DOMAIN='codebykate.com'
HOST='codebykate.com'
PROTO='https'
APP_PATH='/'
IP=`dig +short ${HOST}`
# Go down the list, gathering what information we can and saving it to a log.
# Identify what plugins BlindElephant can use (in case we need them later)
cat <<EOF
##
## Blind Elephant
##
EOF
# BlindElephant.py --updateDB
# BlindElephant.py --list
# Start by gathering local information
cat <<EOF
##
## ARP Scan
##
EOF
# arp-scan -l
# Look for other hosts on the same domain
cat <<EOF
##
## Blind Elephant
##
EOF
# dnsrecon -d "${DOMAIN}" -D /usr/share/wordlists/dnsmap.txt -t std --xml dnsrecon.xml
# Identify versions on open ports, starting with common ports (as we expect a webapp)
cat <<EOF
##
## AMAP
##
EOF
# amap -bqv ${IP} 80 443 8443 8080 3306 5432
# Portscanning, in case that misses something
cat <<EOF
##
## NMAP
##
EOF
# nmap -v -A -sV ${IP}
cat <<EOF
##
## Skipfish
##
EOF
skipfish -o skipfish "${PROTO}://${HOST}${APP_PATH}"
xdg-open skipfish/index.html- Skipfish
- OSWAP-ZAP
- Blind Elephant (generic webapp identifier)
apache-users (checking userdirs)
- jboss-autopwn
- wpscan
- joomscan