zenosxx · April 26, 2021 08:28
diff --git a/subdomain.sh b/subdomain.sh
 #!/bin/bash

 echo "Recon $1"

 domain=$1
 path="~/Desktop/Asset-note/"
 folder=recon-$(date +"%Y-%m-%d")

 sub_path=$path/$domain/$folder/subdomain 
 filemon_path=$path/$domain/Filemonitor 
 android_path=$path/$domain/$folder/android 
 aws_path=$path/$domain/$folder/aws 
 nmap_path=$path/$domain/$folder/nmap 
 aquatone_path=$path/$domain/$folder/aquatone 
 dirsearch_path=$path/$domain/$folder/dirsearch 
 github_path=$path/$domain/$folder/github 
 travis_path=$path/$domain/$folder/travis 
 wayback_path=$path/$domain/$folder/wayback

 mkdir -p $sub_path $filemon_path $android_path $aws_path $nmap_path $aquatone_path $dirsearch_path $github_path $travis_path $wayback_path

 domain_recon() {
 cd $sub_path

 if  [ ! -f $sub_path/crt_output.txt ] && [ ! -f $sub_path/rdns_output.txt ] && [ ! -f $sub_path/amass_output.txt ] && [ ! -f $sub_path/cert_output.txt ] && [ ! -f $sub_path/sublist3r_output.txt ];

    then
    	echo -e "Running certspotter.....\n"
    	curl -ss https://certspotter.com/api/v0/certs\?domain\=$domain | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | uniq > cert_output.txt
        echo -e "Running crt....\n"
        python /home/chitoge/Desktop/Bugbounty/scripts/ct.py $domain > crt_output.txt
        echo -e "Running bufferover....\n"
        curl -ss https://dns.bufferover.run/dns?q=.$domain | jq '.FDNS_A[]' | sed 's/^\".*.,//g' | sed 's/\"$//g'  | uniq > rdns_output.txt
        echo -e "Running sublist3r.....\n"
        sublist3r -d $domain -o sublist3r_output.txt
        echo -e "Running amass ....\n"

        amass enum  -noalts -log /home/chitoge/Desktop/Bugbounty/amass/test.log -config /home/chitoge/Desktop/Bugbounty/amass/config.ini -d $domain
        cp ~/Desktop/Bugbounty/amass/amass_output/amass.txt $path/$domain/$folder/subdomain/amass_output.txt
        echo -e "Running assetfinder\n"
        assetfinder -subs-only $domain > assetfinder_output.txt
        echo -e "creating passive.txt\n"
        cat *_output.txt | uniq | grep $domain | sort -u > passive.txt 
        echo -e " Passive Recon Done...\n"
        rm *_output.txt
    fi
 : '
   echo -e "Starting Bruteforce\n"
   python /home/chitoge/Desktop/Bugbounty/massdns/subbrute.py /home/chitoge/Desktop/Bugbounty/commonspeak2-wordlists/subdomains/final_combined.txt $domain > brute.txt
   massdns -r /home/chitoge/Desktop/Bugbounty/massdns/lists/resolvers.txt -t A -o J -w brute.json brute.txt
   cat brute.json  | grep -v "awsdns-hostmaster.amazon.com\|coby.ns.cloudflare.com." | jq ".query_name" | sed 's/^\"\|.\"$//g' | sort -u > brute_output.txt
   cat brute_output.txt passive.txt | uniq | sort -u > output.txt
 '
 }
	#!/bin/bash

	echo "Recon $1"

	domain=$1
	path="~/Desktop/Asset-note/"
	folder=recon-$(date +"%Y-%m-%d")

	sub_path=$path/$domain/$folder/subdomain
	filemon_path=$path/$domain/Filemonitor
	android_path=$path/$domain/$folder/android
	aws_path=$path/$domain/$folder/aws
	nmap_path=$path/$domain/$folder/nmap
	aquatone_path=$path/$domain/$folder/aquatone
	dirsearch_path=$path/$domain/$folder/dirsearch
	github_path=$path/$domain/$folder/github
	travis_path=$path/$domain/$folder/travis
	wayback_path=$path/$domain/$folder/wayback

	mkdir -p $sub_path $filemon_path $android_path $aws_path $nmap_path $aquatone_path $dirsearch_path $github_path $travis_path $wayback_path

	domain_recon() {
	cd $sub_path

	if [ ! -f $sub_path/crt_output.txt ] && [ ! -f $sub_path/rdns_output.txt ] && [ ! -f $sub_path/amass_output.txt ] && [ ! -f $sub_path/cert_output.txt ] && [ ! -f $sub_path/sublist3r_output.txt ];

	then
	echo -e "Running certspotter.....\n"
	curl -ss https://certspotter.com/api/v0/certs\?domain\=$domain \| jq '.[].dns_names[]' \| sed 's/\"//g' \| sed 's/\*\.//g' \| uniq > cert_output.txt
	echo -e "Running crt....\n"
	python /home/chitoge/Desktop/Bugbounty/scripts/ct.py $domain > crt_output.txt
	echo -e "Running bufferover....\n"
	curl -ss https://dns.bufferover.run/dns?q=.$domain \| jq '.FDNS_A[]' \| sed 's/^\".*.,//g' \| sed 's/\"$//g' \| uniq > rdns_output.txt
	echo -e "Running sublist3r.....\n"
	sublist3r -d $domain -o sublist3r_output.txt
	echo -e "Running amass ....\n"

	amass enum -noalts -log /home/chitoge/Desktop/Bugbounty/amass/test.log -config /home/chitoge/Desktop/Bugbounty/amass/config.ini -d $domain
	cp ~/Desktop/Bugbounty/amass/amass_output/amass.txt $path/$domain/$folder/subdomain/amass_output.txt
	echo -e "Running assetfinder\n"
	assetfinder -subs-only $domain > assetfinder_output.txt
	echo -e "creating passive.txt\n"
	cat *_output.txt \| uniq \| grep $domain \| sort -u > passive.txt
	echo -e " Passive Recon Done...\n"
	rm *_output.txt
	fi
	: '
	echo -e "Starting Bruteforce\n"
	python /home/chitoge/Desktop/Bugbounty/massdns/subbrute.py /home/chitoge/Desktop/Bugbounty/commonspeak2-wordlists/subdomains/final_combined.txt $domain > brute.txt
	massdns -r /home/chitoge/Desktop/Bugbounty/massdns/lists/resolvers.txt -t A -o J -w brute.json brute.txt
	cat brute.json \| grep -v "awsdns-hostmaster.amazon.com\\|coby.ns.cloudflare.com." \| jq ".query_name" \| sed 's/^\"\\|.\"$//g' \| sort -u > brute_output.txt
	cat brute_output.txt passive.txt \| uniq \| sort -u > output.txt
	'
	}