Declutters URLs in a lightning fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.
godeclutter is a very simple tool that will take a list of URLs, clean those URLs, and output the unique URLs that are present. This will reduce the number of requests you will have to make to your target website, and also filter URLs that are most likely uninteresting.
godeclutter will perform the following steps on your URL host section:
- Clean http:// URLs pointing to the default SSL port (443) and vice-versa, since they are mostly CDN error pages.
- Clean port notation of URLs pointing to the default protocol ports, since those ports are already implied by the protocol scheme. (such as :443 and :80)
- Clean http:// URLs if a https:// to the same host and port is present, since 99,9% of those cases will just be a redirect to https://.
- Remove uninteresting media extensions such as png, jpg, css, etc. (This one will keep .js files since those are sometimes interesting)
- Sort query parameters
- Lowercase all schemes and hostnames, since upper-casing is irrelevant for those.
- Replace all lower-case URI encoding escapes to upper-case, to maintain a standard.
- Decode unnecessary escapes for characters that are not special in the URL context (i.e http://example.com/%41 ).
- Remove empty query strings (i.e http://example.com/? )
- Remove trailing slashes, this is rather aggressive but filters a lot of un-interesting duplicates on the majority of the cases. (i.e http://host/path/ -> http://host/path)
- Normalize dot segments, also rather aggressive but useful when working with dirty sources. (http://host/path/./a/b/../c -> http://host/path/a/c)
go install github.com/c3l3si4n/[email protected]
You can send URLs by sending them to stdin.
arch ~> cat test_urls.txt https://22.214.171.124:443/ http://126.96.36.199/ http://188.8.131.52:80/ https://184.108.40.206:443/ https://220.127.116.11:80/ https://18.104.22.168:8443/ https://22.214.171.124:8443/ https://126.96.36.199:443/ https://188.8.131.52:8443/ https://184.108.40.206:8443/ https://220.127.116.11:443/? http://18.104.22.168:443/? https://22.214.171.124:80/?a https://126.96.36.199:443/? https://188.8.131.52:443/? https://184.108.40.206:443/?1=1 https://220.127.116.11:443/?a=a&b=1 https://18.104.22.168:443/?a=a&b=1 https://22.214.171.124:443/a.js?a=a&b=1 https://126.96.36.199:443/fiqef.html?a=a&b=1 https://188.8.131.52:443/fmef.jpg?b=1&a=a https://184.108.40.206:443/?b=1&a=a https://220.127.116.11:443/a.js? https://18.104.22.168:443/a.jpg https://22.214.171.124:8443/ https://126.96.36.199:443/ arch ~> cat test_urls.txt | godeclutter -b -c -p https://188.8.131.52/ https://184.108.40.206:8443/ https://220.127.116.11/?1=1 https://18.104.22.168/?a=a&b=1 https://22.214.171.124/a.js?a=a&b=1 https://126.96.36.199/fiqef.html?a=a&b=1 https://188.8.131.52/a.js arch ~> arch ~>
$> ./godeclutter -h Usage of ./godeclutter: -b Blacklist Extensions - clean some uninteresting extensions. (default true) -c Clean URLs - Aggressively clean/normalize URLs before outputting them. -p Prefer HTTPS - If there's a https url present, don't print the http for it. (since it will probably just redirect to https)
- @s0md3v for making uro
- @PuerkitoBio for making the amazing purell go library
- @ameenmaali for making urldedupe which was one of the first tools for doing that kind of work.