zenosxx/subdomain.sh

## subdomain.sh
#!/bin/bash

echo "Recon $1"

domain=$1
path="~/Desktop/Asset-note/"
folder=recon-$(date +"%Y-%m-%d")

sub_path=$path/$domain/$folder/subdomain
filemon_path=$path/$domain/Filemonitor
android_path=$path/$domain/$folder/android
aws_path=$path/$domain/$folder/aws
nmap_path=$path/$domain/$folder/nmap
aquatone_path=$path/$domain/$folder/aquatone
dirsearch_path=$path/$domain/$folder/dirsearch
github_path=$path/$domain/$folder/github
travis_path=$path/$domain/$folder/travis
wayback_path=$path/$domain/$folder/wayback

mkdir -p $sub_path $filemon_path $android_path $aws_path $nmap_path $aquatone_path $dirsearch_path $github_path $travis_path $wayback_path

domain_recon() {
cd $sub_path

if  [ ! -f $sub_path/crt_output.txt ] && [ ! -f $sub_path/rdns_output.txt ] && [ ! -f $sub_path/amass_output.txt ] && [ ! -f $sub_path/cert_output.txt ] && [ ! -f $sub_path/sublist3r_output.txt ];

    then
    	echo -e "Running certspotter.....\n"
    	curl -ss https://certspotter.com/api/v0/certs\?domain\=$domain | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | uniq > cert_output.txt
        echo -e "Running crt....\n"
        python /home/chitoge/Desktop/Bugbounty/scripts/ct.py $domain > crt_output.txt
        echo -e "Running bufferover....\n"
        curl -ss https://dns.bufferover.run/dns?q=.$domain | jq '.FDNS_A[]' | sed 's/^\".*.,//g' | sed 's/\"$//g'  | uniq > rdns_output.txt
        echo -e "Running sublist3r.....\n"
        sublist3r -d $domain -o sublist3r_output.txt
        echo -e "Running amass ....\n"

        amass enum  -noalts -log /home/chitoge/Desktop/Bugbounty/amass/test.log -config /home/chitoge/Desktop/Bugbounty/amass/config.ini -d $domain
        cp ~/Desktop/Bugbounty/amass/amass_output/amass.txt $path/$domain/$folder/subdomain/amass_output.txt
        echo -e "Running assetfinder\n"
        assetfinder -subs-only $domain > assetfinder_output.txt
        echo -e "creating passive.txt\n"
        cat *_output.txt | uniq | grep $domain | sort -u > passive.txt
        echo -e " Passive Recon Done...\n"
        rm *_output.txt
    fi
: '
   echo -e "Starting Bruteforce\n"
   python /home/chitoge/Desktop/Bugbounty/massdns/subbrute.py /home/chitoge/Desktop/Bugbounty/commonspeak2-wordlists/subdomains/final_combined.txt $domain > brute.txt
   massdns -r /home/chitoge/Desktop/Bugbounty/massdns/lists/resolvers.txt -t A -o J -w brute.json brute.txt
   cat brute.json  | grep -v "awsdns-hostmaster.amazon.com\|coby.ns.cloudflare.com." | jq ".query_name" | sed 's/^\"\|.\"$//g' | sort -u > brute_output.txt
   cat brute_output.txt passive.txt | uniq | sort -u > output.txt
'
}
	#!/bin/bash

	echo "Recon $1"

	domain=$1
	path="~/Desktop/Asset-note/"
	folder=recon-$(date +"%Y-%m-%d")

	sub_path=$path/$domain/$folder/subdomain
	filemon_path=$path/$domain/Filemonitor
	android_path=$path/$domain/$folder/android
	aws_path=$path/$domain/$folder/aws
	nmap_path=$path/$domain/$folder/nmap
	aquatone_path=$path/$domain/$folder/aquatone
	dirsearch_path=$path/$domain/$folder/dirsearch
	github_path=$path/$domain/$folder/github
	travis_path=$path/$domain/$folder/travis
	wayback_path=$path/$domain/$folder/wayback

	mkdir -p $sub_path $filemon_path $android_path $aws_path $nmap_path $aquatone_path $dirsearch_path $github_path $travis_path $wayback_path

	domain_recon() {
	cd $sub_path

	if [ ! -f $sub_path/crt_output.txt ] && [ ! -f $sub_path/rdns_output.txt ] && [ ! -f $sub_path/amass_output.txt ] && [ ! -f $sub_path/cert_output.txt ] && [ ! -f $sub_path/sublist3r_output.txt ];

	then
	echo -e "Running certspotter.....\n"
	curl -ss https://certspotter.com/api/v0/certs\?domain\=$domain \| jq '.[].dns_names[]' \| sed 's/\"//g' \| sed 's/\*\.//g' \| uniq > cert_output.txt
	echo -e "Running crt....\n"
	python /home/chitoge/Desktop/Bugbounty/scripts/ct.py $domain > crt_output.txt
	echo -e "Running bufferover....\n"
	curl -ss https://dns.bufferover.run/dns?q=.$domain \| jq '.FDNS_A[]' \| sed 's/^\".*.,//g' \| sed 's/\"$//g' \| uniq > rdns_output.txt
	echo -e "Running sublist3r.....\n"
	sublist3r -d $domain -o sublist3r_output.txt
	echo -e "Running amass ....\n"

	amass enum -noalts -log /home/chitoge/Desktop/Bugbounty/amass/test.log -config /home/chitoge/Desktop/Bugbounty/amass/config.ini -d $domain
	cp ~/Desktop/Bugbounty/amass/amass_output/amass.txt $path/$domain/$folder/subdomain/amass_output.txt
	echo -e "Running assetfinder\n"
	assetfinder -subs-only $domain > assetfinder_output.txt
	echo -e "creating passive.txt\n"
	cat *_output.txt \| uniq \| grep $domain \| sort -u > passive.txt
	echo -e " Passive Recon Done...\n"
	rm *_output.txt
	fi
	: '
	echo -e "Starting Bruteforce\n"
	python /home/chitoge/Desktop/Bugbounty/massdns/subbrute.py /home/chitoge/Desktop/Bugbounty/commonspeak2-wordlists/subdomains/final_combined.txt $domain > brute.txt
	massdns -r /home/chitoge/Desktop/Bugbounty/massdns/lists/resolvers.txt -t A -o J -w brute.json brute.txt
	cat brute.json \| grep -v "awsdns-hostmaster.amazon.com\\|coby.ns.cloudflare.com." \| jq ".query_name" \| sed 's/^\"\\|.\"$//g' \| sort -u > brute_output.txt
	cat brute_output.txt passive.txt \| uniq \| sort -u > output.txt
	'
	}