Skip to content

Commit

Permalink
Pre v3 release
Browse files Browse the repository at this point in the history
  • Loading branch information
six2dez committed Oct 19, 2023
1 parent 6f32bd9 commit 174d475
Show file tree
Hide file tree
Showing 6 changed files with 140 additions and 135 deletions.
6 changes: 2 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
</h1>

<p align="center">
<a href="https://github.com/six2dez/reconftw/releases/tag/v2.7">
<img src="https://img.shields.io/badge/release-v2.7-green">
<a href="https://github.com/six2dez/reconftw/releases/tag/v2.7.1">
<img src="https://img.shields.io/badge/release-v2.7.1-green">
</a>
</a>
<a href="https://opensource.org/licenses/MIT">
Expand Down Expand Up @@ -173,7 +173,6 @@ export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
AMASS_CONFIG=~/.config/amass/config.ini
GITHUB_TOKENS=${tools}/.github_tokens
GITLAB_TOKENS=${tools}/.gitlab_tokens
SUBGPT_COOKIE=${tools}/subgpt_cookies.json
#CUSTOM_CONFIG=custom_config_path.txt # In case you use a custom config file, uncomment this line and set your files path

# APIs/TOKENS - Uncomment the lines you want removing the '#' at the beginning of the line
Expand Down Expand Up @@ -212,7 +211,6 @@ SUBBRUTE=true # DNS bruteforcing
SUBSCRAPING=true # Subdomains extraction from web crawling
SUBPERMUTE=true # DNS permutations
SUBREGEXPERMUTE=true # Permutations by regex analysis
SUBGPT=true # Permutations by BingGPT prediction
PERMUTATIONS_OPTION=gotator # The alternative is "ripgen" (faster, not deeper)
GOTATOR_FLAGS=" -depth 1 -numbers 3 -mindup -adv -md" # Flags for gotator
SUBTAKEOVER=false # Check subdomain takeovers, false by default cuz nuclei already check this
Expand Down
20 changes: 12 additions & 8 deletions Terraform/files/reconftw.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@ fuzzing_remote_list="https://raw.githubusercontent.com/six2dez/OneListForAll/mai
proxy_url="http://127.0.0.1:8080/" # Proxy url
install_golang=true # Set it to false if you already have Golang configured and ready
upgrade_tools=true
upgrade_before_running=false # Upgrade tools before running
#dir_output=/custom/output/path

# Golang Vars (Comment or change on your own)
Expand All @@ -27,7 +28,6 @@ export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
AMASS_CONFIG=~/.config/amass/config.ini
GITHUB_TOKENS=${tools}/.github_tokens
GITLAB_TOKENS=${tools}/.gitlab_tokens
SUBGPT_COOKIE=${tools}/subgpt_cookies.json
#CUSTOM_CONFIG=custom_config_path.txt # In case you use a custom config file, uncomment this line and set your files path

# APIs/TOKENS - Uncomment the lines you want removing the '#' at the beginning of the line
Expand All @@ -52,6 +52,7 @@ EMAILS=true # Fetch emails from differents sites
DOMAIN_INFO=true # whois info
REVERSE_WHOIS=true # amass intel reverse whois info, takes some time
IP_INFO=true # Reverse IP search, geolocation and whois
POSTMAN_LEAKS=true # Check for postman leaks
METAFINDER_LIMIT=20 # Max 250

# Subdomains
Expand All @@ -60,16 +61,16 @@ RUNSUBFINDER=true
SUBDOMAINS_GENERAL=true # Enable or disable the whole Subdomains module
SUBPASSIVE=true # Passive subdomains search
SUBCRT=true # crtsh search
SUBNOERROR=true # Check DNS NOERROR response and BF on them
CTR_LIMIT=999999 # Limit the number of results
SUBNOERROR=false # Check DNS NOERROR response and BF on them
SUBANALYTICS=true # Google Analytics search
SUBBRUTE=true # DNS bruteforcing
SUBSCRAPING=true # Subdomains extraction from web crawling
SUBPERMUTE=true # DNS permutations
SUBREGEXPERMUTE=true # Permutations by regex analysis
SUBGPT=true # Permutations by BingGPT prediction
PERMUTATIONS_OPTION=gotator # The alternative is "ripgen" (faster, not deeper)
GOTATOR_FLAGS=" -depth 1 -numbers 3 -mindup -adv -md" # Flags for gotator
SUBTAKEOVER=false # Check subdomain takeovers, false by default cuz nuclei already check this
SUBTAKEOVER=true # Check subdomain takeovers, false by default cuz nuclei already check this
SUB_RECURSIVE_PASSIVE=false # Uses a lot of API keys queries
DEEP_RECURSIVE_PASSIVE=10 # Number of top subdomains for recursion
SUB_RECURSIVE_BRUTE=false # Needs big disk space and time to resolve
Expand All @@ -96,8 +97,9 @@ CDN_IP=true # Check which IPs belongs to CDN
# Web analysis
WAF_DETECTION=true # Detect WAFs
NUCLEICHECK=true # Enable or disable nuclei
NUCLEI_TEMPLATES_PATH="$HOME/nuclei-templates" # Set nuclei templates path
NUCLEI_SEVERITY="info,low,medium,high,critical" # Set templates criticity
NUCLEI_FLAGS=" -silent -t $HOME/nuclei-templates/ -retries 2" # Additional nuclei extra flags, don't set the severity here but the exclusions like " -etags openssh"
NUCLEI_FLAGS=" -silent -t ${NUCLEI_TEMPLATES_PATH}/ -retries 2" # Additional nuclei extra flags, don't set the severity here but the exclusions like " -etags openssh"
NUCLEI_FLAGS_JS=" -silent -tags exposure,token -severity info,low,medium,high,critical" # Additional nuclei extra flags for js secrets
URL_CHECK=true # Enable or disable URL collection
URL_CHECK_PASSIVE=true # Search for urls, passive methods from Archive, OTX, CommonCrawl, etc
Expand All @@ -110,8 +112,8 @@ CMS_SCANNER=true # CMS scanner
WORDLIST=true # Wordlist generation
ROBOTSWORDLIST=true # Check historic disallow entries on waybackMachine
PASSWORD_DICT=true # Generate password dictionary
PASSWORD_MIN_LENGTH=5 # Min password lenght
PASSWORD_MAX_LENGTH=14 # Max password lenght
PASSWORD_MIN_LENGTH=5 # Min password length
PASSWORD_MAX_LENGTH=14 # Max password length

# Vulns
VULNS_GENERAL=false # Enable or disable the vulnerability module (very intrusive and slow)
Expand All @@ -133,6 +135,7 @@ PROTO_POLLUTION=true # Check for prototype pollution flaws
SMUGGLING=true # Check for HTTP request smuggling flaws
WEBCACHE=true # Check for Web Cache issues
BYPASSER4XX=true # Check for 4XX bypasses
FUZZPARAMS=true # Fuzz parameters values

# Extra features
NOTIFICATION=false # Notification for every function
Expand All @@ -146,7 +149,7 @@ REMOVELOG=false # Delete logs after execution
PROXY=false # Send to proxy the websites found
SENDZIPNOTIFY=false # Send to zip the results (over notify)
PRESERVE=true # set to true to avoid deleting the .called_fn files on really large scans
FFUF_FLAGS=" -mc all -fc 404 -ac -sf" # Ffuf flags
FFUF_FLAGS=" -mc all -fc 404 -ach -sf -of json" # Ffuf flags
HTTPX_FLAGS=" -follow-redirects -random-agent -status-code -silent -title -web-server -tech-detect -location -content-length" # Httpx flags for simple web probing
GOWITNESS_FLAGS=" --disable-logging --timeout 5"

Expand Down Expand Up @@ -189,6 +192,7 @@ FFUF_MAXTIME=900 # Seconds
HTTPX_TIMEOUT=10 # Seconds
HTTPX_UNCOMMONPORTS_TIMEOUT=10 # Seconds
PERMUTATIONS_LIMIT=21474836480 # Bytes, default is 20 GB
GOWITNESS_TIMEOUT_PER_SITE=20 # Seconds

# lists
fuzz_wordlist=${tools}/fuzz_wordlist.txt
Expand Down
128 changes: 71 additions & 57 deletions install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,45 +6,37 @@ dir=${tools}
double_check=false

# ARM Detection
if [[ $(uname -m) == "amd64" ]] || [[ $(uname -m) == "x86_64" ]]; then
IS_ARM="False"
fi
if [[ $(uname -m) == "arm64" ]] || [[ $(uname -m) == "armv6l" ]]; then
IS_ARM="True"
if [[ $(uname -m) == "arm64" ]]; then
RPI_4="False"
else
RPI_3="True"
fi
fi
ARCH=$(uname -m)
case $ARCH in
amd64|x86_64) IS_ARM="False" ;;
arm64|armv6l)
IS_ARM="True"
RPI_4=$([[ $ARCH == "arm64" ]] && echo "True" || echo "False")
RPI_3=$([[ $ARCH == "arm64" ]] && echo "False" || echo "True")
;;
esac

#Mac Osx Detecting
if [[ "$OSTYPE" == "darwin"* ]]; then
IS_MAC="True"
else
IS_MAC="False"
fi

# Check Bash version
#(bash --version | awk 'NR==1{print $4}' | cut -d'.' -f1) 2&>/dev/null || echo "Unable to get bash version, for MacOS run 'brew install bash' and rerun installer in a new terminal" && exit 1
IS_MAC=$([[ "$OSTYPE" == "darwin"* ]] && echo "True" || echo "False")

BASH_VERSION=$(bash --version | awk 'NR==1{print $4}' | cut -d'.' -f1)
if [ "${BASH_VERSION}" -lt 4 ]; then
printf "${bred} Your Bash version is lower than 4, please update${reset}\n"
printf "%s Your Bash version is lower than 4, please update%s\n" "${bred}" "${reset}"
printf "%s Your Bash version is lower than 4, please update%s\n" "${bred}" "${reset}" >&2
if [ "True" = "$IS_MAC" ]; then
printf "${yellow} For MacOS run 'brew install bash' and rerun installer in a new terminal${reset}\n\n"
exit 1;
fi
fi

# Declaring Go tools and their installation commands
declare -A gotools
gotools["gf"]="go install -v github.com/tomnomnom/gf@latest"
gotools["qsreplace"]="go install -v github.com/tomnomnom/qsreplace@latest"
gotools["amass"]="go install -v github.com/owasp-amass/amass/v3/...@master"
gotools["ffuf"]="go install -v github.com/ffuf/ffuf/v2@latest"
gotools["github-subdomains"]="go install -v github.com/gwen001/github-subdomains@latest"
gotools["gitlab-subdomains"]="go install github.com/gwen001/gitlab-subdomains@latest"
gotools["gitlab-subdomains"]="go install -v github.com/gwen001/gitlab-subdomains@latest"
gotools["nuclei"]="go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest"
gotools["anew"]="go install -v github.com/tomnomnom/anew@latest"
gotools["notify"]="go install -v github.com/projectdiscovery/notify/cmd/notify@latest"
Expand All @@ -54,7 +46,7 @@ gotools["github-endpoints"]="go install -v github.com/gwen001/github-endpoints@l
gotools["dnsx"]="go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest"
gotools["subjs"]="go install -v github.com/lc/subjs@latest"
gotools["Gxss"]="go install -v github.com/KathanP19/Gxss@latest"
gotools["katana"]="go install github.com/projectdiscovery/katana/cmd/katana@latest"
gotools["katana"]="go install -v github.com/projectdiscovery/katana/cmd/katana@latest"
gotools["crlfuzz"]="go install -v github.com/dwisiswant0/crlfuzz/cmd/crlfuzz@latest"
gotools["dalfox"]="go install -v github.com/hahwul/dalfox/v2@latest"
gotools["puredns"]="go install -v github.com/d3mondev/puredns/v2@latest"
Expand All @@ -66,21 +58,22 @@ gotools["mapcidr"]="go install -v github.com/projectdiscovery/mapcidr/cmd/mapcid
gotools["cdncheck"]="go install -v github.com/projectdiscovery/cdncheck/cmd/cdncheck@latest"
gotools["dnstake"]="go install -v github.com/pwnesia/dnstake/cmd/dnstake@latest"
gotools["gowitness"]="go install -v github.com/sensepost/gowitness@latest"
gotools["tlsx"]="go install github.com/projectdiscovery/tlsx/cmd/tlsx@latest"
gotools["tlsx"]="go install -v github.com/projectdiscovery/tlsx/cmd/tlsx@latest"
gotools["gitdorks_go"]="go install -v github.com/damit5/gitdorks_go@latest"
gotools["smap"]="go install -v github.com/s0md3v/smap/cmd/smap@latest"
gotools["dsieve"]="go install -v github.com/trickest/dsieve@master"
gotools["inscope"]="go install github.com/tomnomnom/hacks/inscope@latest"
gotools["enumerepo"]="go install github.com/trickest/enumerepo@latest"
gotools["inscope"]="go install -v github.com/tomnomnom/hacks/inscope@latest"
gotools["enumerepo"]="go install -v github.com/trickest/enumerepo@latest"
gotools["Web-Cache-Vulnerability-Scanner"]="go install -v github.com/Hackmanit/Web-Cache-Vulnerability-Scanner@latest"
gotools["subfinder"]="go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest"
gotools["byp4xx"]="go install -v github.com/lobuhi/byp4xx@latest"
gotools["hakip2host"]="go install github.com/hakluke/hakip2host@latest"
gotools["hakip2host"]="go install -v github.com/hakluke/hakip2host@latest"
gotools["gau"]="go install -v github.com/lc/gau/v2/cmd/gau@latest"
gotools["Mantra"]="go install github.com/MrEmpy/Mantra@latest"
gotools["crt"]="go install github.com/cemulus/crt@latest"
gotools["Mantra"]="go install -v github.com/MrEmpy/Mantra@latest"
gotools["crt"]="go install -v github.com/cemulus/crt@latest"
gotools["s3scanner"]="go install -v github.com/sa7mon/s3scanner@latest"

# Declaring repositories and their paths
declare -A repos
repos["dorks_hunter"]="six2dez/dorks_hunter"
repos["pwndb"]="davidtavarez/pwndb"
Expand Down Expand Up @@ -115,7 +108,7 @@ repos["trufflehog"]="trufflesecurity/trufflehog"


function banner_web(){
echo -en "\033c"
tput clear
printf "\n${bgreen}"
printf " ██▀███ ▓█████ ▄████▄ ▒█████ ███▄ █ █████▒▄▄▄█████▓ █ █░\n"
printf " ▓██ ▒ ██▒▓█ ▀ ▒██▀ ▀█ ▒██▒ ██▒ ██ ▀█ █ ▓██ ▒ ▓ ██▒ ▓▒▓█░ █ ░█░\n"
Expand All @@ -130,8 +123,18 @@ function banner_web(){
printf " ${reconftw_version} by @six2dez\n"
}

function install_ppfuzz() {
local url=$1
local tar_file=$2

wget -N -c "$url" $DEBUG_STD
eval $SUDO tar -C /usr/local/bin/ -xzf "$tar_file" $DEBUG_STD
eval $SUDO rm -rf "$tar_file" $DEBUG_STD
}

# This function installs various tools and repositories as per the configuration.
function install_tools(){
#eval ln -s /usr/local/bin/pip3 /usr/local/bin/pip3 $DEBUG_STD

eval pip3 install -I -r requirements.txt $DEBUG_STD

printf "${bblue} Running: Installing Golang tools (${#gotools[@]})${reset}\n\n"
Expand Down Expand Up @@ -219,28 +222,18 @@ function install_tools(){

if [ "True" = "$IS_ARM" ]; then
if [ "True" = "$RPI_3" ]; then
eval wget -N -c https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz $DEBUG_STD
eval $SUDO tar -C /usr/local/bin/ -xzf ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz $DEBUG_STD
eval $SUDO rm -rf ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz $DEBUG_STD
install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz" "ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz"
elif [ "True" = "$RPI_4" ]; then
eval wget -N -c https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-aarch64-unknown-linux-gnueabihf.tar.gz $DEBUG_STD
eval $SUDO tar -C /usr/local/bin/ -xzf ppfuzz-v1.0.1-aarch64-unknown-linux-gnueabihf.tar.gz $DEBUG_STD
eval $SUDO rm -rf ppfuzz-v1.0.1-aarch64-unknown-linux-gnueabihf.tar.gz $DEBUG_STD
install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-aarch64-unknown-linux-gnueabihf.tar.gz" "ppfuzz-v1.0.1-aarch64-unknown-linux-gnueabihf.tar.gz"
fi
elif [ "True" = "$IS_MAC" ]; then
if [ "True" = "$IS_ARM" ]; then
eval wget -N -c https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz $DEBUG_STD
eval $SUDO tar -C /usr/local/bin/ -xzf ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz $DEBUG_STD
eval $SUDO rm -rf ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz $DEBUG_STD
install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz" "ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz"
else
eval wget -N -c https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz $DEBUG_STD
eval $SUDO tar -C /usr/local/bin/ -xzf ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz $DEBUG_STD
eval $SUDO rm -rf ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz $DEBUG_STD
install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz" "ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz"
fi
else
eval wget -N -c https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-x86_64-unknown-linux-musl.tar.gz $DEBUG_STD
eval $SUDO tar -C /usr/local/bin/ -xzf ppfuzz-v1.0.1-x86_64-unknown-linux-musl.tar.gz $DEBUG_STD
eval $SUDO rm -rf ppfuzz-v1.0.1-x86_64-unknown-linux-musl.tar.gz $DEBUG_STD
install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-x86_64-unknown-linux-musl.tar.gz" "ppfuzz-v1.0.1-x86_64-unknown-linux-musl.tar.gz"
fi
eval $SUDO chmod 755 /usr/local/bin/ppfuzz
eval $SUDO strip -s /usr/local/bin/ppfuzz $DEBUG_STD
Expand Down Expand Up @@ -272,7 +265,14 @@ install_webserver(){
$SUDO pip3 install -r $SCRIPTPATH/web/requirements.txt &>/dev/null

printf "${yellow} Installing tools...${reset}\n\n"
if command -v apt > /dev/null; then
$SUDO apt install redis-server -y &>/dev/null
elif command -v yum > /dev/null; then
$SUDO yum install redis -y &>/dev/null
else
printf '[ERROR] Unable to find a supported package manager. Please install redis manually.\n'
exit 1
fi

printf "${yellow} Creating WEB User...${reset}\n\n"
$SUDO rm $SCRIPTPATH/web/db.sqlite3 &>/dev/null
Expand Down Expand Up @@ -305,9 +305,15 @@ display_menu(){
printf "${bblue} 3. Setup Web Interface${reset} ${yellow}(User Interaction needed!)${reset}\n\n"
printf "${bblue} 4. Exit${reset}\n\n"
printf "${bgreen}#######################################################################${reset}\n\n"
read -p "$(echo -e ${bblue} "Insert option: "${reset})" option
read -p "${bblue}Insert option: ${reset}" option
printf "\n\n${bgreen}#######################################################################${reset}\n\n"

option=$(echo "$option" | tr -d '[:space:]')
if ! [[ "$option" =~ ^[1-4]$ ]]; then
printf "${bred} Invalid option. Please try again.${reset}\n\n"
continue
fi

case $option in
1)
web=false
Expand Down Expand Up @@ -354,22 +360,26 @@ display_menu(){
exit 1
;;
*)
printf "${bblue} Invalid option. Exiting...${reset}\n\n"
printf "${bred} Invalid option. Please try again.${reset}\n\n"
exit 1
;;
esac
fi
done
}

if [ "$1" = '--tools' ]; then
install_tools
fi

if [ "$1" != '--auto' ]; then
echo "$1"
display_menu
fi
case "$1" in
--tools)
install_tools
;;
--auto)
# possibly some other actions
;;
*)
echo "$1"
display_menu
;;
esac

printf "${yellow} This may take time. So, go grab a coffee! ${reset}\n\n"

Expand Down Expand Up @@ -432,7 +442,11 @@ eval git config --global --unset https.proxy $DEBUG_STD

printf "${bblue} Running: Looking for new reconFTW version${reset}\n\n"

eval git fetch $DEBUG_STD
if ! eval git fetch $DEBUG_STD; then
echo "Failed to fetch updates."
exit 1
fi

BRANCH=$(git rev-parse --abbrev-ref HEAD)
HEADHASH=$(git rev-parse HEAD)
UPSTREAMHASH=$(git rev-parse "${BRANCH}@{upstream}")
Expand Down Expand Up @@ -608,6 +622,6 @@ if [ "$web" = true ]; then
printf "\n${bgreen} Web server is installed, to set it up run ./install.sh and select option 3 ${reset}\n\n"
fi

printf "${yellow} Remember set your api keys:\n - amass (~/.config/amass/config.ini)\n - subfinder (~/.config/subfinder/provider-config.yaml)\n - GitLab (~/Tools/.gitlab_tokens)\n - SSRF Server (COLLAB_SERVER in reconftw.cfg or env var) \n - Blind XSS Server (XSS_SERVER in reconftw.cfg or env var) \n - notify (~/.config/notify/provider-config.yaml) \n - WHOISXML API (WHOISXML_API in reconftw.cfg or env var)\n - subgpt_cookies.json (subgpt_cookies.json file, follow instructions at https://github.com/s0md3v/SubGPT#getting-bing-cookie)\n\n\n${reset}"
printf "${yellow} Remember set your api keys:\n - amass (~/.config/amass/config.ini)\n - subfinder (~/.config/subfinder/provider-config.yaml)\n - GitLab (~/Tools/.gitlab_tokens)\n - SSRF Server (COLLAB_SERVER in reconftw.cfg or env var) \n - Blind XSS Server (XSS_SERVER in reconftw.cfg or env var) \n - notify (~/.config/notify/provider-config.yaml) \n - WHOISXML API (WHOISXML_API in reconftw.cfg or env var)\n\n${reset}"
printf "${bgreen} Finished!${reset}\n\n"
printf "\n\n${bgreen}#######################################################################${reset}\n"
Loading

0 comments on commit 174d475

Please sign in to comment.