From 8288c42aff0f33e69fcb3172ad5a68b87f116933 Mon Sep 17 00:00:00 2001 From: Eshan Singh <32596297+R0X4R@users.noreply.github.com> Date: Mon, 15 Aug 2022 17:33:52 +0530 Subject: [PATCH] Upgraded to v4.0 Fixed minor-issues, update install.sh file code and added dorks searching in garud. --- .github/FUNDING.yml | 3 +- README.md | 9 +- garud | 32 ++- install.sh | 464 ++++++++++++++++++++++++++++++-------------- 4 files changed, 343 insertions(+), 165 deletions(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 75865c6..aaa8abd 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,2 +1,3 @@ # These are supported funding model platforms -ko_fi: r0x4r +ko_fi: R0X4R +custom: ['https://pmny.in/bIKNZngt4ys1', 'https://www.buymeacoffee.com/R0X4R', 'https://www.paypal.com/paypalme/r0x4r'] \ No newline at end of file diff --git a/README.md b/README.md index 1fc06eb..db448d3 100644 --- a/README.md +++ b/README.md @@ -22,7 +22,7 @@ I made this tool to automate my recon and save my time. It really give me headac The script first enumerates all the subdomains of the give target domain using assetfinder, sublister, subfinder and amass then filters all live domains from the whole subdomain list then it extarct titles of the subdomains using httpx then it scans for subdomain takeover using nuclei. Then it uses gauplus to extract paramters of the given subdomains then it use gf patterns to filters xss, ssti, ssrf, sqli params from that given subdomains and then it scans for low hanging fruits as well. Then it'll save all the output in a text file like target-xss.txt. Then it will send the notifications about the scan using notify.
```txt -What's new in v3.5: fixed some previous issues and filter out time waste vulns(you need to find them manually). +What's new in v4.0: fixed some previous issues and filter out time waste vulns(you need to find them manually) and added dorking. ```

How garud works

@@ -70,6 +70,8 @@ garud:~ apt install git garud:~ git clone https://github.com/R0X4R/Garud.git && cd Garud/ && chmod +x garud install.sh && mv garud /usr/bin/ && ./install.sh ``` +> **Note**: If you encounter any-issue while running `install.sh` file or `garud` run `sed -i -e 's/\r$//' install.sh` +

Usage

@@ -184,8 +186,9 @@ Garud runs as root inside the container & so it is advisable to configure Linux

Donate

- -

+ +|[`buymeacoffee.com/R0X4R`](https://www.buymeacoffee.com/R0X4R)|[`payU India`](https://pmny.in/bIKNZngt4ys1)|[`kofi.com/R0X4R`](https://ko-fi.com/i/IK3K34SJSA)| +|--------|--------|------| ### Thanks to the authors of the tools used in this script. diff --git a/garud b/garud index 2076aab..72c2938 100755 --- a/garud +++ b/garud @@ -1,6 +1,6 @@ #!/usr/bin/env bash # coded by R0X4R -# Garud - version 3.5 +# Garud - version 4.0 # Contributers: KathanP19 (https://github.com/KathanP19), frost19k (https://github.com/frost19k), f8al (https://github.com/f8al), theamanrawat (https://github.com/theamanrawat), remonsec (https://github.com/remonsec), simrotion13 (https://github.com/simrotion13) #@> CHECK CONNECTION @@ -16,7 +16,7 @@ EC= SL=False JO=False RO=False -VR="Garud v3.5" +VR="Garud v4.0" PR="21,22,80,81,280,300,443,583,591,593,832,981,1010,1099,1311,2082,2087,2095,2096,2480,3000,3128,3333,4243,4444,4445,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7002,7396,7474,8000,8001,8008,8009,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8530,8531,8834,8880,8887,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,10443,11371,12043,12046,12443,15672,16080,17778,18091,18092,20720,28017,32000,55440,55672" #@> COLORS @@ -162,9 +162,9 @@ SUBD_SCND(){ SUBD_CHCK(){ #@> FILTERING DOMAINS if [ -f "$EC" ]; then - cat .tmp/*.list | grep -v "*" | grep -vf $EC | sort -u | sed '/@\|
\|\_\|*/d' | dnsx -retry 3 -r ~/wordlists/resolvers.txt -t 10 -silent | anew -q database/subdomains.txt + cat .tmp/*.list | grep -v "*" | grep -vf $EC | sort -u | sed '/@\|
\|\_\|*/d' | dnsx -a -aaaa -cname -ns -ptr -mx -soa -retry 3 -r ~/wordlists/resolvers.txt -t 10 -silent | anew -q database/subdomains.txt else - cat .tmp/*.list | grep -v "*" | sort -u | sed '/@\|
\|\_\|*/d' | dnsx -retry 3 -r ~/wordlists/resolvers.txt -t 10 -silent | anew -q database/subdomains.txt + cat .tmp/*.list | grep -v "*" | sort -u | sed '/@\|
\|\_\|*/d' | dnsx -a -aaaa -cname -ns -ptr -mx -soa -retry 3 -r ~/wordlists/resolvers.txt -t 10 -silent | anew -q database/subdomains.txt fi #@> WEB PROBING AND SCREENSHOT @@ -190,6 +190,7 @@ SUBD_SCAN(){ #@> WEB CRAWLING AND FILTERING WEBC_RAWL(){ echo -e "${BK} ${RT}" | tr -d '\n' | pv -qL 6; echo -e " STARTING WEBCRAWLING ON ${BK}$DM${RT} (${YW}it may take time${RT})" + agnee -d $DM -q -o database/dorks.txt -p 4 timeout 50m gospider -S database/lives.txt -d 10 -c 20 -t 50 -K 3 --no-redirect --js -a -w --blacklist ".(eot|jpg|jpeg|gif|css|tif|tiff|png|ttf|otf|woff|woff2|ico|svg|txt)" --include-subs -q -o .tmp/gospider 2> /dev/null | anew -q .tmp/gospider.list xargs -a database/lives.txt -P 50 -I % bash -c "echo % | waybackurls" 2> /dev/null | anew -q .tmp/waybackurls.list xargs -a database/lives.txt -P 50 -I % bash -c "echo % | gau --blacklist eot,jpg,jpeg,gif,css,tif,tiff,png,ttf,otf,woff,woff2,ico,svg,txt --retries 3 --threads 50" 2> /dev/null | anew -q .tmp/gau.list 2> /dev/null &> /dev/null @@ -197,18 +198,13 @@ WEBC_RAWL(){ [ "$JO" == "False" ] || cat database/urls.txt | python3 -c "import sys; import json; print (json.dumps({'endpoints':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/urls.json &> /dev/null #@> FILTERING ENDPOINTS USING PATTERNS - if [ -s "database/urls.txt" ]; then - gf xss database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/xss.list - gf lfi database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/lfi.list - gf rce database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/rce.list - gf ssrf database/urls.txt | sed "s/'\|(\|)//g" | bhedak "http://169.254.169.254/latest/meta-data/hostname" 2> /dev/null | anew -q database/.gf/ssrf.list - gf ssti database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/ssti.list - gf sqli database/urls.txt | sed "s/'\|(\|)//g" | bhedak "(select(0)from(select(sleep(5)))v)" 2> /dev/null | anew -q database/.gf/sqli.list - gf redirect database/urls.txt | sed "s/'\|(\|)//g" | bhedak "http://www.evil.com/" 2> /dev/null | anew -q database/.gf/redirect.list - else - echo -e "[!] - \"database/urls.txt\" file not found or doesn't contain anything" - exit 127 - fi + gf xss database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/xss.list + gf lfi database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/lfi.list + gf rce database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/rce.list + gf ssrf database/urls.txt | sed "s/'\|(\|)//g" | bhedak "http://169.254.169.254/latest/meta-data/hostname" 2> /dev/null | anew -q database/.gf/ssrf.list + gf ssti database/urls.txt | sed "s/'\|(\|)//g" | bhedak "FUZZ" 2> /dev/null | anew -q database/.gf/ssti.list + gf sqli database/urls.txt | sed "s/'\|(\|)//g" | bhedak "(select(0)from(select(sleep(5)))v)" 2> /dev/null | anew -q database/.gf/sqli.list + gf redirect database/urls.txt | sed "s/'\|(\|)//g" | bhedak "http://www.evil.com/" 2> /dev/null | anew -q database/.gf/redirect.list xargs -a database/.gf/xss.list -P 30 -I % bash -c "echo % | kxss" 2> /dev/null | grep "< >\|\"" | awk '{print $2}' | anew -q .tmp/xssp.list cat .tmp/xssp.list 2> /dev/null | bhedak "\">/>" 2> /dev/null | anew -q .tmp/xss.txt @@ -254,7 +250,7 @@ VULN_SCAN(){ [ "$SL" == "False" ] && cat vulns/sqli.txt 2> /dev/null [ "$JO" == "False" ] || cat vulns/sqli.txt 2> /dev/null | python3 -c "import sys; import json; print (json.dumps({'vuln_redirect':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/redirect.json &> /dev/null - dalfox file .tmp/xssp.list --silence --no-color --no-spinner --mass --mass-worker 100 --skip-bav -w 100 -H "X-Bugbounty: Testing" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" 2> /dev/null | anew vulns/dalfoxss.txt | notify -silent &> /dev/null + dalfox file .tmp/xssp.list --silence --no-color --waf-evasion --no-spinner --mass --mass-worker 100 --skip-bav -w 100 -H "X-Bugbounty: Testing" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36" 2> /dev/null | anew vulns/dalfoxss.txt | notify -silent &> /dev/null [ "$SL" == "False" ] && cat vulns/dalfoxss.txt 2> /dev/null [ "$JO" == "False" ] || cat vulns/dalfoxss.txt 2> /dev/null | python3 -c "import sys; import json; print (json.dumps({'dalfox':list(sys.stdin)}))" | sed 's/\\n//g' | tee .json/dalfox.json &> /dev/null @@ -293,5 +289,5 @@ do INFOM MAKDR VAULT - exit 0 + exit done \ No newline at end of file diff --git a/install.sh b/install.sh index bf4062b..96d2b69 100644 --- a/install.sh +++ b/install.sh @@ -1,145 +1,323 @@ -#!/usr/bin/env bash +#!/bin/bash BK="\e[7m" RT="\e[0m" -echo -e "Make sure you're root before installing the tools" -sleep 5s -clear -mkdir -p ~/tools -mkdir -p ~/tools/.tmp/ -mkdir -p ~/.gf -mkdir -p ~/wordlists/ -mv .github/payloads/patterns/*.json ~/.gf/ -cd - -echo -e "${BK} ${RT}" | tr -d '\n' | pv -qL 4; echo -e " ${BK}INSTALLING ALL DEPENDENCIES${RT}" -sudo apt-get update > /dev/null 2>&1 -sudo apt-get dist-upgrade > /dev/null 2>&1 -sudo apt-get install git python3 python3-pip snapd cmake jq libpcap-dev screen build-essential clang zip unzip pv -y > /dev/null 2>&1 - -echo -e "- Installing go-lang" -wget https://go.dev/dl/go1.18.1.linux-amd64.tar.gz > /dev/null 2>&1 -rm -rf /usr/local/go && tar -C /usr/local -xzf go1.18.1.linux-amd64.tar.gz > /dev/null 2>&1 -export GOROOT=/usr/local/go -export GOPATH=$HOME/go -export PATH=$GOPATH/bin:$GOROOT/bin:$PATH -echo 'export GOROOT=/usr/local/go' >> ~/.bashrc -echo 'export GOPATH=$HOME/go' >> ~/.bashrc -echo 'export PATH=$GOPATH/bin:$GOROOT/bin:$PATH' >> ~/.bashrc -source ~/.bashrc - -echo -e "- Installing chromium" -sudo snap install chromium > /dev/null 2>&1 - -echo -e "${BK} ${RT}" | tr -d '\n' | pv -qL 4; echo -e " ${BK}DOWNLOADING ALL TOOLS FROM GITHUB${RT}" - -echo -e "- Installing sublister" -cd && git clone https://github.com/aboul3la/Sublist3r.git ~/tools/Sublist3r > /dev/null 2>&1; cd ~/tools/Sublist3r; sudo pip3 install -r requirements.txt > /dev/null 2>&1 - -echo -e "-Installing bhedak" -cd && pip3 install bhedak > /dev/null 2>&1 - -echo -e "- Installing uro" -cd && pip3 install tldextract > /dev/null 2>&1 -cd && pip3 install uro > /dev/null 2>&1 - -echo -e "- Installing anew" -go install github.com/tomnomnom/anew@latest > /dev/null 2>&1 - -echo -e "- Installing naabu" -go install github.com/projectdiscovery/naabu/v2/cmd/naabu@latest > /dev/null 2>&1 - -echo -e "- Installing gobuster" -go install github.com/OJ/gobuster/v3@latest > /dev/null 2>&1 - -echo -e "- Installing gf" -go install github.com/tomnomnom/gf@latest > /dev/null 2>&1 - -echo -e "- Installing gospider" -cd && git clone https://github.com/jaeles-project/gospider ~/tools/.tmp/ > /dev/null 2>&1; cd ~/tools/.tmp/gospider; go build . && mv gospider /usr/bin/ - -echo -e "- Installing aquatone" -wget -q https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip > /dev/null 2>&1; unzip aquatone_linux_amd64_1.7.0.zip > /dev/null 2>&1; mv aquatone /usr/bin/; rm -rf aquatone* LICENSE.txt README.md - -echo -e "- Installing assetfinder" -go install github.com/tomnomnom/assetfinder@latest > /dev/null 2>&1 - -echo -e "- Installing crobat" -go install github.com/cgboal/sonarsearch/cmd/crobat@latest > /dev/null 2>&1 - -echo -e "- Installing gau" -go install github.com/lc/gau/v2/cmd/gau@latest > /dev/null 2>&1 - -echo -e "- Installing waybackurls" -go install github.com/tomnomnom/waybackurls@latest > /dev/null 2>&1 - -echo -e "- Installing kxss" -go install github.com/Emoe/kxss@latest > /dev/null 2>&1 - -echo -e "- Installing qsreplace" -go install github.com/tomnomnom/qsreplace@latest > /dev/null 2>&1 - -echo -e "- Installing ffuf" -cd ~/tools/.tmp/ && git clone https://github.com/ffuf/ffuf > /dev/null 2>&1; cd ffuf; go install > /dev/null 2>&1 - -echo -e "- Installing dnsx" -go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest > /dev/null 2>&1 - -echo -e "- Installing notify" -go install -v github.com/projectdiscovery/notify/cmd/notify@latest > /dev/null 2>&1 - -echo -e "- Installing dalfox" -go install github.com/hahwul/dalfox/v2@latest > /dev/null 2>&1 - -echo -e "- Installing crlfuzz" -cd ~/tools/.tmp/ && git clone https://github.com/dwisiswant0/crlfuzz > /dev/null 2>&1 -cd crlfuzz/cmd/crlfuzz && go build . > /dev/null 2>&1 -mv crlfuzz /usr/bin - -echo -e "- Installing nuclei" -go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest > /dev/null 2>&1 - -echo -e "- Installing subfinder" -go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest > /dev/null 2>&1 - -echo -e "- Installing httprobe" -cd ~/tools/.tmp && git clone https://github.com/tomnomnom/httprobe.git > /dev/null 2>&1 -cd httprobe && go build . > /dev/null 2>&1 -mv httprobe /usr/bin/ - -echo -e "- Installing httpx" -go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest > /dev/null 2>&1 - -echo -e "- Installing amass" -cd ~/tools/.tmp/ && git clone https://github.com/OWASP/Amass > /dev/null 2>&1 -cd Amass/cmd/amass && go build . > /dev/null 2>&1 -mv amass /usr/bin/ - -echo -e "- Installing gobuster" -go install github.com/OJ/gobuster/v3@latest > /dev/null 2>&1 - -echo -e "- Installing Jeeves" -go install github.com/ferreiraklet/Jeeves@latest > /dev/null 2>&1 - -echo -e "${BK} ${RT}" | tr -d '\n' | pv -qL 4; echo -e " ${BK}DOWNLOADING ALL THE WORDLISTS${RT}" -cd ~/wordlists/ -echo -e "- Downloading subdomains wordlists" -wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/deepmagic.com-prefixes-top50000.txt -O subdomains.txt > /dev/null 2>&1 -echo -e "- Downloading resolvers wordlists" -wget -q https://raw.githubusercontent.com/janmasarik/resolvers/master/resolvers.txt -O resolvers.txt > /dev/null 2>&1 -echo -e "- Downloading fuzz wordlists" -wget -q https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt -O fuzz.txt > /dev/null 2>&1 -sleep 2s - -echo -e "${BK} ${RT}" | tr -d '\n' | pv -qL 4; echo -e " ${BK}FINISHING UP THINGS${RT}" -rm -rf ~/tools/.tmp/ > /dev/null 2>&1 -cp -r ~/go/src/github.com/tomnomnom/gf/examples ~/.gf/ > /dev/null 2>&1 -echo 'source ~/go/src/github.com/tomnomnom/gf/gf-completion.bash' >> ~/.bashrc -git clone https://github.com/1ndianl33t/Gf-Patterns > /dev/null 2>&1 -mv ~/Gf-Patterns/*.json ~/.gf > /dev/null 2>&1 -sudo cp ~/go/bin/* /usr/bin/ > /dev/null 2>&1 -nuclei -update-templates > /dev/null 2>&1 -sleep 2s - -echo -e "PLEASE CONFIGURE NOTIFY API'S IN ${BK} ~/.config/notify/provider-config.yaml ${RT} FILE" -echo -e "THANKS FOR INSTALLING ${BK}GARUD${RT}. HAPPY HUNTING :)\nPS: If you get any bug using garud, please tweet about it and tag @R0X4R, also support me on ko-fi" -garud -h \ No newline at end of file +GR="\e[32m" +YW="\e[93m" + +if (( $EUID != 0 )); then + echo -e "MAKE SURE YOU'RE ROOT BEFORE RUNNING THE SCRIPT" + exit +fi + +folders(){ + mkdir -p ~/tools + mkdir -p ~/tools/.tmp + mkdir -p ~/.gf + mkdir -p ~/wordlists +} + +golanguage(){ + goversion=$(curl -ks -L https://go.dev/VERSION?m=text) + wget https://go.dev/dl/$goversion.linux-amd64.tar.gz -q + rm -rf /usr/local/go && tar -C /usr/local -xzf $goversion.linux-amd64.tar.gz + export PATH=$PATH:/usr/local/go/bin + echo "export PATH=$PATH:/usr/local/go/bin" >> .bashrc + if command -v go &> /dev/null; then + echo -e "\n${GR}GO INSTALLED SUCCESSFULLY${RT}" + else + echo -e "\n${YW}THERE'S A PROBLEM INSTALLING GO, TRY INSTALLING IT MANUALLY${RT}" + fi + rm -rf $goversion.linux-amd64.tar.gz +} + +dependencies(){ + mv .github/payloads/patterns/*.json ~/.gf/ 2> /dev/null && cd + echo -e "${BK}INSTALLING ALL DEPENDENCIES${RT}" + sudo apt-get update > /dev/null 2>&1 + sudo apt-get full-upgrade -y > /dev/null 2>&1 + sudo apt-get install apt-transport-https bsdmainutils build-essential snapd cmake curl dnsutils gcc git jq libdata-hexdump-perl libffi-dev libpcap-dev libssl-dev libxml2-dev libxml2-utils libxslt1-dev lynx medusa nmap procps pv python3 python3-dev python3-pip wget zip zlib1g-dev libpcap-dev screen -y > /dev/null 2>&1 + sudo snap install chromium > /dev/null 2>&1 + golanguage + echo -e "${GR}SUCCESS${RT}\n" +} + +githubd(){ + echo -e "${BK}DOWNLOADING AND INSTALLING ALL TOOLS FROM GITHUB${RT}\n" + + echo -e "\n- Installing Sublister" + git clone https://github.com/aboul3la/Sublist3r.git -q ~/tools/Sublist3r + cd ~/tools/Sublist3r && sudo pip3 install -r requirements.txt > /dev/null 2>&1 + git clone https://github.com/1ndianl33t/Gf-Patterns -q && mv Gf-Patterns/*.json ~/.gf/ && rm -rf Gf-Patterns/ > /dev/null 2>&1 + if [ -s ~/tools/Sublist3r/sublister.py ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing Bhedak" + cd && pip3 install bhedak > /dev/null 2>&1 + cd && pip3 install tldextract > /dev/null 2>&1 + which bhedak &> /dev/null && + if command -v bhedak &> /dev/null; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing Agnee" + sudo pip3 install git+https://github.com/R0X4R/Search-Engines-Scraper.git > /dev/null 2>&1 && sudo pip3 install agnee > /dev/null 2>&1 + if command -v agnee &> /dev/null; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing uro" + cd && pip3 install uro > /dev/null 2>&1 + if command -v uro &> /dev/null; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing anew" + go install github.com/tomnomnom/anew@latest > /dev/null 2>&1 + if [ -f ~/go/bin/anew ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing naabu" + go install github.com/projectdiscovery/naabu/v2/cmd/naabu@latest > /dev/null 2>&1 + if [ -f ~/go/bin/naabu ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing gobuster" + go install github.com/OJ/gobuster/v3@latest > /dev/null 2>&1 + if [ -f ~/go/bin/gobuster ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing gf" + go install github.com/tomnomnom/gf@latest > /dev/null 2>&1 + if [ -f ~/go/bin/anew ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing gospider" + cd && git clone https://github.com/jaeles-project/gospider ~/tools/.tmp/gospider -q + cd ~/tools/.tmp/gospider 2> /dev/null + go install > /dev/null 2>&1 + if [ -f ~/go/bin/gospider ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing aquatone" + wget -q https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip > /dev/null 2>&1 + unzip aquatone_linux_amd64_1.7.0.zip > /dev/null 2>&1 + mv aquatone /usr/bin/ > /dev/null 2>&1 + rm -rf aquatone* LICENSE.txt README.md + if command -v aquatone &> /dev/null; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing assetfinder" + go install github.com/tomnomnom/assetfinder@latest > /dev/null 2>&1 + if [ -f ~/go/bin/assetfinder ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing crobat" + go install github.com/cgboal/sonarsearch/cmd/crobat@latest > /dev/null 2>&1 + if [ -f ~/go/bin/crobat ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing gau" + go install github.com/lc/gau/v2/cmd/gau@latest > /dev/null 2>&1 + if [ -f ~/go/bin/gau ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing waybackurls" + go install github.com/tomnomnom/waybackurls@latest > /dev/null 2>&1 + if [ -f ~/go/bin/waybackurls ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing kxss" + go install github.com/Emoe/kxss@latest > /dev/null 2>&1 + if [ -f ~/go/bin/kxss ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing qsreplace" + go install github.com/tomnomnom/qsreplace@latest > /dev/null 2>&1 + if [ -f ~/go/bin/qsreplace ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing ffuf" + cd ~/tools/.tmp/ && git clone https://github.com/ffuf/ffuf -q + cd ffuf && go install > /dev/null 2>&1 + if [ -f ~/go/bin/ffuf ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing dnsx" + go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest > /dev/null 2>&1 + if [ -f ~/go/bin/dnsx ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing notify" + go install -v github.com/projectdiscovery/notify/cmd/notify@latest > /dev/null 2>&1 + if [ -f ~/go/bin/notify ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing dalfox" + go install github.com/hahwul/dalfox/v2@latest > /dev/null 2>&1 + if [ -f ~/go/bin/dalfox ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing crlfuzz" + cd ~/tools/.tmp/ && git clone https://github.com/dwisiswant0/crlfuzz -q + cd crlfuzz/cmd/crlfuzz && go install > /dev/null 2>&1 + if [ -f ~/go/bin/crlfuzz ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing nuclei" + go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest > /dev/null 2>&1 + if [ -f ~/go/bin/nuclei ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing subfinder" + go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest > /dev/null 2>&1 + if [ -f ~/go/bin/subfinder ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing httprobe" + cd ~/tools/.tmp && git clone https://github.com/tomnomnom/httprobe.git -q + cd httprobe && go install > /dev/null 2>&1 + if [ -f ~/go/bin/httprobe ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing httpx" + go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest > /dev/null 2>&1 + if [ -f ~/go/bin/httpx ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing amass" + go install -v github.com/OWASP/Amass/v3/...@master > /dev/null 2>&1 + if [ -f ~/go/bin/amass ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Installing gobuster" + go install github.com/OJ/gobuster/v3@latest > /dev/null 2>&1 + if [ -f ~/go/bin/gobuster ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi +} + +wordlistsd(){ + echo -e "\n${BK}DOWNLOADING ALL THE WORDLISTS${RT}" + cd ~/wordlists/ + + echo -e "\n- Downloading subdomains wordlists" + wget -q https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/DNS/deepmagic.com-prefixes-top50000.txt -O subdomains.txt + if [ -s subdomains.txt ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Downloading resolvers wordlists" + wget -q https://raw.githubusercontent.com/janmasarik/resolvers/master/resolvers.txt -O resolvers.txt + if [ -s resolvers.txt ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi + + echo -e "\n- Downloading fuzz wordlists" + wget -q https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt -O fuzz.txt + if [ -s fuzz.txt ]; then + echo -e "${GR}SUCCESS${RT}" + else + echo -e "${YW}FAILED${RT}" + fi +} + +main(){ + folders + dependencies + githubd + wordlistsd + echo -e "\n${BK}FINISHING UP THINGS${RT}" + rm -rf ~/tools/.tmp/ > /dev/null 2>&1 + sudo cp ~/go/bin/* /usr/bin/ > /dev/null 2>&1 + nuclei -update-templates > /dev/null 2>&1 + echo -e "\nPLEASE CONFIGURE NOTIFY API'S IN ${BK} ~/.config/notify/provider-config.yaml ${RT} FILE" + echo -e "THANKS FOR INSTALLING ${BK}GARUD${RT}. HAPPY HUNTING :)\nPS: If you get any bug using garud, please tweet about it and tag @R0X4R, also support me on ko-fi" + garud -h 2> /dev/null +} + +while true +do + main + exit +done \ No newline at end of file