Last active
September 25, 2020 16:43
-
-
Save htkcodes/f9c459a2adce1d5f5c05b2c4bd4fbbd8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #ADD VHOST DISCOVERY | |
| CUR_DIR=$(pwd) | |
| github_token='' | |
| while getopts ":f:" input;do | |
| case "$input" in | |
| f) file=${OPTARG} | |
| ;; | |
| esac | |
| done | |
| if [ -z "$file" ] | |
| then | |
| echo "Please give a file like \"-f txt.url\"" | |
| exit 1 | |
| fi | |
| echo "### Get Live Domains" | |
| filename="${file%.*}" | |
| end='alive.txt' | |
| final="$filename-$end" | |
| cat $CUR_DIR/$file | httprobe -c 40 | tee -a $CUR_DIR/$final | |
| echo "####Gathering IP Addresses####" | |
| cat $CUR_DIR/$final | sed 's/^http\(\|s\):\/\///g' | xargs -n1 -P10 -I{} python3 ~/tools/recon/getip.py {} 2> /dev/null|grep IP | awk '{print $2}' | sort -u | tee -a $CUR_DIR/ip.txt | |
| echo "checking for subdomain takeovers" | |
| subjack -w $CUR_DIR/$final -t 100 -timeout 30 -o takeover.txt -ssl | |
| echo "####Starting Github Subdomain Scanning #####" | |
| mkdir -p $CUR_DIR/github_recon | |
| while IFS= read -r line; do | |
| python3 ~/tools/github-subdomains.py -t $github_token -d $line | tee -a $CUR_DIR/github_recon/github_subs.txt | |
| done < "$final" | |
| echo "####Starting Github Endpoint Scanning #####" | |
| while IFS= read -r line; do | |
| python3 ~/tools/github-endpoints.py -d $line -t $github_token -s -r | tee -a $CUR_DIR/github_recon/github_endpoints.txt | |
| done < "$final" | |
| echo "####Starting altdns####" | |
| mkdir -p $CUR_DIR/altdns_op | |
| cd $CUR_DIR/altdns_op | |
| altdns -i ../${final} -o data_output -w ~/tools/recon/patterns.txt -r -s results_output.txt | |
| cd .. | |
| echo "Starting FFUF" | |
| mkdir -p $CUR_DIR/ffuf_op | |
| for i in $(cat ${final}) | |
| do | |
| ffufop=$(echo $i | sed 's/\http\:\/\///g' | sed 's/\https\:\/\///g') | |
| ffuf -u $i/FUZZ -w ~/tools/dirsearch/db/dicc.txt -mc 200 -t 100 -fs 0 -o ffuf_op/$ffufop.html -of html | |
| done | |
| mkdir -p $CUR_DIR/masscan | |
| mkdir -p $CUR_DIR/nmap | |
| echo "STARTING PORT SCAN" | |
| echo "MASSCAN" | |
| ~/tools/masscan/bin/masscan -p 1-65535 --rate 10000 --wait 0 --open -iL $CUR_DIR/ip.txt -oX $CUR_DIR/masscan/masscan.xml | |
| xsltproc -o $CUR_DIR/masscan/final-masscan.html ~/tools/nmap-bootstrap.xsl $CUR_DIR/masscan/masscan.xml | |
| open_ports=$(cat $CUR_DIR/masscan/masscan.xml | grep portid | cut -d "\"" -f 10 | sort -n | uniq | paste -sd,) | |
| echo "NMAP" | |
| nmap -sVC -p $open_ports --open -v -T4 -Pn -iL $CUR_DIR/ip.txt -oX $CUR_DIR/nmap/nmap.xml | |
| xsltproc -o $CUR_DIR/nmap/final-nmap.html $CUR_DIR/nmap/nmap.xml | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment