Setup Bug Bounty Tools on AWS instance / any VPS for that matter
#!/bin/bash | |
# | |
# Execute as wget -O - https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885/raw | bash | |
# # Thanks JeffreyShran for the gist url thing | |
# | |
# | |
# It's debian based, so for centos and likewise you have to change apt to yum and similarly | |
# | |
InstallationStartTime=$(date +%s) | |
#### COLORS #### ( Taken from : https://misc.flogisoft.com/bash/tip_colors_and_formatting ) | |
NORMAL='\e[0m' | |
RED='\e[31m' | |
LIGHT_GREEN='\e[92m' | |
LIGHT_YELLOW='\e[93m' | |
BLINK='\e[5m' | |
BOLD='\e[1m' | |
UNDERLINE='\e[4m' | |
############### | |
mkdir ~/tools | |
apt update -yq && apt upgrade -yq # Do it manually, cause there are some whiptail menus that aren't automated yet and | |
# thus cause problems | |
# change python3 to python and set priority of 10 - https://stackoverflow.com/a/50331137 | |
update-alternatives --install /usr/bin/python python /usr/bin/python3 10 | |
apt install -yq wget unzip curl screen git gcc make libpcap-dev python3-pip clang nmap python3-dev build-essential libssl-dev libffi-dev python3-venv p7zip-full p7zip-rar tree software-properties-common | |
apt-add-repository -y ppa:rael-gc/rvm | |
pip3 install rdpy==1.3.2 | |
timedatectl set-timezone Asia/Kolkata | |
apt install -y golang-go | |
cd ~/tools | |
git clone https://github.com/jordanpotti/CloudScraper.git && echo -e "\n${LIGHT_YELLOW}Installing CloudScraper's requirements.txt ${NORMAL}\n" | |
pip3 install -r CloudScraper/requirements.txt | |
echo -e "\n${LIGHT_YELLOW}Installing SubFinder${NORMAL}\n" | |
GO111MODULE=on go get -v -u github.com/projectdiscovery/subfinder/v2/cmd/subfinder | |
cd ~/tools | |
git clone https://github.com/blechschmidt/massdns.git && echo -e "\n${LIGHT_YELLOW}Making and copying massdns to /usr/bin/ ${NORMAL}\n" | |
cd massdns | |
make | |
if [ $? -eq 0 ]; then | |
mv /root/tools/massdns/bin/massdns /usr/bin/ && cd - # go back to main directory | |
mkdir /root/tools/massdns_lists | |
mv /root/tools/massdns/lists/* /root/tools/massdns_lists/ | |
rm -rf massdns | |
echo -e "\n${LIGHT_YELLOW}Installed massdns ${NORMAL}\n" | |
else | |
echo -e "\n${LIGHT_YELLOW}Try reinstalling massdns manually ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}RUN : git clone https://github.com/blechschmidt/massdns.git ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}And then cd into the directory and issue make command ${NORMAL}\n" | |
fi | |
echo -e "\n${LIGHT_YELLOW}Proceeding with installation of masscan ${NORMAL}\n" | |
git clone https://github.com/robertdavidgraham/masscan.git && echo -e "\n${LIGHT_YELLOW}Making masscan ${NORMAL}\n" | |
cd masscan | |
make -j | |
if [ $? -eq 0 ]; then | |
mv ./bin/masscan /usr/bin/ && cd - # go back to main directory | |
rm -rf masscan && echo -e "\n${LIGHT_YELLOW}Deleted masscan github local clone ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}Installed masscan ${NORMAL}\n" | |
else | |
echo -e "\n${LIGHT_YELLOW}Try reinstalling masscan manually ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}RUN : git clone https://github.com/robertdavidgraham/masscan.git ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}And then cd into the directory and issue make command ${NORMAL}\n" | |
fi | |
echo -e "\n${LIGHT_YELLOW}Installing of ffuf${NORMAL}\n" | |
go get -v -u github.com/ffuf/ffuf | |
echo -e "\n${LIGHT_YELLOW}Installing subjack${NORMAL}\n" | |
go get -v -u github.com/haccer/subjack | |
go get -v -u github.com/tomnomnom/waybackurls && echo -e "\n${LIGHT_YELLOW}Got waybackurls ;) ${NORMAL}\n" | |
mv ~/go/bin/waybackurls /usr/bin/ | |
if [ $? -eq 0 ]; then | |
echo -e "\n${LIGHT_YELLOW}Installed waybackurls ${NORMAL}\n" | |
else | |
echo -e "\n${LIGHT_YELLOW}Try reinstalling waybackurls manually ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}RUN : go get github.com/tomnomnom/waybackurls && echo \"Got waybackurls ;)\" ${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}Then move the binary from ~/go/bin/ to /usr/bin/ ${NORMAL}\n" | |
fi | |
git clone https://github.com/x90skysn3k/brutespray.git && echo -e "\n${LIGHT_YELLOW}Cloned Brutespray ${NORMAL}\n" | |
apt install amass -y | |
if [ $? -eq 0 ]; then | |
echo -e "\n${LIGHT_YELLOW}Installed amass ${NORMAL}\n" | |
rm amass.zip | |
else | |
echo -e "\n${LIGHT_YELLOW}Try redownloading amass ${NORMAL}\n" | |
fi | |
apt-get install -yq bc locate dnsutils apache2 | |
cd ~/tools & echo -e "\n${LIGHT_YELLOW}Cloning JS-scan ${NORMAL}\n" | |
git clone https://github.com/zseano/JS-Scan.git | |
chmod o+x JS-Scan | |
ln -s "/root/tools/JS-Scan" /var/www/html/JS-Scan | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning bucketkicker ${NORMAL}\n" | |
git clone https://github.com/craighays/bucketkicker.git | |
pip3 install -r ~/tools/bucketkicker/requirements.txt | |
echo -e "\n${LIGHT_YELLOW}Installing trufflehog ${NORMAL}\n" | |
pip3 install truffleHog | |
echo -e "\n${LIGHT_YELLOW}Installing wafw00f ${NORMAL}\n" | |
pip3 install wafw00f | |
echo -e "\n${LIGHT_YELLOW}Installing whatweb ${NORMAL}\n" | |
apt-get install -yq whatweb | |
echo -e "\n${LIGHT_YELLOW}Installing snallygaster ${NORMAL}\n" | |
pip3 install snallygaster | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning CloudFlare-Enum ${NORMAL}\n" | |
git clone https://github.com/mandatoryprogrammer/cloudflare_enum.git | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning AWS-Bruteforcer ${NORMAL}\n" | |
git clone https://github.com/Ucnt/aws-s3-data-finder.git | |
cd aws-s3-data-finder && pip3 install -r requirements.txt | |
cd ~/tools | |
# Although cloning Goohak and GoogD0rker but need to make a workaround for google's IP restriction on advanced search | |
# Cause these are not working for me | |
echo -e "\n${LIGHT_YELLOW}For Goohak and GoogD0rker pip3 install google ${NORMAL}\n" | |
pip3 install google | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning Goohak ${NORMAL}\n" | |
git clone https://github.com/1N3/Goohak.git | |
chmod +x Goohak/goohak | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning GoogD0rker${NORMAL}\n" | |
# Do not use currently it's a WIP | |
git clone https://github.com/ZephrFish/GoogD0rker.git | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing brakeman : For RoR applications ${NORMAL}\n" | |
# Alternative : gem install brakeman | |
# Using git method so as to install the latest brakeman | |
git clone https://github.com/presidentbeef/brakeman.git | |
cd brakeman | |
gem build brakeman.gemspec | |
yes | gem install brakeman-*.gem | |
mv ~/tools/brakeman/bin/brakeman /usr/local/bin/ | |
mv ~/tools/brakeman/bin/codeclimate-brakeman /usr/local/bin/ | |
rm -rf ~/tools/brakeman | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing gitleaks${NORMAL}\n" | |
go get -v -u github.com/zricethezav/gitleaks | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Downloading aquatone binary${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}Check the latest binaries at : https://github.com/michenriksen/aquatone/releases${NORMAL}\n" | |
wget "https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip" | |
unzip aquatone_linux_amd64_1.7.0.zip | |
rm aquatone_linux_amd64_1.7.0.zip | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing chromium for aquatone${NORMAL}\n" | |
apt-get install -y chromium | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Getting all wordlists from gdrive, wordlists contain jhaddix's all.txt and massdns as well as subrute's names.txt ${NORMAL}\n" | |
mkdir wordlists | |
wget "https://drive.google.com/uc?export=download&id=1X1TTZhxfiLyqrI1Vrw0_DdhFfl3LzsbX" -O all_resolvers.zip | |
unzip -o all_resolvers.zip -d wordlists | |
rm all_resolvers.zip | |
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Downloading dirbuster wordlists ${NORMAL}\n" | |
wget "https://drive.google.com/uc?export=download&id=1KbxiE_RFZCDpBDKAJbWeG6NXe7YNtCIc" -O all_wordlists.zip | |
unzip -o all_wordlists.zip -d wordlists | |
rm all_wordlists.zip | |
# Finally when all is set and folder's deleted | |
# Get the scripts, it's in a gist | |
echo -e "\n${LIGHT_YELLOW}Getting the scripts ;\) ${NORMAL}\n" | |
wget "https://codeload.github.com/gist/8182f825bd91344ce4c2bf5e2acdf2b3/zip/9bd795e4824794d0a61f8805d48572b833b10353" -O scripts.zip | |
unzip -j scripts.zip -d scripts | |
chmod +x ~/tools/scripts/* | |
rm scripts.zip | |
cd ~/tools | |
wget -O master_script.sh "https://gist.github.com/LuD1161/0a85aef8e27e4a7644fd4b69efb62caa/raw" | |
chmod +x master_script.sh | |
wget -O nmap-input-file-creator.py "https://gist.github.com/LuD1161/dbc44c6c028de2f0cbae9e737af5aa1e/raw" | |
chmod +x nmap-input-file-creator.py | |
apt autoremove -y | |
echo -e "\n${LIGHT_YELLOW}Building nmap from git ${NORMAL}\n" | |
cd ~/tools | |
git clone https://github.com/nmap/nmap.git | |
cd nmap && sh ./configure | |
make | |
make install | |
echo -e "\n${LIGHT_YELLOW}Installing wpscan requirements ${NORMAL}\n" | |
apt-get -yq install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev libgmp-dev zlib1g-dev gcc git ruby make software-properties-common | |
apt-add-repository -y ppa:rael-gc/rvm | |
apt-get -yq update | |
apt-get -yq install rvm | |
cd ~ | |
source /etc/profile.d/rvm.sh | |
rvm install 2.5.1 | |
rvm use 2.5.1 --default | |
echo -e "gem: --no-ri --no-rdoc" > ~/.gemrc | |
#echo -e "source /usr/local/rvm/scripts/rvm" >> ~/.bashrc | |
cd ~/tools | |
echo -e "${LIGHT_YELLOW}Cloning wpscan ${NORMAL}" | |
git clone https://github.com/wpscanteam/wpscan.git | |
cd wpscan | |
yes | gem install bundler | |
bundle install --without test | |
echo -e "${LIGHT_YELLOW}Setting ulimit to 100000 ${LIGHT_GREEN}( so as to make ffuf work fine with higher number of threads ) ${NORMAL}" | |
echo "ulimit -n 100000" >> ~/.bashrc | |
### Install searchsploit #### | |
echo -e "\n${LIGHT_YELLOW}Installing searchsploit${NORMAL}\n" | |
mkdir /opt | |
git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb | |
sed 's|path_array+=(.*)|path_array+=("/opt/exploitdb")|g' /opt/exploitdb/.searchsploit_rc > ~/.searchsploit_rc | |
ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit | |
### Downloading SecLists #### | |
echo -e "\n${LIGHT_YELLOW}Downloading SecLists${NORMAL}\n" | |
cd ~/tools | |
git clone https://github.com/danielmiessler/SecLists.git | |
InstallationCompletionTime=$(date +%s) | |
echo -e "\n${LIGHT_YELLOW}Setting up GOPATH and GO bin in path ${NORMAL}\n" | |
echo "export GOPATH=$HOME/go" >> $HOME/.profile | |
echo "PATH=$PATH:/root/tools:$GOPATH/bin" >> $HOME/.profile | |
source $HOME/.profile | |
source $HOME/.bashrc | |
echo -e "${LIGHT_GREEN}Setup Complete Bug Bounty tools :) :) ${NORMAL}\n" | |
echo -e "${BOLD}Usage : ./master_script.sh domain basic|advanced${NORMAL}\n" | |
echo -e "Total Time taken : ${LIGHT_GREEN}$(( $InstallationCompletionTime-$InstallationStartTime )) ${NORMAL}seconds" | |
echo -e "\n${LIGHT_YELLOW}e.g. ./master_script.sh example.com basic|advanced ${NORMAL}\n" | |
echo -e "\n" | |
echo -e "${RED}Don't forget to add subfinder's config.json at ~/.config/subfinder/config.json${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}Also check for aquatone's latest binaries at : https://github.com/michenriksen/aquatone/releases${NORMAL}\n" | |
echo -e "\n${LIGHT_YELLOW}Enjoy :) ${NORMAL}\n" |
This comment has been minimized.
This comment has been minimized.
Woah ! Thanks mate, I didn't ever think someone would really care to look
at that.
…On Fri, 13 Dec, 2019, 10:23 pm tooth_N_tail, ***@***.***> wrote:
In regards to your comment above:
https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885#file-setup_bbty-sh-L6
This should help: https://stackoverflow.com/a/37997658
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<https://gist.github.com/66f30da6d8b6c1c05b9f6708525ea885?email_source=notifications&email_token=AEIITPSPVA66VIP5DOHDI2DQYO42LA5CNFSM4J2QIOHKYY3PNVWWK3TUL52HS4DFVNDWS43UINXW23LFNZ2KUY3PNVWWK3TUL5UWJTQAF53VQ#gistcomment-3110744>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AEIITPS2XIQJS2M4KEEWXKTQYO42LANCNFSM4J2QIOHA>
.
|
This comment has been minimized.
This comment has been minimized.
nice script |
This comment has been minimized.
This comment has been minimized.
This is awesome |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
In regards to your comment above: https://gist.github.com/LuD1161/66f30da6d8b6c1c05b9f6708525ea885#file-setup_bbty-sh-L6
This should help: https://stackoverflow.com/a/37997658