Skip to content

Commit

Permalink
Merge pull request #223 from six2dez/dev
Browse files Browse the repository at this point in the history
1.4.1
  • Loading branch information
six2dez authored Apr 9, 2021
2 parents a09ecc8 + 82f1fe3 commit c7ee523
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 32 deletions.
15 changes: 8 additions & 7 deletions install.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash

. ./reconftw.cfg

Expand All @@ -21,7 +21,7 @@ gotools["httpx"]="GO111MODULE=on go get -v github.com/projectdiscovery/httpx/cmd
gotools["github-endpoints"]="go get -u github.com/gwen001/github-endpoints"
gotools["dnsx"]="GO111MODULE=on go get -v github.com/projectdiscovery/dnsx/cmd/dnsx"
gotools["subfinder"]="GO111MODULE=on go get -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder"
gotools["gau"]="go get -v github.com/lc/gau"
gotools["gauplus"]="GO111MODULE=on go get -u -v github.com/bp0lr/gauplus"
gotools["subjs"]="GO111MODULE=on go get -u -v github.com/lc/subjs"
gotools["Gxss"]="go get -v github.com/KathanP19/Gxss"
gotools["gospider"]="go get -u github.com/jaeles-project/gospider"
Expand All @@ -41,7 +41,7 @@ repos["Arjun"]="s0md3v/Arjun"
repos["gf"]="tomnomnom/gf"
repos["Gf-Patterns"]="1ndianl33t/Gf-Patterns"
repos["github-search"]="gwen001/github-search"
repos["crtfinder"]="eslam3kl/crtfinder"
repos["ctfr"]="UnaPibaGeek/ctfr"
repos["LinkFinder"]="dark-warlord14/LinkFinder"
repos["dnsgen"]="ProjectAnte/dnsgen"
repos["ParamSpider"]="devanshbatham/ParamSpider"
Expand All @@ -55,6 +55,7 @@ repos["GitDorker"]="obheda12/GitDorker"
repos["testssl"]="drwetter/testssl.sh"
repos["S3Scanner"]="sa7mon/S3Scanner"
repos["puredns"]="d3mondev/puredns"
repos["ip2provider"]="oldrho/ip2provider"

dir=${tools}

Expand Down Expand Up @@ -236,16 +237,16 @@ eval wget -nc -O ~/.gf/potential.json https://raw.githubusercontent.com/devanshb
eval wget -nc -O ~/.config/notify/notify.conf https://gist.githubusercontent.com/six2dez/23a996bca189a11e88251367e6583053/raw/a66c4d8cf47a3bc95f5e9ba84773428662ea760c/notify_sample.conf $DEBUG_ERROR
eval wget -N -c https://raw.githubusercontent.com/m4ll0k/Bug-Bounty-Toolz/master/getjswords.py $DEBUG_STD
eval wget -N -c https://wordlists-cdn.assetnote.io/data/manual/best-dns-wordlist.txt $DEBUG_STD && mv best-dns-wordlist.txt subdomains_big.txt
eval wget -N -c https://gist.githubusercontent.com/six2dez/a307a04a222fab5a57466c51e1569acf/raw/1bcdf2d61df08e66fd2d63b6a840f02c3a2ae24c/subdomains.txt $DEBUG_STD
eval wget -N -c https://gist.githubusercontent.com/six2dez/ffc2b14d283e8f8eff6ac83e20a3c4b4/raw/137bb6b60c616552c705e93a345c06cec3a2cb1f/permutations_list.txt $DEBUG_STD
eval wget -N -c https://gist.githubusercontent.com/h4ms1k/adcc340495d418fcd72ec727a116fea2/raw/ea0774de5e27f9bc855207b175249edae2e9ccef/asyncio_ssrf.py $DEBUG_STD && cp asyncio_ssrf.py ssrf.py
eval wget -N -c -O subdomains.txt https://gist.github.com/six2dez/a307a04a222fab5a57466c51e1569acf/raw $DEBUG_STD
eval wget -N -c -O permutations_list.txt https://gist.github.com/six2dez/ffc2b14d283e8f8eff6ac83e20a3c4b4/raw $DEBUG_STD
eval wget -N -c -O asyncio_ssrf.py https://gist.github.com/h4ms1k/adcc340495d418fcd72ec727a116fea2/raw $DEBUG_STD && cp asyncio_ssrf.py ssrf.py
eval wget -N -c https://raw.githubusercontent.com/six2dez/OneListForAll/main/onelistforallmicro.txt $DEBUG_STD && cp onelistforallmicro.txt fuzz_wordlist.txt
eval wget -N -c https://raw.githubusercontent.com/xmendez/wfuzz/master/wordlist/vulns/dirTraversal-nix.txt $DEBUG_STD && cp dirTraversal-nix.txt lfi_wordlist.txt

printf "${bblue} Running: Performing last configurations ${reset}\n\n"
## Last steps
if [ ! -s "resolvers.txt" ]; then
printf "${yellow} Generating personlized resolvers ${reset}\n\n"
printf "${yellow} Generating custom resolvers ${reset}\n\n"
eval dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 100 -o resolvers.txt $DEBUG_STD
fi
eval h8mail -g $DEBUG_STD
Expand Down
4 changes: 3 additions & 1 deletion reconftw.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
# reconFTW config file #
#################################################################

# TERM COLOURS
# TERM COLORS
bred='\033[1;31m'
bblue='\033[1;34m'
bgreen='\033[1;32m'
Expand Down Expand Up @@ -71,6 +71,7 @@ FAVICON=true
PORTSCANNER=true
PORTSCAN_PASSIVE=true
PORTSCAN_ACTIVE=true
CLOUD_IP=true

# Web analysis
WAF_DETECTION=true
Expand Down Expand Up @@ -118,6 +119,7 @@ XSSTRIKE_THREADS=30
BRUTESPRAY_THREADS=20
BRUTESPRAY_CONCURRENCE=10
ARJUN_THREADS=20
GAUPLUS_THREADS=50

# lists
fuzz_wordlist=${tools}/fuzz_wordlist.txt
Expand Down
53 changes: 30 additions & 23 deletions reconftw.sh
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/bin/bash
#!/usr/bin/env bash

. ./reconftw.cfg

Expand Down Expand Up @@ -53,6 +53,7 @@ function tools_installed(){
[ -f $tools/Corsy/corsy.py ] || { printf "${bred} [*] Corsy [NO]${reset}\n"; allinstalled=false;}
[ -f $tools/testssl.sh/testssl.sh ] || { printf "${bred} [*] testssl [NO]${reset}\n"; allinstalled=false;}
[ -f $tools/CMSeeK/cmseek.py ] || { printf "${bred} [*] CMSeeK [NO]${reset}\n"; allinstalled=false;}
[ -f $tools/ctfr/ctfr.py ] || { printf "${bred} [*] ctfr [NO]${reset}\n"; allinstalled=false;}
[ -f $tools/fuzz_wordlist.txt ] || { printf "${bred} [*] OneListForAll [NO]${reset}\n"; allinstalled=false;}
[ -f $tools/LinkFinder/linkfinder.py ] || { printf "${bred} [*] LinkFinder [NO]${reset}\n"; allinstalled=false;}
[ -f $tools/GitDorker/GitDorker.py ] || { printf "${bred} [*] GitDorker [NO]${reset}\n"; allinstalled=false;}
Expand All @@ -74,7 +75,7 @@ function tools_installed(){
eval type -P crobat $DEBUG_STD || { printf "${bred} [*] Crobat [NO]${reset}\n"; allinstalled=false;}
eval type -P mildew $DEBUG_STD || { printf "${bred} [*] mildew [NO]${reset}\n"; allinstalled=false;}
eval type -P waybackurls $DEBUG_STD || { printf "${bred} [*] Waybackurls [NO]${reset}\n"; allinstalled=false;}
eval type -P gau $DEBUG_STD || { printf "${bred} [*] Gau [NO]${reset}\n"; allinstalled=false;}
eval type -P gauplus $DEBUG_STD || { printf "${bred} [*] gauplus [NO]${reset}\n"; allinstalled=false;}
eval type -P dnsx $DEBUG_STD || { printf "${bred} [*] dnsx [NO]${reset}\n"; allinstalled=false;}
eval type -P DNScewl $DEBUG_STD || { printf "${bred} [*] DNScewl [NO]${reset}\n"; allinstalled=false;}
eval type -P cf-check $DEBUG_STD || { printf "${bred} [*] Cf-check [NO]${reset}\n"; allinstalled=false;}
Expand Down Expand Up @@ -319,7 +320,7 @@ function sub_passive(){
fi
eval curl -s "https://jldc.me/anubis/subdomains/${domain}" $DEBUG_ERROR | grep -Po "((http|https):\/\/)?(([\w.-]*)\.([\w]*)\.([A-z]))\w+" | sed '/^\./d' | anew -q .tmp/jldc_psub.txt
timeout 10m waybackurls $domain | unfurl --unique domains | anew -q .tmp/waybackurls_psub.txt
timeout 10m gau -subs $domain | unfurl --unique domains | anew -q .tmp/gau_psub.txt
timeout 10m gauplus -t $GAUPLUS_THREADS -subs $domain | unfurl --unique domains | anew -q .tmp/gau_psub.txt
if echo $domain | grep -q ".mil$"; then
mildew
mv mildew.out .tmp/mildew.out
Expand All @@ -336,18 +337,7 @@ function sub_crt(){
if ([ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]) && [ "$SUBCRT" = true ]
then
start_subfunc "Running : Crtsh Subdomain Enumeration"
cd $tools/crtfinder
eval python3 crtfinder.py -u $domain $DEBUG_STD
outputfile=${domain%%.*}
eval cat ${outputfile}.txt $DEBUG_ERROR | grep ".$domain$" | anew -q $dir/.tmp/crtsh_subs_tmp.txt

if [ "$DEEP" = true ] ; then
eval python3 dig.py ${outputfile}.txt > more.txt $DEBUG_STD
eval cat more.txt $DEBUG_ERROR | grep ".$domain$" | anew -q $dir/.tmp/crtsh_subs_tmp.txt
eval rm more.txt $DEBUG_ERROR
fi
eval rm ${outputfile}.txt $DEBUG_ERROR
cd $dir
eval python3 $tools/ctfr/ctfr.py -d $domain -o .tmp/crtsh_subs_tmp.txt $DEBUG_STD
eval curl "https://tls.bufferover.run/dns?q=.${domain}" $DEBUG_ERROR | eval jq -r .Results[] $DEBUG_ERROR | cut -d ',' -f3 | grep -F ".$domain" | anew -q .tmp/crtsh_subs.txt
eval curl "https://dns.bufferover.run/dns?q=.${domain}" $DEBUG_ERROR | eval jq -r '.FDNS_A'[],'.RDNS'[] $DEBUG_ERROR | cut -d ',' -f2 | grep -F ".$domain" | anew -q .tmp/crtsh_subs_tmp.txt
NUMOFLINES=$(eval cat .tmp/crtsh_subs_tmp.txt $DEBUG_ERROR | anew .tmp/crtsh_subs.txt | wc -l)
Expand Down Expand Up @@ -564,10 +554,9 @@ function s3buckets(){
function sub_recursive(){
if ([ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]) && [ "$SUBRECURSIVE" = true ]
then
start_func "Subdomains recursive search"

if [[ $(cat .tmp/subs_no_resolved.txt | wc -l) -le 1000 ]]
then
start_subfunc "Running : Subdomains recursive search"
for sub in $(cat subdomains/subdomains.txt); do
sed "s/$/.$sub/" $subs_wordlist | anew -q .tmp/brute_recursive_wordlist.txt
done
Expand All @@ -586,11 +575,10 @@ function sub_recursive(){
if [ "$NUMOFLINES" -gt 0 ]; then
notification "${NUMOFLINES} new subdomains found with recursive search" info
fi
end_subfunc "${NUMOFLINES} new subs (recursive)" ${FUNCNAME[0]}
else
notification "Skipping Permutations: Too Much Subdomains" warn
notification "Skipping Recursive: Too Much Subdomains" warn
fi

end_func "Results are saved in subdomains/subdomains.txt" ${FUNCNAME[0]}
else
if [ "$SUBRECURSIVE" = false ]; then
printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n\n"
Expand Down Expand Up @@ -702,7 +690,7 @@ function portscan(){

eval cat hosts/subs_ips_vhosts.txt $DEBUG_ERROR | cut -d ' ' -f1 | egrep -iv "^(127|10|169|172|192)\." | anew -q hosts/ips.txt

eval cat hosts/ips.txt $DEBUG_ERROR | cf-check -c $NPROC | egrep -iv "^(127|10|169|172|192)\." | anew -q .tmp/ips_nowaf.txt
eval cat hosts/ips.txt $DEBUG_ERROR | cf-check | egrep -iv "^(127|10|169|172|192)\." | anew -q .tmp/ips_nowaf.txt

printf "${bblue}\n Resolved IP addresses (No WAF) ${reset}\n\n";
eval cat .tmp/ips_nowaf.txt $DEBUG_ERROR | sort
Expand Down Expand Up @@ -730,6 +718,22 @@ function portscan(){
fi
}

function cloudprovider(){
if ([ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]) && [ "$CLOUD_IP" = true ]
then
start_func "Cloud provider check"
cd $tools/ip2provider
eval cat $dir/hosts/ips.txt | ./ip2provider.py | anew -q $dir/hosts/cloud_providers.txt $DEBUG_STD
cd $dir
end_func "Results are saved in hosts/cloud_providers.txt" ${FUNCNAME[0]}
else
if [ "$CLOUD_IP" = false ]; then
printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n\n"
else
printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n"
fi
fi
}

###############################################################################################################
############################################# WEB SCAN ########################################################
Expand Down Expand Up @@ -875,7 +879,7 @@ function urlchecks(){
start_func "URL Extraction"
mkdir -p js
cat webs/webs.txt | waybackurls | anew -q .tmp/url_extract_tmp.txt
cat webs/webs.txt | gau -subs | anew -q .tmp/url_extract_tmp.txt
cat webs/webs.txt | gauplus -t $GAUPLUS_THREADS -subs | anew -q .tmp/url_extract_tmp.txt
diff_webs=$(diff <(sort -u .tmp/probed_tmp.txt) <(sort -u webs/webs.txt) | wc -l)
if [ $diff_webs != "0" ] || [ ! -s ".tmp/gospider.txt" ] ;
then
Expand Down Expand Up @@ -1341,7 +1345,7 @@ function notification(){
case $2 in
info)
text="\n${bblue} ${1} ${reset}\n"
printf "${text}" && printf "\`${text}\`" | $NOTIFY
printf "${text}" && printf "${text}" | $NOTIFY
;;
warn)
text="\n${yellow} ${1} ${reset}\n"
Expand Down Expand Up @@ -1503,6 +1507,7 @@ function passive(){
favicon
PORTSCAN_ACTIVE=false
portscan
cloudprovider
end
}

Expand Down Expand Up @@ -1537,6 +1542,7 @@ function recon(){
screenshot
favicon
portscan
cloudprovider
waf_checks
nuclei_check
cms_scanner
Expand Down Expand Up @@ -1597,6 +1603,7 @@ function multi_recon(){
notification "- ${NUMOFLINES_webs_total} total websites" good

portscan
cloudprovider
waf_checks
nuclei_check
for domain in $targets; do
Expand Down
2 changes: 1 addition & 1 deletion requirements.txt
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ requests==2.25.1
retrying==1.3.3
shodan==1.25.0
texttable==1.6.3
lxml==4.6.2
lxml
uvloop==0.15.2
PySocks==1.6.8
h8mail
Expand Down

0 comments on commit c7ee523

Please sign in to comment.