Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Setup Bug Bounty Tools on AWS instance / any VPS for that matter
#!/bin/bash
#
# Execute as wget -O - gist_url | bash
#
# Couldn't add gist url as, it changes after every update i.e. as soon as I save this, it's url will change :p
#
# It's debian based, so for centos and likewise you have to change apt to yum and similarly
#
InstallationStartTime=$(date +%s)
#### COLORS #### ( Taken from : https://misc.flogisoft.com/bash/tip_colors_and_formatting )
NORMAL='\e[0m'
RED='\e[31m'
LIGHT_GREEN='\e[92m'
LIGHT_YELLOW='\e[93m'
BLINK='\e[5m'
BOLD='\e[1m'
UNDERLINE='\e[4m'
###############
apt-add-repository -y ppa:rael-gc/rvm
apt update -yq # && apt upgrade -y # Do it manually, cause there are some whiptail menus that aren't automated yet and
# thus cause problems
apt-get install -yq python unzip curl git gcc make libpcap-dev python3 python-pip python3-pip clang nmap pzip-full python3.6-dev
pip install rdpy==1.3.2
timedatectl set-timezone Asia/Kolkata
echo -e "\n${LIGHT_YELLOW}Delete older go binary ${NORMAL}\n"
original_go=`which go`
rm $original_go
echo -e "\n${LIGHT_YELLOW}Download go from golang website to install v1.10.3, as subfinder requires v1.10+ ${NORMAL}\n"
wget https://dl.google.com/go/go1.10.3.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.10.3.linux-amd64.tar.gz
echo "export PATH=$PATH:/usr/local/go/bin" >> $HOME/.profile
rm go1.10.3.linux-amd64.tar.gz
echo -e "\n${LIGHT_YELLOW}Reload .bashrc and .profile ${NORMAL}\n"
source $HOME/.profile
source $HOME/.bashrc
mkdir tools && cd tools
echo -e "\n${LIGHT_YELLOW}Present Working Directory : "$PWD${NORMAL}
# git clone https://github.com/FortyNorthSecurity/EyeWitness.git && echo -e "\n${LIGHT_YELLOW}Running setup/setup.sh ${NORMAL}\n"
# Not using master repo cause, it has wrong options for extracting bzip2 archive type
# Also changed the download source to google drive so as to fasten the downloading process
# git clone https://github.com/LuD1161/EyeWitness.git && echo -e "\n${LIGHT_YELLOW}Running setup/setup.sh ${NORMAL}\n"
# cd EyeWitness/setup
# sh setup.sh
# cd ..
# Only download new phantomJS if the original EyeWitness failed
# Use the following commented code if using FortyNorthSecurity's repo, as the extracted phantomJS is wrong
# curl -L -o phantomjs-2.1.1-linux-x86_64.tar.bz2 "https://drive.google.com/uc?export=download&id=1xc14FtJ0M10PQp5Em1XsmcraOFDXHV_G" -O phantomjs-2.1.1-linux-x86_64.tar.bz2
# tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2
# cp phantomjs-2.1.1-linux-x86_64/bin/phantomjs bin
# rm -rf phantomjs-2.1.1-linux-x86_64
# rm phantomjs-2.1.1-linux-x86_64.tar.bz2
# curl -L -o geckodriver-v0.13.0-linux32.tar.gz "https://drive.google.com/uc?export=download&id=1oQ-e8vcCLo7LZJJkJ5RsibUThQd9vndE" -O geckodriver-v0.13.0-linux32.tar.gz
# tar jxf geckodriver-v0.13.0-linux32.tar.gz
# cp geckodriver-v0.13.0-linux32/bin/phantomjs bin
# rm geckodriver-v0.13.0-linux32.tar.gz
# rm -rf geckodriver-v0.13.0-linux32
cd ~/tools
git clone https://github.com/jordanpotti/CloudScraper.git && echo -e "\n${LIGHT_YELLOW}Installing CloudScraper's requirements.txt ${NORMAL}\n"
pip install -r CloudScraper/requirements.txt
go get github.com/subfinder/subfinder
if [ $? -eq 0 ]; then
mv ~/go/bin/subfinder /usr/bin/
echo -e "\n${LIGHT_YELLOW} Installed subfinder ${NORMAL}\n"
rm -rf subfinder
else
echo -e "\n${LIGHT_YELLOW}Try reinstalling subfinder manually ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}RUN : go get github.com/subfinder/subfinder ${NORMAL}\n"
fi
cd ~/tools
git clone https://github.com/blechschmidt/massdns.git && echo -e "\n${LIGHT_YELLOW}Making and copying massdns to /usr/bin/ ${NORMAL}\n"
cd massdns
make
if [ $? -eq 0 ]; then
mv /root/tools/massdns/bin/massdns /usr/bin/ && cd - # go back to main directory
mkdir /root/tools/massdns_lists
mv /root/tools/massdns/lists/* /root/tools/massdns_lists/massdns_lists/
rm -rf massdns
echo -e "\n${LIGHT_YELLOW}Installed massdns ${NORMAL}\n"
else
echo -e "\n${LIGHT_YELLOW}Try reinstalling massdns manually ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}RUN : git clone https://github.com/blechschmidt/massdns.git ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}And then cd into the directory and issue make command ${NORMAL}\n"
fi
echo -e "\n${LIGHT_YELLOW}Proceeding with installation of masscan ${NORMAL}\n"
git clone https://github.com/robertdavidgraham/masscan.git && echo -e "\n${LIGHT_YELLOW}Making masscan ${NORMAL}\n"
cd masscan
make -j
if [ $? -eq 0 ]; then
mv ./bin/masscan /usr/bin/ && cd - # go back to main directory
rm -rf masscan && echo -e "\n${LIGHT_YELLOW}Deleted masscan github local clone ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}Installed masscan ${NORMAL}\n"
else
echo -e "\n${LIGHT_YELLOW}Try reinstalling masscan manually ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}RUN : git clone https://github.com/robertdavidgraham/masscan.git ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}And then cd into the directory and issue make command ${NORMAL}\n"
fi
go get github.com/tomnomnom/waybackurls && echo -e "\n${LIGHT_YELLOW}Got waybackurls ;) ${NORMAL}\n"
mv ~/go/bin/waybackurls /usr/bin/
if [ $? -eq 0 ]; then
echo -e "\n${LIGHT_YELLOW}Installed waybackurls ${NORMAL}\n"
else
echo -e "\n${LIGHT_YELLOW}Try reinstalling waybackurls manually ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}RUN : go get github.com/tomnomnom/waybackurls && echo \"Got waybackurls ;)\" ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}Then move the binary from ~/go/bin/ to /usr/bin/ ${NORMAL}\n"
fi
git clone https://github.com/x90skysn3k/brutespray.git && echo -e "\n${LIGHT_YELLOW}Cloned Brutespray ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}\n Downloading amass \n ${NORMAL}\n"
wget "https://drive.google.com/uc?export=download&id=1_cR9nKhoBcyZXkwifnucTTbe--qgJAUS" -O amass.zip
echo -e "\n${LIGHT_YELLOW}Extracting amass to /usr/bin/ ${NORMAL}\n"
unzip -o amass.zip -d /usr/bin/
if [ $? -eq 0 ]; then
echo -e "\n${LIGHT_YELLOW}Installed amass ${NORMAL}\n"
rm amass.zip
else
echo -e "\n${LIGHT_YELLOW}Try redownloading amass ${NORMAL}\n"
fi
apt-get install -yq python-virtualenv bc locate dnsutils apache2 tree
cd ~/tools & echo -e "\n${LIGHT_YELLOW}Cloning JS-scan ${NORMAL}\n"
git clone https://github.com/zseano/JS-Scan.git
chmod o+x JS-Scan
ln -s "/root/tools/JS-Scan" /var/www/html/JS-Scan
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning bucketkicker ${NORMAL}\n"
git clone https://github.com/craighays/bucketkicker.git
pip3 install -r ~/tools/bucketkicker/requirements.txt
echo -e "\n${LIGHT_YELLOW}Installing trufflehog ${NORMAL}\n"
pip install truffleHog
echo -e "\n${LIGHT_YELLOW}Installing wafw00f ${NORMAL}\n"
pip install wafw00f
echo -e "\n${LIGHT_YELLOW}Installing whatweb ${NORMAL}\n"
apt-get install -yq whatweb
echo -e "\n${LIGHT_YELLOW}Installing snallygaster ${NORMAL}\n"
pip3 install snallygaster
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing SubOver ${NORMAL}\n"
go get github.com/Ice3man543/SubOver
mkdir -p ~/tools/SubOver
mv ~/go/bin/SubOver ~/tools/SubOver
cp ~/go/src/github.com/Ice3man543/SubOver/providers.json ~/tools/SubOver
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning CloudFlare-Enum ${NORMAL}\n"
git clone https://github.com/mandatoryprogrammer/cloudflare_enum.git
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning AWS-Bruteforcer ${NORMAL}\n"
git clone https://github.com/Ucnt/aws-s3-bruteforce.git
cd aws-s3-bruteforce
pip install boto
cd ~/tools
# Although cloning Goohak and GoogD0rker but need to make a workaround for google's IP restriction on advanced search
# Cause these are not working for me
echo -e "\n${LIGHT_YELLOW}For Goohak and GoogD0rker pip install google ${NORMAL}\n"
pip install google
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning Goohak ${NORMAL}\n"
git clone https://github.com/1N3/Goohak.git
chmod +x Goohak/goohak
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning GoogD0rker${NORMAL}\n"
# Using my own fork as the owner has still to merge my PR on his repo https://github.com/ZephrFish/GoogD0rker/pull/7/commits/89a3c1b1f76e4d562180cb4cbaaff03211e1264f
git clone https://github.com/LuD1161/GoogD0rker.git
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing brakeman : For RoR applications ${NORMAL}\n"
# Alternative : gem install brakeman
# Using git method so as to install the latest brakeman
git clone https://github.com/presidentbeef/brakeman.git
cd brakeman
gem build brakeman.gemspec
gem install brakeman-*.gem
mv ~/tools/brakeman/bin/brakeman /usr/local/bin/
mv ~/tools/brakeman/bin/codeclimate-brakeman /usr/local/bin/
rm -rf ~/tools/brakeman
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing gitleaks ${NORMAL}\n"
go get -u github.com/zricethezav/gitleaks
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing subjack${NORMAL}\n"
go get github.com/haccer/subjack
# cp ~/go/src/github.com/haccer/subjack/fingerprints.json
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Downloading aquatone binary${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}Check the latest binaries at : https://github.com/michenriksen/aquatone/releases${NORMAL}\n"
wget "https://github.com/michenriksen/aquatone/releases/download/v1.4.3/aquatone_linux_amd64_1.4.3.zip"
unzip aquatone_linux_amd64_1.4.3.zip
rm aquatone_linux_amd64_1.4.3.zip
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing chromium for aquatone${NORMAL}\n"
git clone https://github.com/scheib/chromium-latest-linux.git
cd chromium-latest-linux && sh update-and-run.sh
# for running chromium
apt-get install -yq --no-install-recommends libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 libnss3
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Getting all wordlists from gdrive, wordlists contain jhaddix's all.txt and massdns as well as subrute's names.txt ${NORMAL}\n"
mkdir wordlists
wget "https://drive.google.com/uc?export=download&id=1X1TTZhxfiLyqrI1Vrw0_DdhFfl3LzsbX" -O all_resolvers.zip
unzip -o all_resolvers.zip -d wordlists
rm all_resolvers.zip
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Downloading dirbuster wordlists ${NORMAL}\n"
wget "https://drive.google.com/uc?export=download&id=1KbxiE_RFZCDpBDKAJbWeG6NXe7YNtCIc" -O all_wordlists.zip
unzip -o all_wordlists.zip -d wordlists
rm all_wordlists.zip
# Finally when all is set and folder's deleted
# Get the scripts, it's in a gist
echo -e "\n${LIGHT_YELLOW}Getting the scripts ;\) ${NORMAL}\n"
wget "https://codeload.github.com/gist/8182f825bd91344ce4c2bf5e2acdf2b3/zip/5605e06e160f1f4870b60ba98438a0aa580d1e26" -O scripts.zip
unzip -j scripts.zip -d scripts
chmod +x ~/tools/scripts/*
rm scripts.zip
# for i in $( ls scripts/*.sh ); do
# dir=$( echo $i | cut -d"/" -f2 | cut -d"." -f1)
# chmod +x $i
# if [ "$dir" != "brutespray" ]; then # Cause we need to move brutespray.sh into brutespray where the brutespray.py is originally
# mkdir $dir
# mv $i $dir
# fi
# done
# rm -rf scripts/
cd ~/tools/massdns/ && git clone https://github.com/TheRook/subbrute.git
mv subbrute/* .
rm -rf subbrute
pip install wfuzz
cd ~/tools
wget -O master_script.sh "https://gist.githubusercontent.com/LuD1161/0a85aef8e27e4a7644fd4b69efb62caa/raw/32b13233a5cbcd4c0bd4754d3e7906ca9d665c2d/master_script.sh"
chmod +x master_script.sh
wget -O nmap-input-file-creator.py "https://gist.githubusercontent.com/LuD1161/dbc44c6c028de2f0cbae9e737af5aa1e/raw/652a811492e89746a71da743e4735a08a74dcad5/nmap-input-file-creator.py"
chmod +x nmap-input-file-creator.py
apt autoremove -y
echo -e "\n${LIGHT_YELLOW}Building nmap from git ${NORMAL}\n"
cd ~/tools
git clone https://github.com/nmap/nmap.git
cd nmap && sh ./configure
make
make install
echo -e "\n${LIGHT_YELLOW}Installing wpscan requirements ${NORMAL}\n"
apt-get -yq install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev gcc git ruby make software-properties-common
apt-add-repository -y ppa:rael-gc/rvm
apt-get update
apt-get install rvm
apt-get -yq install rvm
cd ~
source /etc/profile.d/rvm.sh
rvm install 2.5.1
rvm use 2.5.1 --default
echo -e "gem: --no-ri --no-rdoc" > ~/.gemrc
#echo -e "source /usr/local/rvm/scripts/rvm" >> ~/.bashrc
cd ~/tools
echo -e "${LIGHT_YELLOW}Cloning wpscan ${NORMAL}"
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
gem install bundler
bundle install --without test
### Install gobuster ####
echo -e "\n${LIGHT_YELLOW}Installing gobuster ${NORMAL}\n"
cd ~/tools && wget https://github.com/OJ/gobuster/releases/download/v2.0.1/gobuster-linux-amd64.7z
7z x gobuster-linux-amd64.7z
mv gobuster-linux-amd64/gobuster .
rm -rf gobuster-linux-amd64/
chmod +x ~/tools/gobuster
# cat targets.txt | while read line; do gobuster -f -k -e -to 5s -t 40 -w ~/tools/wordlists/starter.txt -u "$line" | tee out.txt ; done
#########################
echo -e "${LIGHT_YELLOW}Setting ulimit to 100000 ${LIGHT_GREEN}( so as to make gobuster work fine with 100 threads ) ${NORMAL}"
echo "ulimit -n 100000" >> ~/.bashrc
### Install searchsploit ####
echo -e "\n${LIGHT_YELLOW}Installing searchsploit${NORMAL}\n"
mkdir /opt
git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb
sed 's|path_array+=(.*)|path_array+=("/opt/exploitdb")|g' /opt/exploitdb/.searchsploit_rc > ~/.searchsploit_rc
ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
InstallationCompletionTime=$(date +%s)
echo -e "\n${LIGHT_YELLOW}Setting up GOPATH and GO bin in path ${NORMAL}\n"
echo "export GOPATH=$HOME/go" >> ~/.bashrc
echo "PATH=$PATH:/root/tools/chromium-latest-linux/latest/chrome-linux:/root/tools:$GOPATH/bin" >> ~/.bashrc
echo -e "${LIGHT_GREEN}Setup Complete Bug Bounty tools :) :) ${NORMAL}\n"
echo -e "${BOLD}Usage : ./master_script.sh domain basic|advanced${NORMAL}\n"
echo -e "Total Time taken : ${LIGHT_GREEN}$(( $InstallationCompletionTime-$InstallationStartTime )) ${NORMAL}seconds"
echo -e "\n${LIGHT_YELLOW}e.g. ./master_script.sh example.com basic|advanced ${NORMAL}\n"
echo -e "\n"
echo -e "${RED}Don't forget to add subfinder's config.json at ~/.config/subfinder/config.json${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}Also check for aquatone's latest binaries at : https://github.com/michenriksen/aquatone/releases${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}Enjoy :) ${NORMAL}\n"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.