How to Install Apache, MySQL, and PHP on Ubuntu 24.04 LTS
June 17, 2025How to Install or Update Python on Kali Linux
June 18, 2025
How to Use GAU (GetAllUrls) on Kali Linux
🛡️ Important: GAU should only be used for ethical purposes, such as authorized security testing, bug bounty programs, or educational research. Never run recon tools like GAU against systems you don’t own or have explicit permission to test. This guide assumes you’re using GAU responsibly and legally.
What is GAU?
GAU (GetAllUrls) is a powerful recon tool for bug bounty hunters and penetration testers. It fetches known URLs for a given domain from public sources like Wayback Machine, Common Crawl, and AlienVault’s OTX. In this guide, we’ll install GAU on Kali Linux and run it directly from the terminal.
What is GAU Used For?
GAU (GetAllUrls) is a passive recon tool widely used in bug bounty hunting and web security testing. It collects archived URLs related to a target domain from public sources, helping uncover endpoints that might not appear in a typical scan.
🔍 Use Cases
- Find old, forgotten, or deprecated endpoints
- Discover URLs with query parameters (e.g.,
?id=,?page=,?redirect=) - Uncover hidden directories and paths for deeper testing
- Build custom wordlists for brute-force tools like
ffuf - Feed into tools like
httpx,gf, orsqlmapfor active testing
🧠 How GAU Works
GAU pulls URLs from open web archives and intelligence sources like:
- Wayback Machine (archive.org)
- Common Crawl
- AlienVault OTX
- URLScan.io
🧰 Example Usage
gau example.com | grep "=" | tee urls-with-params.txtThis command fetches all URLs for example.com, filters ones that have query parameters, and saves them for later testing (e.g., XSS, LFI, open redirects).
1. Install GAU
You can install GAU via Go. First, ensure Golang is installed:
sudo apt update sudo apt install golang
Then install GAU using Go:
go install github.com/lc/gau/v2/cmd/gau@latestMake sure your Go bin path is added to your shell profile:
echo 'export PATH=$PATH:$(go env GOPATH)/bin' >> ~/.bashrc source ~/.bashrc2. Run GAU on a Target
To fetch URLs for a domain, simply run:
gau example.comThis pulls all known URLs associated with example.com. You can redirect the output to a file:
gau example.com > urls.txt3. Filter Useful Endpoints
You can use grep to filter interesting URLs, such as those with query parameters:
cat urls.txt | grep "="Or limit results to a specific file type:
cat urls.txt | grep ".php"4. Combine with Other Tools
GAU works well in recon chains. Pipe results to tools like httpx or gf for vulnerability pattern matching:
gau example.com | httpx -silentOr:
gau example.com | gf xssThis command uses gau to gather archived URLs for example.com and pipes the output into gf with the xss template. GF is a pattern-matching tool that filters out URLs with potentially interesting query parameters commonly associated with cross-site scripting, like ?q=, ?search=, or ?input=. It’s a fast way to narrow down large URL lists to high-priority XSS targets during recon.
Wrap-Up
GAU is a simple but powerful tool to expand your attack surface discovery. Pair it with grep, httpx, and pattern matchers to automate early-stage recon on Kali Linux. It’s fast, easy to use, and great for scripting into larger toolchains.
