1 . Introduction
2 . My Setup
3 . What is waybackurls?
4 . Why use waybackurls?
5 . How to use waybackurls?
6 . Summary
This post is designed to introduce you to the tool waybackurls.
Welcome to the thirty-first blog post of 100 tools in 100 days.
Find waybackurls here.
Tom Hudson created waybackurls, and a bunch of other cool tools you will see in future posts.
Find Tom Hudson here:
Slightly Outdated Website
2. My Setup
For running the waybackurls tool, I used Kali Linux in a VMware Workstation 16 Player virtualized environment.
3. What is waybackurls?
waybackurls is a tool for grabbing URLs from the Internet Archives Way Back Machine. You can find the Way Back Machine here.
4. Why use waybackurls?
Finding old domains is usually a form of reconnaissance for any penetration tester. Using waybackurls a tester could grab all of the URLs from waybackmachine with a simple command.
The tester could output the URLs into a file where further sorting and analysis could be performed to find information from less current sections of the website.
5. How to use waybackurls?
waybackurls is written in the Go language and uses the go install feature for downloading and installing.
If you do not have Go installed or do not have your variables set up for running go binaries perform Step 0 first.
Step 0 (a):
Run the following command to install Go:
sudo apt install -y golang
Step 0 (b):
Next, update your .zshrc file (the file used for Kali, if you are not
using .zshrc then update .bashrc). Type the following:
sudo nano ~/.zshrc
Press the down arrow to your export section and add the following:
Press: Enter <br>
Step 0 (c):
Update your source file for your current shell by typing the following into your terminal:
To verify GO was installed, in terminal type:
Install waybackurls with the following command:
go install github.com/tomnomnom/waybackurls@latest
You should be able to use the command
waybackurls at this point.
If you cannot, a temporary fix is to run the binary from its path which is:
For this demonstration, I am going to use the domain: neopets.com and
output the URLs into a file named neopets. Here is the command:
waybackurls neopets.com > neopets
waybackurls was able to pull 14798 URLs into the file neopets!
That is a lot of URLs to analyze.
With this information, a tester or analyst could use other various Linux commands to filter out information, or they could input this file into a data analysis tool to look for specific items of interest.
waybackurls is a simple URL grabber for the Way Back Machine written in the Go Language by Tom Hudson. Check out Tom’s GitHub here.
A penetration tester may use waybackurls to find information during reconnaissance that may help during the test.
An analyst may use waybackurls to interact with less updated versions of a website to find security issues.
I hope you enjoyed this blog post.
Thanks for reading!
If you have suggestions for what tool to cover next, contact me!