Last active
December 25, 2022 20:24
-
-
Save yunginnanet/9fc742ce18fde587d3d14bb62fe8e688 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| trap "exit 1" TERM | |
| export TOP_PID=$$ | |
| #-------------------\ | |
| # - - - | 0 | - - -\ | |
| # - - | r | - - OO | |
| # . | l | . ||---------------> 0rly? <------------. | |
| # ? | y | ? || * git.tcp.direct/kayos * `` | |
| # .------------. || * github.com/yunginnanet * `` | |
| # / 0rly? \ ||----------------------------------------.`` | |
| # |? ? ? ? ? ? ? |?|| | |
| # \__ __'\______/ ||👻 SPOOKY UNICORNS PROBING MY COMPUTER? 👻 | |
| # |/ \\ || 👻 ITS MORE LIKELY THAN YOU THINK! 👻 | |
| # \ \\ . ?|| | |
| # |\\/| || O O O O O | |
| # ? / " '\ || r l y ? w 0 r o a | |
| # . . . || 0 0 0 h r u l i | |
| # / ) | || r r a l s o g | |
| # ? ' _.' | || l t y r l h | |
| # '-'/ \ || y ! ? s ? t | |
| #-------------------|| | |
| ### Script dirs ######\ | |
| _DATE=$(date +%b-%d-%Y) | |
| _0RLYDIR="$HOME/0rly" | |
| _RESULTS="$_0RLYDIR/$_DATE/$1" | |
| _DNS="$_0RLYDIR/resolvers.txt" | |
| _RUSTSCAN="$HOME/.cargo/bin/rustscan" | |
| _FINDOMAIN="$HOME/.cargo/bin/findomain" | |
| ######################## | |
| _BANNER="H4sIAAAAAAACA32STQ6CMBCF916BzVyAFmWnxouwIki0UQKBSQw36LYbD+hJJPxMZwradDFM33y8Tgcgyvan9FABfN6WNtAKv6UsypJqB8QYs27ZvJAl6GAOFpovktQpDQS3wgJBHI+cYIenP//BFZ5CsbwFF1CCbrXF97rAkugPBM1b4u2urHkQ0jhq8rhmwXY3iWdXr/fHG7AhcL5VzltgeTEh5G0kpcNUxpc7YtMdtcaXQSxbVdSVxqK5mrYs8BxzuRffDKpBpCaVfuR93emkffZzwRdOcXbG+AIAAA==" | |
| _YLW="\e[93m" | |
| _RST="\e[0m" | |
| _RED="\e[1;31m" | |
| _GRN="\e[1;32m" | |
| # _ARGS="$@" | |
| #------------------------------------ | |
| # 0) findomain subdomain enumeration \ | |
| # r) queries whois for resolved IPs \ | |
| # l) greps out cloudflare results \ | |
| # y) runs rustscan on remaining results \ | |
| # ?) generates HTML reports______________\ | |
| # -------------------------\*~*~*~*~*~*~*/ | |
| # ----- dependencies -------\??- - - -??/ | |
| #----------------------------\ ? - - ? / | |
| # - nmap \ ? 0 ? / | |
| # - xsltproc \ -r- / | |
| # - whois \-l-/ | |
| # - GNU Parallel \y/ | |
| # | |
| # - rustscan | |
| # -- https://crates.io/crates/rustscan (cargo install rustscan) # | |
| # or: https://github.com/RustScan/RustScan/releases/tag/2.0.1 # | |
| # # | |
| # - findomain # | |
| # -- https://crates.io/crates/findomain (cargo install findomain) # | |
| # or: https://github.com/Findomain/Findomain/releases/tag/3.1.0 # | |
| #------------------------------------------------------------------- | |
| if [ -z "$1" ]; then | |
| echo "yarly." | |
| exit 1 | |
| fi | |
| #------------------------ | |
| echo "$_BANNER" | base64 -d | gzip -d | |
| echo -n -e "$_YLW"; figlet -f fig.smbraille "$1"; echo -n -e "$_RST"; | |
| #------------------------ | |
| #-----\ | |
| set +e #+==== Must Execute ===== | |
| #-----/ | |
| if [ ! -f "$_DNS" ]; then | |
| echo -e "Saving a copy of your current nameservers to use as resolvers for $_YLW findomain $_RST..." | |
| grep -v search /etc/resolv.conf | grep -v ":" | awk '{print $2}' | tee "$_DNS" | |
| else | |
| _SIZE=$(wc -c "$_DNS" | awk '{print $1}') | |
| if [ "$_SIZE" -eq 0 ]; then | |
| echo -e "$_YLW $_DNS $_RST is $_RED empty $_RST..." | |
| echo "$_RSLV" | tee "$_DNS" | |
| fi | |
| echo -e "Using the nameservers from $_YLW $_0RLYDIR/resolvers.txt $_RST..." | |
| fi | |
| #------------------------ | |
| echo -e "Creating directory structure under: $_YLW $_RESULTS $_RST ..." | |
| _TMP="$_RESULTS/tmp"; rm -rf "$_TMP" | |
| _XML="$_RESULTS/XML" | |
| _HTML="$_RESULTS/HTML" | |
| _TXT="$_RESULTS/TXT" | |
| echo -e "$_TMP\n$_XML\n$_HTML\n$_TXT/WHOIS" | while read -r line; do | |
| mkdir -p "$line"; | |
| done | |
| #------------------------ | |
| _FIFO="$_RESULTS/findomain.fifo" | |
| _DONEFIFO="$_RESULTS/done.fifo" | |
| _DISCVRFIFO="$_RESULTS/discovered.fifo" | |
| _DONE="$_RESULTS/tmp/done"; touch "$_DONE" | |
| _BUSY="$_RESULTS/tmp/busy"; touch "$_BUSY" | |
| #---- | |
| rm -f "$_FIFO"; mkfifo "$_FIFO"; | |
| rm -f "$_DONEFIFO"; mkfifo "$_DONEFIFO"; | |
| rm -f "$_DISCVRFIFO"; mkfifo "$_DISCVRFIFO"; | |
| #-----\ | |
| set -e #-======================= | |
| #-----/ | |
| _FIFOWAIT() { | |
| echo "Running..." | |
| cat "$_DONEFIFO" | |
| echo "Done!" | |
| echo -e "$_RST" | |
| rm -rf "$_TMP" | |
| kill -s TERM $TOP_PID | |
| } | |
| _FIFODOMAINS() { | |
| while true; do | |
| cat "$_DISCVRFIFO" | tee "$_BUSY"; | |
| done | |
| } | |
| _DISCOVER() { | |
| echo "$1" >> "$_DISCVRFIFO" | |
| } | |
| _PROCESS() { | |
| _DEBUGLOG="$_RESULTS/debug.log" | |
| _ADDR=$(echo "$1" | awk -F ',' '{print $NF}') | |
| if grep -x -i -q "$_ADDR" "$_DONE"; then | |
| echo -e "duplicate address $_YLW skipped $_RST: $_ADDR" >> "$_DEBUGLOG" | |
| return | |
| fi | |
| if echo "$_ADDR" | grep -E '^(192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.|127\.)'; then | |
| echo -e "private address $_YLW skipped $_RST: $_ADDR" >> "$_DEBUGLOG" | |
| return | |
| fi | |
| echo "$_ADDR" >> "$_DONE" | |
| _WHOIS="$_TXT/WHOIS/$_ADDR.whois.txt" | |
| whois "$_ADDR" >> "$_WHOIS" | |
| if grep -i -q "cloudflare" "$_WHOIS"; then | |
| echo "$_ADDR" >> "$_TXT/cloudflare.ips.txt"; | |
| return | |
| fi | |
| echo "$_ADDR" >> "$_TXT/noncloudflare.ips.txt"; | |
| _DISCOVER "$_ADDR"& | |
| threadScan() { | |
| echo -e "Scanning $_YLW $1... $_RST" | tee "$_DEBUGLOG" | |
| $_RUSTSCAN -a "$1" -- -Pn -A -T Aggressive -oX "$_XML/$1.xml" >> "$_DEBUGLOG" | |
| echo -e "$_GRN done scanning $_YLW $1 $_RST. Generating HTML report..." | |
| if [ -e "$_XML/$1" ]; then | |
| xsltproc "$_XML/$1.xml" -o "$_HTML/$1.html" && echo -e "$_YLW $_HTML/$1.html $_RST $_GRN Done! :) $_RST" | |
| return | |
| else | |
| echo "No open ports found on $1 :(" >> "$_DEBUGLOG" | |
| return | |
| fi | |
| return | |
| } | |
| export -f threadScan | |
| export _DEBUGLOG | |
| export _RUSTSCAN | |
| export _RESULTS | |
| export _HTML | |
| export _XML | |
| export _YLW | |
| export _GRN | |
| export _RST | |
| SHELL=$(type -p bash) sem -P 5 --jobs 5 threadScan "$_ADDR" 2>/dev/null | |
| } | |
| # # # --- --- ~*~ TIME FOR MAGIC ~*~ --- --- # # # | |
| # background waiters | |
| # emulate go channel type functionality | |
| _FIFODOMAINS& | |
| _FIFOWAIT& | |
| # ----------- | |
| # -- plumbing | |
| _FINALTOSCAN="$_TMP/findomain.resolved" | |
| touch "$_FINALTOSCAN" | |
| # ------------ | |
| # <- open pipe for reading | |
| _scanning=true | |
| cat "$_FIFO" | while read -r line; do \ | |
| _PROCESS "$line"; \ | |
| done & exec 3>"$_FIFO" # define file descriptor | |
| # ------------ | |
| # open pipe for writing <- | |
| $_FINDOMAIN -i --resolvers "$_DNS" --target "$1" -u "$_FIFO" | tee "$_TXT/findomain.txt"; | |
| # ------------ | |
| while $_scanning; do | |
| _BUSY=$(cat $_WORK | wc -l) | |
| _DONE=$(cat $_DONE | wc -l) | |
| if [ $_BUSY -eq $_DONE ]; then | |
| echo "fin" >> "$_DONEFIFO"; | |
| fi | |
| echo -n "." | |
| sleep 1 | |
| done; | |
| # close file descriptor | |
| exec 3>&- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
note: this is buggy as it sits, but is only a few minor bug fixes away from being overpowered
if i recall correctly the main bug i was struggling with back when i was working on this was the script knowing when it was done
the logic for concurrency I was implementing here is inspired by golang channels, but misses the mark a tad