Gau (GetAllUrls)
Fetch known URLs from AlienVault OTX, Wayback Machine, and Common Crawl
Recon & OSINT10 commands
#recon#urls#wayback#archives#osint
Installation
1Install using Go
2Download from releases
3Verify installation
# Using Go
go install github.com/lc/gau/v2/cmd/gau@latest
# Verify
gau --version
# Update to latest
go install github.com/lc/gau/v2/cmd/gau@latestBasic Usage
Fetch all known URLs for a domain from public archives
# Single domain
gau example.com
# Multiple domains from file
cat domains.txt | gau
# Fetch from specific providers
gau --providers wayback,otx,commoncrawl example.com
# With subdomains
gau --subs example.com
# Save to file
gau example.com -o urls.txt
# Filter by status code
gau example.com --fc 404Command Reference
10 commands
1Data sources (wayback,otx,commoncrawl)
--providers2Include subdomains
--subs3Filter status codes
--fc4Output file
--o5Number of retries on failure
--retries6Request timeout
--timeout7Concurrent requests
--concurrent8Exclude extensions
--blacklist9Number of threads
--threads10Verbose output
--verboseWhen to Use
1
Collecting URLs before vulnerability scanning2
Building a wordlist of valid endpoints3
Discovering hidden API endpoints4
Finding old endpoints still accessible5
Recon phase of bug bounty huntingNotes & Tips
1
Combines data from multiple archive sources2
Much faster than fetching from each source individually3
Use --subs to include all discovered subdomains4
Results can be piped directly into tools like gf or dalfoxCommon Errors & Solutions
No results found
Try with --subs flag, some domains only have data from certain providers
Rate limited
Reduce concurrent requests with --concurrent flag and increase --retries