Skip to main content
MySeq

PD: Installation

·322 words·2 mins
Posts 101 projectdiscovery
Table of Contents
Project_Discovery - This article is part of a series.
Part 1: This Article
Part 2: PD: Quick Run
ProjectDiscovery (PD) is a solution for attack surface management (ASM) and vulnerability scanning by open-source community.

PD follows UNIX philosophy: creating small, fast, and modular tools that do one thing exceptionally well and can be piped together into automated workflows.

There are 3 core pillars in PD:

  1. Asset Discovery & Reconnaissance: To find everything a company owns on Internet. Tools used: Subfinder, HTTPX, Naabu.

  2. Vulnerability Scanning: To uncover and validate vulnerabilities including “zero-day”. Tools used: Nuclei, Cent.

  3. Cloud & Infrastructure: To fetch assets from cloud providers using API keys. Tool used: Cloudlist.

Most tools in PD are written in Go and designed to handle massive scale. And all tools in PD support JSON output and stdin/stdout. This simplify the effort to chain them together in BASH scripting or running at cmdline.

A typical security engineer can use PD tools to find all subdomains (subfinder), to see which ports (naabu) are open on those subdomains, to identify (https) any web server including what technology used, and to scan (nuclei) for know vulnerabilities or misconfigurations.

Prerequisites
#

The most efficient way to manage the ProjectDiscovery suite is through their official ProjectDiscovery Tool Manager (pdtm).

And all PD tools require Go (Golang) version 1.21 or higher to run.

% sudo apt update && sudo apt upgrade -y
% wget https://go.dev/dl/go1.22.2.linux-amd64.tar.gz
% sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.22.2.linux-amd64.tar.gz
% echo 'export PATH=$PATH:/usr/local/go/bin:$(go env GOPATH)/bin' >> ~/.zshrc
% source ~/.zshrc

Verify with: go version

Installation: PDTM
#

Install pdtm using Go.

% go install -v github.com/projectdiscovery/pdtm/cmd/pdtm@latest

Verify with: pdtm -version

Installation: Tools
#

Use pdtm to download and install all the binaries.

% pdtm -ia

All tools are install in ~/.pdtm/go/bin/. Add this to PATH.

% echo 'export PATH=$PATH:$HOME/.pdtm/go/bin' >> ~/.zshrc
% source ~/.zshrc

Verify the installation: subfinder -h, httpx -version, nuclei -version

To keep all tools fresh, just run: pdtm -ua

Links#

Project_Discovery - This article is part of a series.
Part 1: This Article
Part 2: PD: Quick Run

Related

Linux Container (LXC)
·270 words·2 mins
Posts 101 lxc proxmox
Explore to the LXC for efficiency and smart cloning.
NodeJS 101
·389 words·2 mins
xx
Posts 101 nodejs ubuntu
See how I setup node.js on Ubuntu 22.04 (Jammy)
Mistake in List Iteration
·169 words·1 min
Posts 101 python
Unexpected behaviour in your Python loops.