lukeswitz · December 22, 2023 14:36
diff --git a/CyberRecon.sh b/CyberRecon.sh
 #!/bin/bash

 ##########################################################
 # CyberRecon.sh
 # Comprehensive Cybersecurity Reconnaissance Script
 #
 # Description:
 # This script performs a detailed cybersecurity reconnaissance and scanning 
 # for a given target domain. It integrates various tools to enumerate 
 # subdomains, analyze DNS, scan web endpoints, identify vulnerabilities, 
 # and perform port scanning. The results are compiled into a report, 
 # and notifications are sent via Discord.
 #
 # Usage:
 # ./CyberRecon.sh <target-domain>
 # Example: ./CyberRecon.sh example.com
 #
 # Output:
 # All findings are stored in a target-specific directory under ./scans/.
 # A final report is compiled in the same directory for easy review.
 #
 # Prerequisites:
 # - Ensure all required tools (amass, subfinder, github-subdomains, etc.) are installed.
 # - Set the 'DISCORD_WEBHOOK_URL' to your Discord webhook for notifications.
 #
 # Author: @lukeswitz
 # Created: 22_DEC_2023
 # Last Updated: 22_DEC_2023
 ##########################################################

 # Check for input parameter
 if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <target-domain>"
    exit 1
 fi

 TARGET_DOMAIN="$1"
 DISCORD_WEBHOOK_URL="your_discord_webhook_url"

 # Directory setup for new target
 WORKING_DIR="./scans/$TARGET_DOMAIN"
 mkdir -p $WORKING_DIR

 # Output files setup
 SUBDOMAINS_FILE="$WORKING_DIR/subdomains.txt"
 DNS_ANALYSIS_FILE="$WORKING_DIR/dns_analysis.txt"
 WEB_ENDPOINTS_FILE="$WORKING_DIR/web_endpoints.txt"
 VULNERABILITY_FILE="$WORKING_DIR/vulnerabilities.txt"
 PORT_ENUM_FILE="$WORKING_DIR/port_enum.txt"
 FINAL_REPORT="$WORKING_DIR/final_report.txt"

 # Function to Notify via Discord
 notify_discord() {
    curl -H "Content-Type: application/json" -d "{\"content\": \"$1\"}" $DISCORD_WEBHOOK_URL
 }

 # Clearing previous data
 > $SUBDOMAINS_FILE
 > $DNS_ANALYSIS_FILE
 > $WEB_ENDPOINTS_FILE
 > $VULNERABILITY_FILE
 > $PORT_ENUM_FILE
 > $FINAL_REPORT

 # Domain and Subdomain Enumeration
 echo "Starting Domain and Subdomain Enumeration..."
 amass enum -d $TARGET_DOMAIN -o $WORKING_DIR/amass.txt
 subfinder -d $TARGET_DOMAIN -o $WORKING_DIR/subfinder.txt
 github-subdomains -d $TARGET_DOMAIN -o $WORKING_DIR/githubsubdomains.txt
 findomain -t $TARGET_DOMAIN -o $WORKING_DIR/findomain.txt
 assetfinder --subs-only $TARGET_DOMAIN | tee $WORKING_DIR/assetfinder.txt

 # Combine and sort the results
 cat $WORKING_DIR/*.txt | sort -u > $SUBDOMAINS_FILE

 # DNS Analysis and History
 echo "Starting DNS Analysis and History..."
 rapid_dns -d $TARGET_DOMAIN | tee -a $DNS_ANALYSIS_FILE
 crt.sh -d $TARGET_DOMAIN | tee -a $DNS_ANALYSIS_FILE
 dnsx -l $SUBDOMAINS_FILE -o $WORKING_DIR/dnsx.txt
 massdns -r lists/resolvers.txt -t A -o S -w $WORKING_DIR/massdns.txt $SUBDOMAINS_FILE
 puredns bruteforce subdomains-top1million.txt $TARGET_DOMAIN --resolvers lists/resolvers.txt -w $WORKING_DIR/puredns.txt

 # Combine DNS results
 cat $WORKING_DIR/dnsx.txt $WORKING_DIR/massdns.txt $WORKING_DIR/puredns.txt | sort -u >> $DNS_ANALYSIS_FILE

 # Web Endpoint Enumeration
 echo "Starting Web Endpoint Enumeration..."
 httpx -l $SUBDOMAINS_FILE -silent -threads 100 -o $WEB_ENDPOINTS_FILE
 meg -l $SUBDOMAINS_FILE -p /paths.txt -o $WORKING_DIR/out
 hakrawler -url $TARGET_DOMAIN | tee -a $WEB_ENDPOINTS_FILE
 waybackurls $TARGET_DOMAIN | tee -a $WEB_ENDPOINTS_FILE
 gau $TARGET_DOMAIN | tee -a $WEB_ENDPOINTS_FILE
 waymore $TARGET_DOMAIN | tee -a $WEB_ENDPOINTS_FILE

 # Data Cleaning and Management
 echo "Cleaning and Managing Data..."
 cat $WEB_ENDPOINTS_FILE | anew -q $WORKING_DIR/unique_web_endpoints.txt

 # Vulnerability and Exposure Scanning
 echo "Identifying Vulnerabilities..."
 nuclei -l $WORKING_DIR/unique_web_endpoints.txt -o $WORKING_DIR/nuclei_out.txt
 dalfox file $WORKING_DIR/unique_web_endpoints.txt -o $WORKING_DIR/dalfox_out.txt
 sqlmap -m $WORKING_DIR/unique_web_endpoints.txt --batch --output-dir=$WORKING_DIR/sqlmap_out

 # Append vulnerabilities to the report
 cat $WORKING_DIR/nuclei_out.txt $WORKING_DIR/dalfox_out.txt $WORKING_DIR/sqlmap_out/* > $VULNERABILITY_FILE

 # Port Scanning and Enumeration
 echo "Starting Port Scanning and Enumeration..."
 naabu -iL $SUBDOMAINS_FILE -o $WORKING_DIR/naabu_out.txt
 RustScan -a $TARGET_DOMAIN -u 5000 -- -A -sV -oN $WORKING_DIR/rustscan_out.txt

 # Append port enumeration results
 cat $WORKING_DIR/naabu_out.txt $WORKING_DIR/rustscan_out.txt > $PORT_ENUM_FILE

 # Compiling Final Report
 echo "Compiling Final Report..."
 cat $SUBDOMAINS_FILE $DNS_ANALYSIS_FILE $WEB_ENDPOINTS_FILE $VULNERABILITY_FILE $PORT_ENUM_FILE > $FINAL_REPORT

 # Notify via Discord
 notify_discord "Scanning and Analysis Completed for $TARGET_DOMAIN. Check the final report in $WORKING_DIR."

 echo "Workflow Completed. Check $FINAL_REPORT for details."
	#!/bin/bash

	##########################################################
	# CyberRecon.sh
	# Comprehensive Cybersecurity Reconnaissance Script
	#
	# Description:
	# This script performs a detailed cybersecurity reconnaissance and scanning
	# for a given target domain. It integrates various tools to enumerate
	# subdomains, analyze DNS, scan web endpoints, identify vulnerabilities,
	# and perform port scanning. The results are compiled into a report,
	# and notifications are sent via Discord.
	#
	# Usage:
	# ./CyberRecon.sh <target-domain>
	# Example: ./CyberRecon.sh example.com
	#
	# Output:
	# All findings are stored in a target-specific directory under ./scans/.
	# A final report is compiled in the same directory for easy review.
	#
	# Prerequisites:
	# - Ensure all required tools (amass, subfinder, github-subdomains, etc.) are installed.
	# - Set the 'DISCORD_WEBHOOK_URL' to your Discord webhook for notifications.
	#
	# Author: @lukeswitz
	# Created: 22_DEC_2023
	# Last Updated: 22_DEC_2023
	##########################################################

	# Check for input parameter
	if [ "$#" -ne 1 ]; then
	echo "Usage: $0 <target-domain>"
	exit 1
	fi

	TARGET_DOMAIN="$1"
	DISCORD_WEBHOOK_URL="your_discord_webhook_url"

	# Directory setup for new target
	WORKING_DIR="./scans/$TARGET_DOMAIN"
	mkdir -p $WORKING_DIR

	# Output files setup
	SUBDOMAINS_FILE="$WORKING_DIR/subdomains.txt"
	DNS_ANALYSIS_FILE="$WORKING_DIR/dns_analysis.txt"
	WEB_ENDPOINTS_FILE="$WORKING_DIR/web_endpoints.txt"
	VULNERABILITY_FILE="$WORKING_DIR/vulnerabilities.txt"
	PORT_ENUM_FILE="$WORKING_DIR/port_enum.txt"
	FINAL_REPORT="$WORKING_DIR/final_report.txt"

	# Function to Notify via Discord
	notify_discord() {
	curl -H "Content-Type: application/json" -d "{\"content\": \"$1\"}" $DISCORD_WEBHOOK_URL
	}

	# Clearing previous data
	> $SUBDOMAINS_FILE
	> $DNS_ANALYSIS_FILE
	> $WEB_ENDPOINTS_FILE
	> $VULNERABILITY_FILE
	> $PORT_ENUM_FILE
	> $FINAL_REPORT

	# Domain and Subdomain Enumeration
	echo "Starting Domain and Subdomain Enumeration..."
	amass enum -d $TARGET_DOMAIN -o $WORKING_DIR/amass.txt
	subfinder -d $TARGET_DOMAIN -o $WORKING_DIR/subfinder.txt
	github-subdomains -d $TARGET_DOMAIN -o $WORKING_DIR/githubsubdomains.txt
	findomain -t $TARGET_DOMAIN -o $WORKING_DIR/findomain.txt
	assetfinder --subs-only $TARGET_DOMAIN \| tee $WORKING_DIR/assetfinder.txt

	# Combine and sort the results
	cat $WORKING_DIR/*.txt \| sort -u > $SUBDOMAINS_FILE

	# DNS Analysis and History
	echo "Starting DNS Analysis and History..."
	rapid_dns -d $TARGET_DOMAIN \| tee -a $DNS_ANALYSIS_FILE
	crt.sh -d $TARGET_DOMAIN \| tee -a $DNS_ANALYSIS_FILE
	dnsx -l $SUBDOMAINS_FILE -o $WORKING_DIR/dnsx.txt
	massdns -r lists/resolvers.txt -t A -o S -w $WORKING_DIR/massdns.txt $SUBDOMAINS_FILE
	puredns bruteforce subdomains-top1million.txt $TARGET_DOMAIN --resolvers lists/resolvers.txt -w $WORKING_DIR/puredns.txt

	# Combine DNS results
	cat $WORKING_DIR/dnsx.txt $WORKING_DIR/massdns.txt $WORKING_DIR/puredns.txt \| sort -u >> $DNS_ANALYSIS_FILE

	# Web Endpoint Enumeration
	echo "Starting Web Endpoint Enumeration..."
	httpx -l $SUBDOMAINS_FILE -silent -threads 100 -o $WEB_ENDPOINTS_FILE
	meg -l $SUBDOMAINS_FILE -p /paths.txt -o $WORKING_DIR/out
	hakrawler -url $TARGET_DOMAIN \| tee -a $WEB_ENDPOINTS_FILE
	waybackurls $TARGET_DOMAIN \| tee -a $WEB_ENDPOINTS_FILE
	gau $TARGET_DOMAIN \| tee -a $WEB_ENDPOINTS_FILE
	waymore $TARGET_DOMAIN \| tee -a $WEB_ENDPOINTS_FILE

	# Data Cleaning and Management
	echo "Cleaning and Managing Data..."
	cat $WEB_ENDPOINTS_FILE \| anew -q $WORKING_DIR/unique_web_endpoints.txt

	# Vulnerability and Exposure Scanning
	echo "Identifying Vulnerabilities..."
	nuclei -l $WORKING_DIR/unique_web_endpoints.txt -o $WORKING_DIR/nuclei_out.txt
	dalfox file $WORKING_DIR/unique_web_endpoints.txt -o $WORKING_DIR/dalfox_out.txt
	sqlmap -m $WORKING_DIR/unique_web_endpoints.txt --batch --output-dir=$WORKING_DIR/sqlmap_out

	# Append vulnerabilities to the report
	cat $WORKING_DIR/nuclei_out.txt $WORKING_DIR/dalfox_out.txt $WORKING_DIR/sqlmap_out/* > $VULNERABILITY_FILE

	# Port Scanning and Enumeration
	echo "Starting Port Scanning and Enumeration..."
	naabu -iL $SUBDOMAINS_FILE -o $WORKING_DIR/naabu_out.txt
	RustScan -a $TARGET_DOMAIN -u 5000 -- -A -sV -oN $WORKING_DIR/rustscan_out.txt

	# Append port enumeration results
	cat $WORKING_DIR/naabu_out.txt $WORKING_DIR/rustscan_out.txt > $PORT_ENUM_FILE

	# Compiling Final Report
	echo "Compiling Final Report..."
	cat $SUBDOMAINS_FILE $DNS_ANALYSIS_FILE $WEB_ENDPOINTS_FILE $VULNERABILITY_FILE $PORT_ENUM_FILE > $FINAL_REPORT

	# Notify via Discord
	notify_discord "Scanning and Analysis Completed for $TARGET_DOMAIN. Check the final report in $WORKING_DIR."

	echo "Workflow Completed. Check $FINAL_REPORT for details."