Last active
January 22, 2021 13:23
-
-
Save nandakrr/11c2b0883f9f094625ad19ee3e6a3548 to your computer and use it in GitHub Desktop.
Combination of Multiple Tools to Automate Recon Process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Combination of Multiple Tools for Personal Use by @nk1202 . | |
| #!/bin/bash | |
| url=$1 | |
| if [ ! -d "output/$url" ];then | |
| mkdir output/$url | |
| fi | |
| if [ ! -d "output/$url/recon" ];then | |
| mkdir output/$url/recon | |
| fi | |
| if [ ! -d "output/$url/recon/gowitness" ];then | |
| mkdir output/$url/recon/gowitness | |
| fi | |
| if [ ! -d "output/$url/recon/scans" ];then | |
| mkdir output/$url/recon/scans | |
| fi | |
| if [ ! -d "output/$url/recon/httprobe" ];then | |
| mkdir output/$url/recon/httprobe | |
| fi | |
| if [ ! -d "output/$url/recon/potential_takeovers" ];then | |
| mkdir output/$url/recon/potential_takeovers | |
| fi | |
| if [ ! -d "output/$url/recon/wayback" ];then | |
| mkdir output/$url/recon/wayback | |
| fi | |
| if [ ! -d "output/$url/recon/wayback/params" ];then | |
| mkdir output/$url/recon/wayback/params | |
| fi | |
| if [ ! -d "output/$url/recon/wayback/extensions" ];then | |
| mkdir output/$url/recon/wayback/extensions | |
| fi | |
| if [ ! -d "output/$url/recon/sub_takeover" ];then | |
| mkdir output/$url/recon/sub_takeover | |
| fi | |
| if [ ! -f "output/$url/recon/httprobe/alive.txt" ];then | |
| touch output/$url/recon/httprobe/alive.txt | |
| fi | |
| if [ ! -f "output/$url/recon/final.txt" ];then | |
| touch output/$url/recon/final.txt | |
| fi | |
| if [ ! -f "output/$url/recon/sub_takeover/dig.txt" ];then | |
| touch output/$url/recon/sub_takeover/dig.txt | |
| fi | |
| if [ ! -f "output/$url/recon/sub_takeover/nuclei.txt" ];then | |
| touch output/$url/recon/sub_takeover/nuclei.txt | |
| fi | |
| if [ ! -f "output/$url/recon/sub_takeover/aquatone_takeover.txt" ];then | |
| touch output/$url/recon/sub_takeover/aquatone_takeover.txt | |
| fi | |
| if [ ! -f "output/$url/recon/potential_takeovers/potential_takeovers.txt" ];then | |
| touch output/$url/recon/potential_takeovers/potential_takeovers.txt | |
| fi | |
| #echo "[+] Harvesting subdomains with assetfinder..." | |
| #assetfinder $url >> output/$url/recon/assets.txt | |
| #cat output/$url/recon/assets.txt | sort -u | grep $1 >> output/$url/recon/final.txt | |
| #rm output/$url/recon/assets.txt | |
| echo "[+] Probing for alive domains..." | |
| cat output/$url/recon/final.txt | sort -u | httprobe -s -p https:443 | tr -d '443' | sed s/.$// >> output/$url/recon/httprobe/fgowitness.txt | |
| cat output/$url/recon/httprobe/fgowitness.txt | sed 's/https\?:\/\///' >> output/$url/recon/httprobe/alive.txt | |
| echo "[+] Scanning for open ports..." | |
| nmap -iL output/$url/recon/httprobe/alive.txt -T4 -oA output/$url/recon/scans/scanned.txt | |
| echo "[+] Running gowitness against all compiled domains..." | |
| gowitness file -s output/$url/recon/httprobe/fgowitness.txt -d output/$url/recon/gowitness | |
| rm output/$url/recon/httprobe/fgowitness.txt | |
| echo "[+] Pulling data for manual subdomain takeover..." | |
| cat output/$url/recon/final.txt | while read in; do dig "$in"; done | tee output/$url/recon/sub_takeover/dig.txt | |
| echo "[+] Checking for possible subdomain takeover with subjack..." | |
| subjack -w output/$url/recon/final.txt -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v 3 -o output/$url/recon/sub_takeover/subjack_takeover.txt | |
| echo "[+] Checking for possible subdomain takeover with nuclei..." | |
| cat output/$url/recon/final.txt | dnsprobe -silent -f domain | httprobe -prefer-https | nuclei -t nuclei-templates/subdomain-takeover/detect-all-takeovers.yaml | tee output/$url/recon/sub_takeover/nuclei_takeover.txt | |
| #echo "[+] Checking for possible subdomain takeover with aquatone..." | |
| #aquatone-takeover --domain $url | tee output/$url/recon/sub_takeover/aquatone_takeover.txt | |
| echo "[+] Scraping wayback data..." | |
| cat output/$url/recon/final.txt | sort -u | waybackurls >> output/$url/recon/wayback/wayback_output.txt | |
| sort -u output/$url/recon/wayback/wayback_output.txt | |
| echo "[+] Pulling and compiling all possible params found in wayback data..." | |
| cat output/$url/recon/wayback/wayback_output.txt | grep '?*=' | cut -d '=' -f 1 | sort -u >> output/$url/recon/wayback/params/wayback_params.txt | |
| for line in $(cat output/$url/recon/wayback/params/wayback_params.txt);do echo $line'=';done | |
| echo "[+] Pulling and compiling js/php/aspx/jsp/json files from wayback output..." | |
| for line in $(cat output/$url/recon/wayback/wayback_output.txt);do | |
| ext="${line##*.}" | |
| if [[ "$ext" == "js" ]]; then | |
| echo $line >> output/$url/recon/wayback/extensions/js1.txt | |
| sort -u output/$url/recon/wayback/extensions/js1.txt >> output/$url/recon/wayback/extensions/js.txt | |
| fi | |
| if [[ "$ext" == "html" ]];then | |
| echo $line >> output/$url/recon/wayback/extensions/jsp1.txt | |
| sort -u output/$url/recon/wayback/extensions/jsp1.txt >> output/$url/recon/wayback/extensions/jsp.txt | |
| fi | |
| if [[ "$ext" == "json" ]];then | |
| echo $line >> output/$url/recon/wayback/extensions/json1.txt | |
| sort -u output/$url/recon/wayback/extensions/json1.txt >> output/$url/recon/wayback/extensions/json.txt | |
| fi | |
| if [[ "$ext" == "php" ]];then | |
| echo $line >> output/$url/recon/wayback/extensions/php1.txt | |
| sort -u output/$url/recon/wayback/extensions/php1.txt >> output/$url/recon/wayback/extensions/php.txt | |
| fi | |
| if [[ "$ext" == "aspx" ]];then | |
| echo $line >> output/$url/recon/wayback/extensions/aspx1.txt | |
| sort -u output/$url/recon/wayback/extensions/aspx1.txt >> output/$url/recon/wayback/extensions/aspx.txt | |
| fi | |
| done | |
| rm output/$url/recon/wayback/extensions/js1.txt | |
| rm output/$url/recon/wayback/extensions/jsp1.txt | |
| rm output/$url/recon/wayback/extensions/json1.txt | |
| rm output/$url/recon/wayback/extensions/php1.txt | |
| rm output/$url/recon/wayback/extensions/aspx1.txt |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment