currently when running an A-scan, in a and then a B scan, it takes the content of the A scan, and so does A+B, it would have to empty the osint files etc

Currently, when a user runs the "scan" command, it executes gobuster and nuclei

the behaviour is OK but the gobuster logs are too verbose, only the status code 200 should be displayed

add possibility to run httpx + gowitness on list

Cuz there are many useful command

run gowitness on all domains found and run report serve (port 7272) and open browser on http://localhost:7272

gowithness need to have Chrome Headless to generate screenshots

@TomChv

cat *.gnmap | grep http | awk '{ print $2; }' | uniq | httpx -title -content-length -content-type -status-code -tech-detect -sr -srd ./httpx-responses -vhost -websocket -follow-redirects -ports 25,80,81,135,389,443,1080,3000,3306,8080,8443,8888,9090,8089 -retries 2 -timeout 8 -threads 50 -o httpx-redirects.txt

subfinder -silent -d <target> | dnsx -silent -rcode noerror,servfail,refused

dnsx -l hosts.txt -resp -a -aaaa -cname -mx -ns --soa -txt | awk '{ print $2; }' | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort -u | uniq > ips.txt

run this command curl -s https://crt.sh/\?q\=%25.<DOMAIN.COM>\&output\=json | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u

At the moment httpx and other project discovery tool add user agent in http request, I would like to have one that goes everywhere, at the moment it is not very opsec :

if u check /tmp we got this, can be nice to delete them

as go package, store result in file and merge with other of domains found

Yelaa uses tools in the form of go packages ( gobuster, gowitness etc )

the problem is that, when we create a proxysocks tunnel, and we do proxychains ./Yelaa osint -d smersh.app for example, the screenshots will be made with the user ip, and not the proxy ip

We should make sure that the packages use the proxysocks if it exists

check if nuclei etc are available

Hi,
I installed your tool using the go install command
When executing a scan, the tool returns the following error :
"Wordlist not found" (main.go, line 314)
I guess the tool looks for the list in the current user directory

The list exists on the system and is located in /home/{user}/go/pkg/mod/github.com/!c!m!e!p!w/[email protected]/yelaa.txt
Idea: if list not found, search for /home/{user}/go/pkg/mod/github.com/!c!m!e!p!w/!yelaa@v*/yelaa.txt
Thanks !

currently gobuster defaults to brute force on the yelaa wordlist, it might be nice to be able to use a home-made wordlist

List : Linux, osx, windows

we should add some tools/command for web part, for recon ( subdomain etc )

As part of the red team mission, we change IP very regularly, it should be specified for each tool which IP is used

It could be cool to have a web interface that shows us the domains, once we click on them we see the associated screenshot and the result of the csv file of the scan command

we need to export all data in multiple format ( csv,json,and create node for each domain in cherytree file )

https://www.giuspen.com/cherrytree/

We just need env variable in the path

the exemple in sh is export CLIENT='X'

Remplace dirsearch by gobuster
Use nuclei as package instead of path variable