Skip to content

Instantly share code, notes, and snippets.

@LuD1161
Last active December 18, 2023 06:24
Show Gist options
  • Save LuD1161/0a85aef8e27e4a7644fd4b69efb62caa to your computer and use it in GitHub Desktop.
Save LuD1161/0a85aef8e27e4a7644fd4b69efb62caa to your computer and use it in GitHub Desktop.
Master Script to automate all the recon
#!/bin/bash
if [ -z "$2" ]
then
echo "2nd Argument not supplied"
echo "2nd argument can be basic or advanced,it used for nmap"
echo "Usage : ./master_script.sh domain basic|advanced"
echo "Also do set your expo token export expToken=xxxx to receive push notification when this gets completed"
echo "Get your expo token here : https://play.google.com/store/apps/details?id=com.hackingsimplified.notifyme"
exit 1
fi
#### COLORS #### ( Taken from : https://misc.flogisoft.com/bash/tip_colors_and_formatting )
NORMAL='\e[0m'
RED='\e[31m'
LIGHT_GREEN='\e[92m'
LIGHT_YELLOW='\e[93m'
BLINK='\e[5m'
BOLD='\e[1m'
UNDERLINE='\e[4m'
###############
domain=$1
typeOfRecon=$2
cd ~/tools
dt=$(date +%F.%H.%M.%S)
resultDir=~/tools/results/$domain-$dt
echo -e "Results in : ${BOLD}$resultDir${NORMAL}"
mkdir -p $resultDir
ReconStartTime=$(date +%s)
check_finished()
{
tool=$1 # tools="subfinder"
toolOutput=$2 # toolOutput="subfinderOutput"
toolScreen=$3 # toolScreen="subfinderScreen"
echo -e "${LIGHT_YELLOW}Checking whether "$tool" finished working${NORMAL}"
STARTTIME=$(date +%s)
while : ;
do
sleep 5s # sleep for 5 seconds before again checking
if [ -f $resultDir/$toolOutput.finished ]; then
# Delete flag file
rm $resultDir/$toolOutput.finished
# kill screen
screen -X -S $toolScreen quit
echo -en "\rTime elapsed : $totalTime seconds"
break;
fi
ENDTIME=$(date +%s)
totalTime=$(( $ENDTIME-$STARTTIME ))
echo -en "\rTime elapsed : ${BLINK}${LIGHT_GREEN}$totalTime${NORMAL} seconds"
done
echo ""
}
function subfinder_and_amass(){
################# SUBFINDER AND AMASS ################################
amassScreen=$domain-amass
screen -dmS $amassScreen bash
sleep 1
screen -S $amassScreen -X stuff "scripts/amass.sh $domain $resultDir
"
amassOutput=$domain.amass.txt
subfinderScreen=$domain-subfinder
screen -dmS $subfinderScreen bash
sleep 1
screen -S $subfinderScreen -X stuff "scripts/subfinder.sh $domain $resultDir
"
subfinderOutput=$domain.subfinder.txt
# check whether both subfinder and amass have completed their work
# close their screens
# then merge them using sort -u
STARTTIME=$(date +%s)
echo -e "${LIGHT_YELLOW}Checking whether subfinder and amass finished working${NORMAL}"
while : ;
do
sleep 5s # sleep for 5 seconds before again checking
if [ -f $resultDir/$subfinderOutput.finished ] && [ -f $resultDir/$amassOutput.finished ]; then
rm $resultDir/$subfinderOutput.finished
rm $resultDir/$amassOutput.finished
# kill both screens
screen -X -S $subfinderScreen quit
screen -X -S $amassScreen quit
# Put sorted results of both in one file
sort -u $resultDir/$subfinderOutput $resultDir/$amassOutput > $resultDir/$domain.amass_subfinder.txt
echo -en "\rTime elapsed : $totalTime seconds"
break;
fi
ENDTIME=$(date +%s)
totalTime=$(( $ENDTIME-$STARTTIME ))
echo -en "\rTime elapsed : ${BLINK}${LIGHT_GREEN}$totalTime${NORMAL} seconds"
done
echo ""
echo -e "${LIGHT_GREEN}Done amass and subfinder${NORMAL}"
################# SUBFINDER AND AMASS COMPLETE #######################
}
function massdns(){
############################ MASSDNS ####################################
echo -e "${LIGHT_YELLOW}Now doing massdns on the domain${NORMAL}"
massdns_ip_screen=$domain-massdns
screen -dmS $massdns_ip_screen bash
sleep 1
screen -S $domain-massdns -X stuff "scripts/massdns_ip.sh $domain $resultDir
"
# Do masscanning only when massdns is finished working
massdnsOutput=$domain.massdns_ip
check_finished "massdns_ip" $massdnsOutput $massdns_ip_screen
echo -e "${LIGHT_GREEN}Massdns complete${NORMAL}"
############################ MASSDNS COMPLETE ###########################
}
function subjack(){
################# SUBJACK ##########################################
subjack_screen=$domain-subjack
subjackOutput=$domain.subjack
screen -dmS $subjack_screen bash
sleep 1
screen -S $subjack_screen -X stuff "scripts/subjack.sh $domain $resultDir
"
check_finished "subjack" $subjackOutput $subjack_screen
echo -e "${LIGHT_GREEN}Done subjack${NORMAL}"
################# SUBJACK COMPLETE #################################
}
function masscan(){
############################ MASSCAN ####################################
echo -e "${LIGHT_YELLOW}Now doing masscan on all the obtained ip addreses from massdns${NORMAL}"
masscan_ip_screen=$domain-masscan-ips
screen -dmS $masscan_ip_screen bash
sleep 1
screen -S $masscan_ip_screen -X stuff "scripts/masscan.sh $resultDir/$domain.massdns_ip.ips.txt $domain $resultDir
"
masscanOutput=$domain.masscan
check_finished "masscan-ip" $masscanOutput $masscan_ip_screen
echo -e "${LIGHT_GREEN}Masscan complete${NORMAL}"
################# MASSCAN COMPLETE ####################################
}
function nmap_sorted(){
################# NMAP SORTED FILE PYTHON #############################
echo -e "${LIGHT_YELLOW}Running python ~/tools/nmap-input-file-creator.py to create nmap suitable file${NORMAL}"
python ~/tools/nmap-input-file-creator.py $resultDir/$domain.masscan-sorted.txt $resultDir/$domain.nmap-sorted.txt
if [ $? -eq 0 ]; then
echo -e "${LIGHT_YELLOW}Nmap input file created successfully${NORMAL}"
else
exit 1
fi
nmapFile=$resultDir/$domain.nmap-sorted.txt
################# NMAP SORTED FILE PYTHON COMPLETE ###################
}
function nmap(){
################# NMAP ###############################################
nmapOutput=$domain.nmap
nmapScreen=$domain-nmap
screen -dmS $nmapScreen bash
sleep 1
screen -S $nmapScreen -X stuff "scripts/nmap.sh $nmapFile $resultDir $domain $typeOfRecon
"
check_finished "nmap" $nmapOutput $nmapScreen
################# NMAP COMPLETE ######################################
}
function searchsploit(){
################# SEARCHSPLOIT ###############################################
searchsploitOutput=$domain.searchsploit
searchsploitScreen=$domain-searchsploit
screen -dmS $searchsploitScreen bash
sleep 1
screen -S $searchsploitScreen -X stuff "scripts/searchsploit.sh $domain $resultDir $typeOfRecon
"
check_finished "searchsploit" $searchsploitOutput $searchsploitScreen
################# SEARCHSPLOIT COMPLETE ######################################
}
function aquatone(){
################# AQUATONE #########################################
#
# Run aquatone on only valid domains found using massdns
#
aquatone_screen=$domain-aquatone
aquatoneOutput=$domain.aquatone
screen -dmS $aquatone_screen bash
sleep 1
screen -S $aquatone_screen -X stuff "scripts/aquatone.sh $domain $resultDir $typeOfRecon
"
check_finished "aquatone" $aquatoneOutput $aquatone_screen
echo -e "${LIGHT_GREEN}Done aquatone${NORMAL}"
################# AQUATONE COMPLETE ################################
}
function send_push_notification(){
curl 'https://exp.host/--/api/v2/push/send' \
-H 'authority: exp.host' \
-H 'accept: application/json' \
-H 'user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36' \
-H 'content-type: application/json' \
-H 'origin: https://expo.io' \
-H 'sec-fetch-site: cross-site' \
-H 'sec-fetch-mode: cors' \
-H 'sec-fetch-dest: empty' \
-H 'referer: https://expo.io/' \
-H 'accept-language: en-GB,en-US;q=0.9,en;q=0.8' \
--data-binary '[{"to":"'"$expToken"'","title":"Scanning complete For '"$domain"'","body":"'"$link"'"}]' \
--compressed
}
subfinder_and_amass
massdns
subjack
masscan
nmap_sorted
nmap
searchsploit
aquatone
ReconEndTime=$(date +%s)
link=http://$(curl ifconfig.co)/$domain.zip
if [ -z "expToken" ]; then
send_push_notification
else
echo "expToken not set, no Push notificatons for you :p"
fi
echo -e "${BOLD}${LIGHT_GREEN}Reconnaissance finished${NORMAL}"
echo -e "Results in : ${LIGHT_GREEN}$resultDir${NORMAL}"
cd $resultDir && zip "/var/www/html/$domain.zip" -r .
echo -e "${LIGHT_GREEN}" && tree $resultDir && echo -en "${NORMAL}"
echo -e "Download your zip from : ${BOLD}${LIGHT_GREEN}${UNDERLINE}$link${NORMAL}"
echo -e "Total Time taken : ${LIGHT_GREEN} $(( $ReconEndTime-$ReconStartTime )) ${NORMAL}seconds"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment