: clean
    silent: true
    cmds:
      - rm -rf gau_result.txt katana_result.txt