lukeswitz/CyberRecon.sh

## CyberRecon.sh
#!/bin/bash

##########################################################
# CyberRecon.sh
# Comprehensive Cybersecurity Reconnaissance Script
#
# Description:
# This script performs a detailed cybersecurity reconnaissance and scanning
# for a given target domain. It integrates various tools to enumerate
# subdomains, analyze DNS, scan web endpoints, identify vulnerabilities,
# and perform port scanning. The results are compiled into a report,
# and notifications are sent via Discord.
#
# Usage:
# ./CyberRecon.sh <target-domain>
# Example: ./CyberRecon.sh example.com
#
# Output:
# All findings are stored in a target-specific directory under ./scans/.
# A final report is compiled in the same directory for easy review.
#
# Prerequisites:
# - Ensure all required tools (amass, subfinder, github-subdomains, etc.) are installed.
# - Set the 'DISCORD_WEBHOOK_URL' to your Discord webhook for notifications.
#
# Author: @lukeswitz
# Created: 22_DEC_2023
# Last Updated: 22_DEC_2023
##########################################################

# Check for input parameter
if [ "$#" -ne 1 ]; then
    echo "Usage: $0 <target-domain>"
    exit 1
fi

TARGET_DOMAIN="$1"
DISCORD_WEBHOOK_URL="your_discord_webhook_url"

# Directory setup for new target
WORKING_DIR="./scans/$TARGET_DOMAIN"
mkdir -p $WORKING_DIR

# Output files setup
SUBDOMAINS_FILE="$WORKING_DIR/subdomains.txt"
DNS_ANALYSIS_FILE="$WORKING_DIR/dns_analysis.txt"
WEB_ENDPOINTS_FILE="$WORKING_DIR/web_endpoints.txt"
VULNERABILITY_FILE="$WORKING_DIR/vulnerabilities.txt"
PORT_ENUM_FILE="$WORKING_DIR/port_enum.txt"
FINAL_REPORT="$WORKING_DIR/final_report.txt"

# Function to Notify via Discord
notify_discord() {
    curl -H "Content-Type: application/json" -d "{\"content\": \"$1\"}" $DISCORD_WEBHOOK_URL
}

# Clearing previous data
> $SUBDOMAINS_FILE
> $DNS_ANALYSIS_FILE
> $WEB_ENDPOINTS_FILE
> $VULNERABILITY_FILE
> $PORT_ENUM_FILE
> $FINAL_REPORT

# Domain and Subdomain Enumeration
echo "Starting Domain and Subdomain Enumeration..."
amass enum -d $TARGET_DOMAIN -o $WORKING_DIR/amass.txt
subfinder -d $TARGET_DOMAIN -o $WORKING_DIR/subfinder.txt
github-subdomains -d $TARGET_DOMAIN -o $WORKING_DIR/githubsubdomains.txt
findomain -t $TARGET_DOMAIN -o $WORKING_DIR/findomain.txt
assetfinder --subs-only $TARGET_DOMAIN | tee $WORKING_DIR/assetfinder.txt

# Combine and sort the results
cat $WORKING_DIR/*.txt | sort -u > $SUBDOMAINS_FILE

# DNS Analysis and History
echo "Starting DNS Analysis and History..."
rapid_dns -d $TARGET_DOMAIN | tee -a $DNS_ANALYSIS_FILE
crt.sh -d $TARGET_DOMAIN | tee -a $DNS_ANALYSIS_FILE
dnsx -l $SUBDOMAINS_FILE -o $WORKING_DIR/dnsx.txt
massdns -r lists/resolvers.txt -t A -o S -w $WORKING_DIR/massdns.txt $SUBDOMAINS_FILE
puredns bruteforce subdomains-top1million.txt $TARGET_DOMAIN --resolvers lists/resolvers.txt -w $WORKING_DIR/puredns.txt

# Combine DNS results
cat $WORKING_DIR/dnsx.txt $WORKING_DIR/massdns.txt $WORKING_DIR/puredns.txt | sort -u >> $DNS_ANALYSIS_FILE

# Web Endpoint Enumeration
echo "Starting Web Endpoint Enumeration..."
httpx -l $SUBDOMAINS_FILE -silent -threads 100 -o $WEB_ENDPOINTS_FILE
meg -l $SUBDOMAINS_FILE -p /paths.txt -o $WORKING_DIR/out
hakrawler -url $TARGET_DOMAIN | tee -a $WEB_ENDPOINTS_FILE
waybackurls $TARGET_DOMAIN | tee -a $WEB_ENDPOINTS_FILE
gau $TARGET_DOMAIN | tee -a $WEB_ENDPOINTS_FILE
waymore $TARGET_DOMAIN | tee -a $WEB_ENDPOINTS_FILE

# Data Cleaning and Management
echo "Cleaning and Managing Data..."
cat $WEB_ENDPOINTS_FILE | anew -q $WORKING_DIR/unique_web_endpoints.txt

# Vulnerability and Exposure Scanning
echo "Identifying Vulnerabilities..."
nuclei -l $WORKING_DIR/unique_web_endpoints.txt -o $WORKING_DIR/nuclei_out.txt
dalfox file $WORKING_DIR/unique_web_endpoints.txt -o $WORKING_DIR/dalfox_out.txt
sqlmap -m $WORKING_DIR/unique_web_endpoints.txt --batch --output-dir=$WORKING_DIR/sqlmap_out

# Append vulnerabilities to the report
cat $WORKING_DIR/nuclei_out.txt $WORKING_DIR/dalfox_out.txt $WORKING_DIR/sqlmap_out/* > $VULNERABILITY_FILE

# Port Scanning and Enumeration
echo "Starting Port Scanning and Enumeration..."
naabu -iL $SUBDOMAINS_FILE -o $WORKING_DIR/naabu_out.txt
RustScan -a $TARGET_DOMAIN -u 5000 -- -A -sV -oN $WORKING_DIR/rustscan_out.txt

# Append port enumeration results
cat $WORKING_DIR/naabu_out.txt $WORKING_DIR/rustscan_out.txt > $PORT_ENUM_FILE

# Compiling Final Report
echo "Compiling Final Report..."
cat $SUBDOMAINS_FILE $DNS_ANALYSIS_FILE $WEB_ENDPOINTS_FILE $VULNERABILITY_FILE $PORT_ENUM_FILE > $FINAL_REPORT

# Notify via Discord
notify_discord "Scanning and Analysis Completed for $TARGET_DOMAIN. Check the final report in $WORKING_DIR."

echo "Workflow Completed. Check $FINAL_REPORT for details."
	#!/bin/bash

	##########################################################
	# CyberRecon.sh
	# Comprehensive Cybersecurity Reconnaissance Script
	#
	# Description:
	# This script performs a detailed cybersecurity reconnaissance and scanning
	# for a given target domain. It integrates various tools to enumerate
	# subdomains, analyze DNS, scan web endpoints, identify vulnerabilities,
	# and perform port scanning. The results are compiled into a report,
	# and notifications are sent via Discord.
	#
	# Usage:
	# ./CyberRecon.sh <target-domain>
	# Example: ./CyberRecon.sh example.com
	#
	# Output:
	# All findings are stored in a target-specific directory under ./scans/.
	# A final report is compiled in the same directory for easy review.
	#
	# Prerequisites:
	# - Ensure all required tools (amass, subfinder, github-subdomains, etc.) are installed.
	# - Set the 'DISCORD_WEBHOOK_URL' to your Discord webhook for notifications.
	#
	# Author: @lukeswitz
	# Created: 22_DEC_2023
	# Last Updated: 22_DEC_2023
	##########################################################

	# Check for input parameter
	if [ "$#" -ne 1 ]; then
	echo "Usage: $0 <target-domain>"
	exit 1
	fi

	TARGET_DOMAIN="$1"
	DISCORD_WEBHOOK_URL="your_discord_webhook_url"

	# Directory setup for new target
	WORKING_DIR="./scans/$TARGET_DOMAIN"
	mkdir -p $WORKING_DIR

	# Output files setup
	SUBDOMAINS_FILE="$WORKING_DIR/subdomains.txt"
	DNS_ANALYSIS_FILE="$WORKING_DIR/dns_analysis.txt"
	WEB_ENDPOINTS_FILE="$WORKING_DIR/web_endpoints.txt"
	VULNERABILITY_FILE="$WORKING_DIR/vulnerabilities.txt"
	PORT_ENUM_FILE="$WORKING_DIR/port_enum.txt"
	FINAL_REPORT="$WORKING_DIR/final_report.txt"

	# Function to Notify via Discord
	notify_discord() {
	curl -H "Content-Type: application/json" -d "{\"content\": \"$1\"}" $DISCORD_WEBHOOK_URL
	}

	# Clearing previous data
	> $SUBDOMAINS_FILE
	> $DNS_ANALYSIS_FILE
	> $WEB_ENDPOINTS_FILE
	> $VULNERABILITY_FILE
	> $PORT_ENUM_FILE
	> $FINAL_REPORT

	# Domain and Subdomain Enumeration
	echo "Starting Domain and Subdomain Enumeration..."
	amass enum -d $TARGET_DOMAIN -o $WORKING_DIR/amass.txt
	subfinder -d $TARGET_DOMAIN -o $WORKING_DIR/subfinder.txt
	github-subdomains -d $TARGET_DOMAIN -o $WORKING_DIR/githubsubdomains.txt
	findomain -t $TARGET_DOMAIN -o $WORKING_DIR/findomain.txt
	assetfinder --subs-only $TARGET_DOMAIN \| tee $WORKING_DIR/assetfinder.txt

	# Combine and sort the results
	cat $WORKING_DIR/*.txt \| sort -u > $SUBDOMAINS_FILE

	# DNS Analysis and History
	echo "Starting DNS Analysis and History..."
	rapid_dns -d $TARGET_DOMAIN \| tee -a $DNS_ANALYSIS_FILE
	crt.sh -d $TARGET_DOMAIN \| tee -a $DNS_ANALYSIS_FILE
	dnsx -l $SUBDOMAINS_FILE -o $WORKING_DIR/dnsx.txt
	massdns -r lists/resolvers.txt -t A -o S -w $WORKING_DIR/massdns.txt $SUBDOMAINS_FILE
	puredns bruteforce subdomains-top1million.txt $TARGET_DOMAIN --resolvers lists/resolvers.txt -w $WORKING_DIR/puredns.txt

	# Combine DNS results
	cat $WORKING_DIR/dnsx.txt $WORKING_DIR/massdns.txt $WORKING_DIR/puredns.txt \| sort -u >> $DNS_ANALYSIS_FILE

	# Web Endpoint Enumeration
	echo "Starting Web Endpoint Enumeration..."
	httpx -l $SUBDOMAINS_FILE -silent -threads 100 -o $WEB_ENDPOINTS_FILE
	meg -l $SUBDOMAINS_FILE -p /paths.txt -o $WORKING_DIR/out
	hakrawler -url $TARGET_DOMAIN \| tee -a $WEB_ENDPOINTS_FILE
	waybackurls $TARGET_DOMAIN \| tee -a $WEB_ENDPOINTS_FILE
	gau $TARGET_DOMAIN \| tee -a $WEB_ENDPOINTS_FILE
	waymore $TARGET_DOMAIN \| tee -a $WEB_ENDPOINTS_FILE

	# Data Cleaning and Management
	echo "Cleaning and Managing Data..."
	cat $WEB_ENDPOINTS_FILE \| anew -q $WORKING_DIR/unique_web_endpoints.txt

	# Vulnerability and Exposure Scanning
	echo "Identifying Vulnerabilities..."
	nuclei -l $WORKING_DIR/unique_web_endpoints.txt -o $WORKING_DIR/nuclei_out.txt
	dalfox file $WORKING_DIR/unique_web_endpoints.txt -o $WORKING_DIR/dalfox_out.txt
	sqlmap -m $WORKING_DIR/unique_web_endpoints.txt --batch --output-dir=$WORKING_DIR/sqlmap_out

	# Append vulnerabilities to the report
	cat $WORKING_DIR/nuclei_out.txt $WORKING_DIR/dalfox_out.txt $WORKING_DIR/sqlmap_out/* > $VULNERABILITY_FILE

	# Port Scanning and Enumeration
	echo "Starting Port Scanning and Enumeration..."
	naabu -iL $SUBDOMAINS_FILE -o $WORKING_DIR/naabu_out.txt
	RustScan -a $TARGET_DOMAIN -u 5000 -- -A -sV -oN $WORKING_DIR/rustscan_out.txt

	# Append port enumeration results
	cat $WORKING_DIR/naabu_out.txt $WORKING_DIR/rustscan_out.txt > $PORT_ENUM_FILE

	# Compiling Final Report
	echo "Compiling Final Report..."
	cat $SUBDOMAINS_FILE $DNS_ANALYSIS_FILE $WEB_ENDPOINTS_FILE $VULNERABILITY_FILE $PORT_ENUM_FILE > $FINAL_REPORT

	# Notify via Discord
	notify_discord "Scanning and Analysis Completed for $TARGET_DOMAIN. Check the final report in $WORKING_DIR."

	echo "Workflow Completed. Check $FINAL_REPORT for details."