From 3edec02d2bac06de69236224f196b9dd89203fa7 Mon Sep 17 00:00:00 2001 From: Pradeepch99 Date: Fri, 25 Mar 2022 13:43:18 +0530 Subject: [PATCH 1/4] Update reconftw.sh --- reconftw.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index 20fdcf12..7d7f3b7b 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -1144,7 +1144,7 @@ function urlchecks(){ fi fi [ -s ".tmp/gospider.txt" ] && sed -i '/^.\{2048\}./d' .tmp/gospider.txt - [ -s ".tmp/gospider.txt" ] && cat .tmp/gospider.txt | grep -aEo 'https?://[^ ]+' | sed 's/]$//' | grep "$domain" | anew -q .tmp/url_extract_tmp.txt + [ -s ".tmp/gospider.txt" ] && cat .tmp/gospider.txt | grep -aEo 'https?://[^ ]+' | sed 's/]$//' | grep -E "^(http|https):[\/]{2}([a-zA-Z0-9\-\.]+\.$domain)" | anew -q .tmp/url_extract_tmp.txt else axiom-scan .tmp/webs_all.txt -m waybackurls -o .tmp/url_extract_way_tmp.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null [ -s ".tmp/url_extract_way_tmp.txt" ] && cat .tmp/url_extract_way_tmp.txt | anew -q .tmp/url_extract_tmp.txt @@ -1160,7 +1160,7 @@ function urlchecks(){ [[ -d .tmp/gospider/ ]] && find .tmp/gospider -type f -exec cat {} + | sed '/^.\{2048\}./d' | anew -q .tmp/gospider.txt fi [[ -d .tmp/gospider/ ]] && NUMFILES=$(find .tmp/gospider/ -type f | wc -l) - [[ $NUMFILES -gt 0 ]] && cat .tmp/gospider.txt | grep -aEo 'https?://[^ ]+' | sed 's/]$//' | grep ".$domain" | anew -q .tmp/url_extract_tmp.txt + [[ $NUMFILES -gt 0 ]] && cat .tmp/gospider.txt | grep -aEo 'https?://[^ ]+' | sed 's/]$//' | grep -E "^(http|https):[\/]{2}([a-zA-Z0-9\-\.]+\.$domain)" | anew -q .tmp/url_extract_tmp.txt fi if [ -s "${GITHUB_TOKENS}" ]; then github-endpoints -q -k -d $domain -t ${GITHUB_TOKENS} -o .tmp/github-endpoints.txt 2>>"$LOGFILE" &>/dev/null From 4dbc56a7adf8c95b31ec24b68d2cf28b8528ddde Mon Sep 17 00:00:00 2001 From: six2dez Date: Sat, 26 Mar 2022 00:45:49 +0100 Subject: [PATCH 2/4] Fix zone transfer --- reconftw.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index 20fdcf12..907d1cfe 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -678,8 +678,8 @@ function subtakeover(){ function zonetransfer(){ if { [ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]; } && [ "$ZONETRANSFER" = true ] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Zone transfer check" - dig axfr $domain @8.8.8.8 > subdomains/zonetransfer.txt - if [ -s ".tmp/zone_transfer.txt" ]; then + for ns in $(dig +short ns "$domain"); do dig axfr "$domain" @"$ns" >> subdomains/zonetransfer.txt; done + if [ -s "subdomains/zonetransfer.txt" ]; then if ! grep -q "Transfer failed" subdomains/zonetransfer.txt ; then notification "Zone transfer found on ${domain}!" info; fi fi end_func "Results are saved in $domain/subdomains/zonetransfer.txt" ${FUNCNAME[0]} From 70cad07a8f330ab4accece03576eea3d42bf4e5d Mon Sep 17 00:00:00 2001 From: six2dez Date: Tue, 29 Mar 2022 13:01:19 +0200 Subject: [PATCH 3/4] Hotfix amass --- reconftw.sh | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index 907d1cfe..bf8fba3c 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -340,10 +340,11 @@ function sub_passive(){ start_subfunc ${FUNCNAME[0]} "Running : Passive Subdomain Enumeration" if [ ! "$AXIOM" = true ]; then amass enum -passive -d $domain -config $AMASS_CONFIG -json .tmp/amass_json.json 2>>"$LOGFILE" &>/dev/null + [ -s ".tmp/amass_json.json" ] && cat .tmp/amass_json.json | jq -r '.name' | anew -q .tmp/amass_psub.txt else - axiom-scan $list -m amass -passive -json -o .tmp/amass_json.json $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + axiom-scan $list -m amass -passive -o .tmp/amass_axiom.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + [ -s ".tmp/amass_axiom.txt" ] && cat .tmp/amass_axiom.txt | anew -q .tmp/amass_psub.txt fi - [ -s ".tmp/amass_json.json" ] && cat .tmp/amass_json.json | jq -r '.name' | anew -q .tmp/amass_psub.txt if [ -s "${GITHUB_TOKENS}" ]; then if [ "$DEEP" = true ]; then github-subdomains -d $domain -t $GITHUB_TOKENS -o .tmp/github_subdomains_psub.txt 2>>"$LOGFILE" &>/dev/null @@ -584,19 +585,13 @@ function sub_recursive(){ start_subfunc ${FUNCNAME[0]} "Running : Subdomains recursive search" # Passive recursive if [ "$SUB_RECURSIVE_PASSIVE" = true ]; then + [ -s "subdomains/subdomains.txt" ] && ( cat subdomains/subdomains.txt | rev | cut -d '.' -f 3,2,1 | rev | sort | uniq -c | sort -nr | grep -v '1 ' | head -n 10 && cat subdomains/subdomains.txt | rev | cut -d '.' -f 4,3,2,1 | rev | sort | uniq -c | sort -nr | grep -v '1 ' | head -n 10 ) | sed -e 's/^[[:space:]]*//' | cut -d ' ' -f 2 > .tmp/subdomains_recurs_amass.txt if [ ! "$AXIOM" = true ]; then - for sub in $( ( cat subdomains/subdomains.txt | rev | cut -d '.' -f 3,2,1 | rev | sort | uniq -c | sort -nr | grep -v '1 ' | head -n 10 && cat subdomains/subdomains.txt | rev | cut -d '.' -f 4,3,2,1 | rev | sort | uniq -c | sort -nr | grep -v '1 ' | head -n 10 ) | sed -e 's/^[[:space:]]*//' | cut -d ' ' -f 2);do - amass enum -passive -d $sub -config $AMASS_CONFIG 2>>"$LOGFILE" | anew -q .tmp/passive_recursive.txt - done + [ -s ".tmp/subdomains_recurs_amass.txt" ] && amass enum -passive -df .tmp/subdomains_recurs_amass.txt -config $AMASS_CONFIG 2>>"$LOGFILE" | anew -q .tmp/passive_recursive.txt [ -s ".tmp/passive_recursive.txt" ] && puredns resolve .tmp/passive_recursive.txt -w .tmp/passive_recurs_tmp.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null else - for sub in $( ( cat subdomains/subdomains.txt | rev | cut -d '.' -f 3,2,1 | rev | sort | uniq -c | sort -nr | grep -v '1 ' | head -n 10 && cat subdomains/subdomains.txt | rev | cut -d '.' -f 4,3,2,1 | rev | sort | uniq -c | sort -nr | grep -v '1 ' | head -n 10 ) | sed -e 's/^[[:space:]]*//' | cut -d ' ' -f 2);do - echo $sub | anew -q .tmp/sub_pass_recur_target.com - done - if [ -s ".tmp/sub_pass_recur_target.com" ]; then - axiom-scan .tmp/sub_pass_recur_target.com -m amass -passive -o .tmp/amass_prec.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null - fi - find .tmp -type f -iname "*_prec.txt" -exec cat {} + | anew -q .tmp/passive_recursive.txt + [ -s ".tmp/subdomains_recurs_amass.txt" ] && axiom-scan .tmp/subdomains_recurs_amass.txt -m amass -passive -o .tmp/amass_prec.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + [ -s ".tmp/amass_prec.txt" ] && cat .tmp/amass_prec.txt | anew -q .tmp/passive_recursive.txt [ -s ".tmp/passive_recursive.txt" ] && axiom-scan .tmp/passive_recursive.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/passive_recurs_tmp.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi fi From 3d89bd8fd98898597be6919ef224397e5e3d2b6c Mon Sep 17 00:00:00 2001 From: six2dez Date: Tue, 29 Mar 2022 13:20:34 +0200 Subject: [PATCH 4/4] Update readme --- README.md | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 37ccd5cd..611b57aa 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,8 @@

- - + + @@ -69,7 +69,10 @@ So, what are you waiting for Go! Go! Go! :boom: - [Main commands:](#main-commands) - [How to contribute:](#how-to-contribute) - [Need help? :information_source:](#need-help-information_source) - - [You can support this work buying me a coffee:](#you-can-support-this-work-buying-me-a-coffee) + - [Support this project](#support-this-project) + - [Buymeacoffee](#buymeacoffee) + - [DigitalOcean referral link](#digitalocean-referral-link) + - [GitHub sponsorship](#github-sponsorship) - [Sponsors ❤️](#sponsors-️) - [Thanks :pray:](#thanks-pray) - [Disclaimer](#disclaimer) @@ -450,6 +453,7 @@ reset='\033[0m' - Metadata finder ([MetaFinder](https://github.com/Josue87/MetaFinder)) - Google Dorks ([degoogle_hunter](https://github.com/six2dez/degoogle_hunter)) - Github Dorks ([GitDorker](https://github.com/obheda12/GitDorker)) + ## Subdomains - Passive ([amass](https://github.com/OWASP/Amass), [waybackurls](https://github.com/tomnomnom/waybackurls), [github-subdomains](https://github.com/gwen001/github-subdomains), [gau](https://github.com/lc/gau)) - Certificate transparency ([ctfr](https://github.com/UnaPibaGeek/ctfr)) @@ -544,16 +548,23 @@ If you want to contribute to this project you can do it in multiple ways: - Check [FAQ](https://github.com/six2dez/reconftw/wiki/7.-FAQs) for commonly asked questions. - Ask for help in the [Telegram group](https://t.me/joinchat/TO_R8NYFhhbmI5co) -## You can support this work buying me a coffee: - +## Support this project + +### Buymeacoffee [](https://www.buymeacoffee.com/six2dez) +### DigitalOcean referral link +DigitalOcean Referral Badge + +### GitHub sponsorship +[Sponsor](https://github.com/sponsors/six2dez) # Sponsors ❤️ **This section shows the current financial sponsors of this project** - - + [](https://github.com/0xtavian) +[](https://github.com/reconmap) +[](https://github.com/r1p) # Thanks :pray: * Thank you for lending a helping hand towards the development of the project!