API tools faq
paste
Guest User

Untitled

a guest
Dec 2nd, 2019
34,930
1
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.85 KB | None | 1 0
raw download clone embed print report
  1. #!/bin/bash
  2. url=$1
  3. if [ ! -d "$url" ];then
  4. mkdir $url
  5. fi
  6. if [ ! -d "$url/recon" ];then
  7. mkdir $url/recon
  8. fi
  9. # if [ ! -d '$url/recon/eyewitness' ];then
  10. # mkdir $url/recon/eyewitness
  11. # fi
  12. if [ ! -d "$url/recon/scans" ];then
  13. mkdir $url/recon/scans
  14. fi
  15. if [ ! -d "$url/recon/httprobe" ];then
  16. mkdir $url/recon/httprobe
  17. fi
  18. if [ ! -d "$url/recon/potential_takeovers" ];then
  19. mkdir $url/recon/potential_takeovers
  20. fi
  21. if [ ! -d "$url/recon/wayback" ];then
  22. mkdir $url/recon/wayback
  23. fi
  24. if [ ! -d "$url/recon/wayback/params" ];then
  25. mkdir $url/recon/wayback/params
  26. fi
  27. if [ ! -d "$url/recon/wayback/extensions" ];then
  28. mkdir $url/recon/wayback/extensions
  29. fi
  30. if [ ! -f "$url/recon/httprobe/alive.txt" ];then
  31. touch $url/recon/httprobe/alive.txt
  32. fi
  33. if [ ! -f "$url/recon/final.txt" ];then
  34. touch $url/recon/final.txt
  35. fi
  36.  
  37. echo "[+] Harvesting subdomains with assetfinder..."
  38. assetfinder $url >> $url/recon/assets.txt
  39. cat $url/recon/assets.txt | grep $1 >> $url/recon/final.txt
  40. rm $url/recon/assets.txt
  41.  
  42. #echo "[+] Double checking for subdomains with amass..."
  43. #amass enum -d $url >> $url/recon/f.txt
  44. #sort -u $url/recon/f.txt >> $url/recon/final.txt
  45. #rm $url/recon/f.txt
  46.  
  47. echo "[+] Probing for alive domains..."
  48. cat $url/recon/final.txt | sort -u | httprobe -s -p https:443 | sed 's/https\?:\/\///' | tr -d ':443' >> $url/recon/httprobe/a.txt
  49. sort -u $url/recon/httprobe/a.txt > $url/recon/httprobe/alive.txt
  50. rm $url/recon/httprobe/a.txt
  51.  
  52. echo "[+] Checking for possible subdomain takeover..."
  53.  
  54. if [ ! -f "$url/recon/potential_takeovers/potential_takeovers.txt" ];then
  55. touch $url/recon/potential_takeovers/potential_takeovers.txt
  56. fi
  57.  
  58. subjack -w $url/recon/final.txt -t 100 -timeout 30 -ssl -c ~/go/src/github.com/haccer/subjack/fingerprints.json -v 3 -o $url/recon/potential_takeovers/potential_takeovers.txt
  59.  
  60. echo "[+] Scanning for open ports..."
  61. nmap -iL $url/recon/httprobe/alive.txt -T4 -oA $url/recon/scans/scanned.txt
  62.  
  63. echo "[+] Scraping wayback data..."
  64. cat $url/recon/final.txt | waybackurls >> $url/recon/wayback/wayback_output.txt
  65. sort -u $url/recon/wayback/wayback_output.txt
  66.  
  67. echo "[+] Pulling and compiling all possible params found in wayback data..."
  68. cat $url/recon/wayback/wayback_output.txt | grep '?*=' | cut -d '=' -f 1 | sort -u >> $url/recon/wayback/params/wayback_params.txt
  69. for line in $(cat $url/recon/wayback/params/wayback_params.txt);do echo $line'=';done
  70.  
  71. echo "[+] Pulling and compiling js/php/aspx/jsp/json files from wayback output..."
  72. for line in $(cat $url/recon/wayback/wayback_output.txt);do
  73. ext="${line##*.}"
  74. if [[ "$ext" == "js" ]]; then
  75. echo $line >> $url/recon/wayback/extensions/js1.txt
  76. sort -u $url/recon/wayback/extensions/js1.txt >> $url/recon/wayback/extensions/js.txt
  77. fi
  78. if [[ "$ext" == "html" ]];then
  79. echo $line >> $url/recon/wayback/extensions/jsp1.txt
  80. sort -u $url/recon/wayback/extensions/jsp1.txt >> $url/recon/wayback/extensions/jsp.txt
  81. fi
  82. if [[ "$ext" == "json" ]];then
  83. echo $line >> $url/recon/wayback/extensions/json1.txt
  84. sort -u $url/recon/wayback/extensions/json1.txt >> $url/recon/wayback/extensions/json.txt
  85. fi
  86. if [[ "$ext" == "php" ]];then
  87. echo $line >> $url/recon/wayback/extensions/php1.txt
  88. sort -u $url/recon/wayback/extensions/php1.txt >> $url/recon/wayback/extensions/php.txt
  89. fi
  90. if [[ "$ext" == "aspx" ]];then
  91. echo $line >> $url/recon/wayback/extensions/aspx1.txt
  92. sort -u $url/recon/wayback/extensions/aspx1.txt >> $url/recon/wayback/extensions/aspx.txt
  93. fi
  94. done
  95.  
  96. rm $url/recon/wayback/extensions/js1.txt
  97. rm $url/recon/wayback/extensions/jsp1.txt
  98. rm $url/recon/wayback/extensions/json1.txt
  99. rm $url/recon/wayback/extensions/php1.txt
  100. rm $url/recon/wayback/extensions/aspx1.txt
  101. #echo "[+] Running eyewitness against all compiled domains..."
  102. #python3 EyeWitness/EyeWitness.py --web -f $url/recon/httprobe/alive.txt -d $url/recon/eyewitness --resolve
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!