Created
August 16, 2020 16:57
-
-
Save yehgdotnet/62873e9787c24652c1d74da9c3b33d2e to your computer and use it in GitHub Desktop.
CyberMentor's Recon script - https://pastebin.com/raw/MhE6zXVt by Heath Adams
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
url=$1 | |
if [ ! -d "$url" ];then | |
mkdir $url | |
fi | |
if [ ! -d "$url/recon" ];then | |
mkdir $url/recon | |
fi | |
# if [ ! -d '$url/recon/eyewitness' ];then | |
# mkdir $url/recon/eyewitness | |
# fi | |
if [ ! -d "$url/recon/scans" ];then | |
mkdir $url/recon/scans | |
fi | |
if [ ! -d "$url/recon/httprobe" ];then | |
mkdir $url/recon/httprobe | |
fi | |
if [ ! -d "$url/recon/potential_takeovers" ];then | |
mkdir $url/recon/potential_takeovers | |
fi | |
if [ ! -d "$url/recon/wayback" ];then | |
mkdir $url/recon/wayback | |
fi | |
if [ ! -d "$url/recon/wayback/params" ];then | |
mkdir $url/recon/wayback/params | |
fi | |
if [ ! -d "$url/recon/wayback/extensions" ];then | |
mkdir $url/recon/wayback/extensions | |
fi | |
if [ ! -f "$url/recon/httprobe/alive.txt" ];then | |
touch $url/recon/httprobe/alive.txt | |
fi | |
if [ ! -f "$url/recon/final.txt" ];then | |
touch $url/recon/final.txt | |
fi | |
echo "[+] Harvesting subdomains with assetfinder..." | |
assetfinder $url >> $url/recon/assets.txt | |
cat $url/recon/assets.txt | grep $1 >> $url/recon/final.txt | |
rm $url/recon/assets.txt | |
#echo "[+] Double checking for subdomains with amass..." | |
#amass enum -d $url >> $url/recon/f.txt | |
#sort -u $url/recon/f.txt >> $url/recon/final.txt | |
#rm $url/recon/f.txt | |
echo "[+] Probing for alive domains..." | |
cat $url/recon/final.txt | sort -u | httprobe -s -p https:443 | sed 's/https\?:\/\///' | tr -d ':443' >> $url/recon/httprobe/a.txt | |
sort -u $url/recon/httprobe/a.txt > $url/recon/httprobe/alive.txt | |
rm $url/recon/httprobe/a.txt | |
echo "[+] Checking for possible subdomain takeover..." | |
if [ ! -f "$url/recon/potential_takeovers/potential_takeovers.txt" ];then | |
touch $url/recon/potential_takeovers/potential_takeovers.txt | |
fi | |
subjack -w $url/recon/final.txt -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v 3 -o $url/recon/potential_takeovers/potential_takeovers.txt | |
echo "[+] Scanning for open ports..." | |
nmap -iL $url/recon/httprobe/alive.txt -T4 -oA $url/recon/scans/scanned.txt | |
echo "[+] Scraping wayback data..." | |
cat $url/recon/final.txt | waybackurls >> $url/recon/wayback/wayback_output.txt | |
sort -u $url/recon/wayback/wayback_output.txt | |
echo "[+] Pulling and compiling all possible params found in wayback data..." | |
cat $url/recon/wayback/wayback_output.txt | grep '?*=' | cut -d '=' -f 1 | sort -u >> $url/recon/wayback/params/wayback_params.txt | |
for line in $(cat $url/recon/wayback/params/wayback_params.txt);do echo $line'=';done | |
echo "[+] Pulling and compiling js/php/aspx/jsp/json files from wayback output..." | |
for line in $(cat $url/recon/wayback/wayback_output.txt);do | |
ext="${line##*.}" | |
if [[ "$ext" == "js" ]]; then | |
echo $line >> $url/recon/wayback/extensions/js1.txt | |
sort -u $url/recon/wayback/extensions/js1.txt >> $url/recon/wayback/extensions/js.txt | |
fi | |
if [[ "$ext" == "html" ]];then | |
echo $line >> $url/recon/wayback/extensions/jsp1.txt | |
sort -u $url/recon/wayback/extensions/jsp1.txt >> $url/recon/wayback/extensions/jsp.txt | |
fi | |
if [[ "$ext" == "json" ]];then | |
echo $line >> $url/recon/wayback/extensions/json1.txt | |
sort -u $url/recon/wayback/extensions/json1.txt >> $url/recon/wayback/extensions/json.txt | |
fi | |
if [[ "$ext" == "php" ]];then | |
echo $line >> $url/recon/wayback/extensions/php1.txt | |
sort -u $url/recon/wayback/extensions/php1.txt >> $url/recon/wayback/extensions/php.txt | |
fi | |
if [[ "$ext" == "aspx" ]];then | |
echo $line >> $url/recon/wayback/extensions/aspx1.txt | |
sort -u $url/recon/wayback/extensions/aspx1.txt >> $url/recon/wayback/extensions/aspx.txt | |
fi | |
done | |
rm $url/recon/wayback/extensions/js1.txt | |
rm $url/recon/wayback/extensions/jsp1.txt | |
rm $url/recon/wayback/extensions/json1.txt | |
rm $url/recon/wayback/extensions/php1.txt | |
rm $url/recon/wayback/extensions/aspx1.txt | |
#echo "[+] Running eyewitness against all compiled domains..." | |
#python3 EyeWitness/EyeWitness.py --web -f $url/recon/httprobe/alive.txt -d $url/recon/eyewitness --resolve |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment