Last active
February 15, 2024 21:30
-
-
Save LuD1161/66f30da6d8b6c1c05b9f6708525ea885 to your computer and use it in GitHub Desktop.
Setup Bug Bounty Tools on AWS instance / any VPS for that matter
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Execute as wget -O - https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885/raw | bash | |
# # Thanks JeffreyShran for the gist url thing | |
# | |
# | |
# It's debian based, so for centos and likewise you have to change apt to yum and similarly | |
# | |
InstallationStartTime=$(date +%s) | |
#### COLORS #### ( Taken from : https://misc.flogisoft.com/bash/tip_colors_and_formatting ) | |
NORMAL='\e[0m' | |
RED='\e[31m' | |
LIGHT_GREEN='\e[92m' | |
LIGHT_YELLOW='\e[93m' | |
BLINK='\e[5m' | |
BOLD='\e[1m' | |
UNDERLINE='\e[4m' | |
############### | |
mkdir ~/tools | |
apt update -yq && apt upgrade -yq # Do it manually, cause there are some whiptail menus that aren't automated yet and | |
# thus cause problems | |
# change python3 to python and set priority of 10 - https://stackoverflow.com/a/50331137 | |
update-alternatives --install /usr/bin/python python /usr/bin/python3 10 | |
apt install -yq wget unzip curl screen git gcc make libpcap-dev python3-pip clang nmap python3-dev build-essential libssl-dev libffi-dev python3-venv p7zip-full p7zip-rar tree software-properties-common | |
apt-add-repository -y ppa:rael-gc/rvm | |
pip3 install rdpy==1.3.2 | |
timedatectl set-timezone Asia/Kolkata | |
apt install -y golang-go | |
cd ~/tools | |
git clone https://github.com/jordanpotti/CloudScraper.git && echo -e "\n${LIGHT_YELLOW}Installing CloudScraper's requirements.txt ${NORMAL}\n" | |
pip3 install -r CloudScraper/requirements.txt | |
echo -e "\n${LIGHT_YELLOW}Installing SubFinder${NORMAL}\n" | |
GO111MODULE=on go get -v -u github.com/projectdiscovery/subfinder/v2/cmd/subfinder | |
cd ~/tools | |
git clone https://github.com/blechschmidt/massdns.git && echo -e "\n${LIGHT_YELLOW}Making and copying massdns to /usr/bin/ ${NORMAL}\n" | |
cd massdns | |
make | |
if [ $? -eq 0 ]; then | |
mv /root/tools/massdns/bin/massdns /usr/bin/ && cd - # go back to main directory | |
mkdir /root/tools/massdns_lists | |
mv /root/tools/massdns/lists/* /root/tools/massdns_lists/ | |
rm -rf massdns | |
echo -e "\n${LIGHT_YELLOW}Installed massdns ${NORMAL}\n" | |
else | |
echo -e "\n${LIGHT_YELLOW}Try reinstalling massdns manually ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}RUN : git clone https://github.com/blechschmidt/massdns.git ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}And then cd into the directory and issue make command ${NORMAL}\n" | |
fi | |
echo -e "\n${LIGHT_YELLOW}Proceeding with installation of masscan ${NORMAL}\n" | |
git clone https://github.com/robertdavidgraham/masscan.git && echo -e "\n${LIGHT_YELLOW}Making masscan ${NORMAL}\n" | |
cd masscan | |
make -j | |
if [ $? -eq 0 ]; then | |
mv ./bin/masscan /usr/bin/ && cd - # go back to main directory | |
rm -rf masscan && echo -e "\n${LIGHT_YELLOW}Deleted masscan github local clone ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}Installed masscan ${NORMAL}\n" | |
else | |
echo -e "\n${LIGHT_YELLOW}Try reinstalling masscan manually ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}RUN : git clone https://github.com/robertdavidgraham/masscan.git ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}And then cd into the directory and issue make command ${NORMAL}\n" | |
fi | |
echo -e "\n${LIGHT_YELLOW}Installing of ffuf${NORMAL}\n" | |
go get -v -u github.com/ffuf/ffuf | |
echo -e "\n${LIGHT_YELLOW}Installing subjack${NORMAL}\n" | |
go get -v -u github.com/haccer/subjack | |
go get -v -u github.com/tomnomnom/waybackurls && echo -e "\n${LIGHT_YELLOW}Got waybackurls ;) ${NORMAL}\n" | |
mv ~/go/bin/waybackurls /usr/bin/ | |
if [ $? -eq 0 ]; then | |
echo -e "\n${LIGHT_YELLOW}Installed waybackurls ${NORMAL}\n" | |
else | |
echo -e "\n${LIGHT_YELLOW}Try reinstalling waybackurls manually ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}RUN : go get github.com/tomnomnom/waybackurls && echo \"Got waybackurls ;)\" ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}Then move the binary from ~/go/bin/ to /usr/bin/ ${NORMAL}\n" | |
fi | |
git clone https://github.com/x90skysn3k/brutespray.git && echo -e "\n${LIGHT_YELLOW}Cloned Brutespray ${NORMAL}\n" | |
apt install amass -y | |
if [ $? -eq 0 ]; then | |
echo -e "\n${LIGHT_YELLOW}Installed amass ${NORMAL}\n" | |
rm amass.zip | |
else | |
echo -e "\n${LIGHT_YELLOW}Try redownloading amass ${NORMAL}\n" | |
fi | |
apt-get install -yq bc locate dnsutils apache2 | |
cd ~/tools & echo -e "\n${LIGHT_YELLOW}Cloning JS-scan ${NORMAL}\n" | |
git clone https://github.com/zseano/JS-Scan.git | |
chmod o+x JS-Scan | |
ln -s "/root/tools/JS-Scan" /var/www/html/JS-Scan | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning bucketkicker ${NORMAL}\n" | |
git clone https://github.com/craighays/bucketkicker.git | |
pip3 install -r ~/tools/bucketkicker/requirements.txt | |
echo -e "\n${LIGHT_YELLOW}Installing trufflehog ${NORMAL}\n" | |
pip3 install truffleHog | |
echo -e "\n${LIGHT_YELLOW}Installing wafw00f ${NORMAL}\n" | |
pip3 install wafw00f | |
echo -e "\n${LIGHT_YELLOW}Installing whatweb ${NORMAL}\n" | |
apt-get install -yq whatweb | |
echo -e "\n${LIGHT_YELLOW}Installing snallygaster ${NORMAL}\n" | |
pip3 install snallygaster | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning CloudFlare-Enum ${NORMAL}\n" | |
git clone https://github.com/mandatoryprogrammer/cloudflare_enum.git | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning AWS-Bruteforcer ${NORMAL}\n" | |
git clone https://github.com/Ucnt/aws-s3-data-finder.git | |
cd aws-s3-data-finder && pip3 install -r requirements.txt | |
cd ~/tools | |
# Although cloning Goohak and GoogD0rker but need to make a workaround for google's IP restriction on advanced search | |
# Cause these are not working for me | |
echo -e "\n${LIGHT_YELLOW}For Goohak and GoogD0rker pip3 install google ${NORMAL}\n" | |
pip3 install google | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning Goohak ${NORMAL}\n" | |
git clone https://github.com/1N3/Goohak.git | |
chmod +x Goohak/goohak | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning GoogD0rker${NORMAL}\n" | |
# Do not use currently it's a WIP | |
git clone https://github.com/ZephrFish/GoogD0rker.git | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing brakeman : For RoR applications ${NORMAL}\n" | |
# Alternative : gem install brakeman | |
# Using git method so as to install the latest brakeman | |
git clone https://github.com/presidentbeef/brakeman.git | |
cd brakeman | |
gem build brakeman.gemspec | |
yes | gem install brakeman-*.gem | |
mv ~/tools/brakeman/bin/brakeman /usr/local/bin/ | |
mv ~/tools/brakeman/bin/codeclimate-brakeman /usr/local/bin/ | |
rm -rf ~/tools/brakeman | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing gitleaks${NORMAL}\n" | |
go get -v -u github.com/zricethezav/gitleaks | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Downloading aquatone binary${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}Check the latest binaries at : https://github.com/michenriksen/aquatone/releases${NORMAL}\n" | |
curl -s https://api.github.com/repos/michenriksen/aquatone/releases/latest | grep "browser_download_url.*linux_amd" | cut -d : -f 3- | tr -d \" | wget -qi - | |
unzip aquatone_linux_amd64*.zip | |
rm aquatone_linux_amd64*.zip | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing chromium for aquatone${NORMAL}\n" | |
apt-get install -y chromium | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Getting all wordlists from gdrive, wordlists contain jhaddix's all.txt and massdns as well as subrute's names.txt ${NORMAL}\n" | |
mkdir wordlists | |
wget "https://drive.google.com/uc?export=download&id=1X1TTZhxfiLyqrI1Vrw0_DdhFfl3LzsbX" -O all_resolvers.zip | |
unzip -o all_resolvers.zip -d wordlists | |
rm all_resolvers.zip | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Downloading dirbuster wordlists ${NORMAL}\n" | |
wget "https://drive.google.com/uc?export=download&id=1KbxiE_RFZCDpBDKAJbWeG6NXe7YNtCIc" -O all_wordlists.zip | |
unzip -o all_wordlists.zip -d wordlists | |
rm all_wordlists.zip | |
# Finally when all is set and folder's deleted | |
# Get the scripts, it's in a gist | |
echo -e "\n${LIGHT_YELLOW}Getting the scripts ;\) ${NORMAL}\n" | |
wget "https://codeload.github.com/gist/8182f825bd91344ce4c2bf5e2acdf2b3/zip/9bd795e4824794d0a61f8805d48572b833b10353" -O scripts.zip | |
unzip -j scripts.zip -d scripts | |
chmod +x ~/tools/scripts/* | |
rm scripts.zip | |
cd ~/tools | |
wget -O master_script.sh "https://gist.github.com/LuD1161/0a85aef8e27e4a7644fd4b69efb62caa/raw" | |
chmod +x master_script.sh | |
wget -O nmap-input-file-creator.py "https://gist.github.com/LuD1161/dbc44c6c028de2f0cbae9e737af5aa1e/raw" | |
chmod +x nmap-input-file-creator.py | |
apt autoremove -y | |
echo -e "\n${LIGHT_YELLOW}Building nmap from git ${NORMAL}\n" | |
cd ~/tools | |
git clone https://github.com/nmap/nmap.git | |
cd nmap && sh ./configure | |
make | |
make install | |
echo -e "\n${LIGHT_YELLOW}Installing wpscan requirements ${NORMAL}\n" | |
apt-get -yq install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev libgmp-dev zlib1g-dev gcc git ruby make software-properties-common | |
apt-add-repository -y ppa:rael-gc/rvm | |
apt-get -yq update | |
apt-get -yq install rvm | |
cd ~ | |
source /etc/profile.d/rvm.sh | |
rvm install 2.5.1 | |
rvm use 2.5.1 --default | |
echo -e "gem: --no-ri --no-rdoc" > ~/.gemrc | |
#echo -e "source /usr/local/rvm/scripts/rvm" >> ~/.bashrc | |
cd ~/tools | |
echo -e "${LIGHT_YELLOW}Cloning wpscan ${NORMAL}" | |
git clone https://github.com/wpscanteam/wpscan.git | |
cd wpscan | |
yes | gem install bundler | |
bundle install --without test | |
echo -e "${LIGHT_YELLOW}Setting ulimit to 100000 ${LIGHT_GREEN}( so as to make ffuf work fine with higher number of threads ) ${NORMAL}" | |
echo "ulimit -n 100000" >> ~/.bashrc | |
### Install searchsploit #### | |
echo -e "\n${LIGHT_YELLOW}Installing searchsploit${NORMAL}\n" | |
mkdir /opt | |
git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb | |
sed 's|path_array+=(.*)|path_array+=("/opt/exploitdb")|g' /opt/exploitdb/.searchsploit_rc > ~/.searchsploit_rc | |
ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit | |
### Downloading SecLists #### | |
echo -e "\n${LIGHT_YELLOW}Downloading SecLists${NORMAL}\n" | |
cd ~/tools | |
git clone https://github.com/danielmiessler/SecLists.git | |
InstallationCompletionTime=$(date +%s) | |
echo -e "\n${LIGHT_YELLOW}Setting up GOPATH and GO bin in path ${NORMAL}\n" | |
echo "export GOPATH=$HOME/go" >> $HOME/.profile | |
echo "PATH=$PATH:/root/tools:$GOPATH/bin" >> $HOME/.profile | |
source $HOME/.profile | |
source $HOME/.bashrc | |
echo -e "${LIGHT_GREEN}Setup Complete Bug Bounty tools :) :) ${NORMAL}\n" | |
echo -e "${BOLD}Usage : ./master_script.sh domain basic|advanced${NORMAL}\n" | |
echo -e "Total Time taken : ${LIGHT_GREEN}$(( $InstallationCompletionTime-$InstallationStartTime )) ${NORMAL}seconds" | |
echo -e "\n${LIGHT_YELLOW}e.g. ./master_script.sh example.com basic|advanced ${NORMAL}\n" | |
echo -e "\n" | |
echo -e "${RED}Don't forget to add subfinder's config.json at ~/.config/subfinder/config.json${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}Also check for aquatone's latest binaries at : https://github.com/michenriksen/aquatone/releases${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}Enjoy :) ${NORMAL}\n" |
Woah ! Thanks mate, I didn't ever think someone would really care to look
at that.
…On Fri, 13 Dec, 2019, 10:23 pm tooth_N_tail, ***@***.***> wrote:
In regards to your comment above:
https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885#file-setup_bbty-sh-L6
This should help: https://stackoverflow.com/a/37997658
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://gist.github.com/66f30da6d8b6c1c05b9f6708525ea885?email_source=notifications&email_token=AEIITPSPVA66VIP5DOHDI2DQYO42LA5CNFSM4J2QIOHKYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAF53VQ#gistcomment-3110744>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEIITPS2XIQJS2M4KEEWXKTQYO42LANCNFSM4J2QIOHA>
.
nice script
This is awesome
hey can you update it with new tools and new go upgradation and go language? if it is possible
Hey @Jaypanchal2233
Sure. working on the Recon methodology from TESS. will have a script and video soon 😃
Thanks @ManasHarsh , @n4vn337 🙌 😄
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In regards to your comment above: https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885#file-setup_bbty-sh-L6
This should help: https://stackoverflow.com/a/37997658