Scripts & Codes pentester
  • Stronger Encryption and Decryption in Node.js
  • recon.sh
  • encode_decode.py
  • les.sh
  • suid.sh
  • basicforensiclinuxscript.sh
  • winrmrecon.py
  • WPAnalytics.php
  • Power Recon
  • Reverse Shells
  • cvemap_wrapper.ps1
  • wfuzz_crack_form_login.sh
Powered by GitBook
On this page
  • Colors for formatting output
  • Starting Findomain
  • Starting Assetfinder
  • Starting Subfinder
  • Starting GitHub Subdomains Enumeration
  • Starting Permutation of Subdomains / Bruteforcing
  • Removing Duplicates
  • Removing Temporary Files
  • Notify the number of subdomains found
  • Port Scanning & IP Enumeration
  • Check for active ports with HTTP response
  • Notify the number of active ports
  • Checking for alive subdomains

recon.sh

#!/bin/bash

Colors for formatting output

green="\e[32m" yellow="\e[33m" red="\e[31m" reset="\e[0m"

Starting Findomain

echo -e "${green}[+] Starting Findomain [+]${reset}" findomain -t "$1" | anew findomain.txt -silent

Starting Assetfinder

echo -e "${green}[+] Starting Assetfinder [+]${reset}" assetfinder -subs-only "$1" | sed 's/".//g' | anew assetfinder.txt

Starting Subfinder

echo -e "${green}[+] Starting Subfinder [+]${reset}" subfinder -d "$1" -silent -all | anew subfinder.txt

Starting GitHub Subdomains Enumeration

echo -e "${green}[+] Starting GitHub Subdomains Enumeration [+]${reset}" #python3 /root/tools/github-search/github-subdomains.py -t ghp_WcICEZChnSC8iza)iskBIOMLIEDPAMTAVL -d "$1" | anew github.txt

Starting Permutation of Subdomains / Bruteforcing

echo -e "${yellow}[+] Starting Permutation of Subdomains / Bruteforcing [+]${reset}" #shuffledns -d "$1" -u ~/bugbounty/lists/all.txt -r ~/bugbounty/lists/resolvers.txt | anew shuffledns.txt

Removing Duplicates

echo -e "${red}[-] Removing Duplicates [-]${reset}" cat findomain.txt subfinder.txt assetfinder.txt github.txt shuffledns.txt | sort -u > subdomains.txt

Removing Temporary Files

echo -e "${red}[-] Removing Temporary Files [-]${reset}" rm -f findomain.txt subfinder.txt assetfinder.txt github.txt

Notify the number of subdomains found

subdomains_count=$(cat subdomains.txt | wc -l) echo "Recon completed, $subdomains_count subdomains found" | notify -silent

Port Scanning & IP Enumeration

echo -e "${green}[+] Port Scanning & IP Enumeration [+]${reset}" dnsx -l subdomains.txt -resp -silent | awk '{print $2}' | tr -d '[]' | anew ips.txt masscan -iL ips.txt -p0-65535 -oG masscan_output.txt > /dev/null grep -oP '\d{1,5}/open' masscan_output.txt | cut -d '/' -f 1 | sort -nu > open_ports.txt

Check for active ports with HTTP response

echo "[+] Ports and IPs found:" echo "- $(cat ips.txt | wc -l) IPs found" echo "- $(cat open_ports.txt | wc -l) ports found" httpx -l open_ports.txt -silent -status-code | anew http_ports.txt

Notify the number of active ports

echo "- $(cat http_ports.txt | wc -l) active ports" | notify -silent

Checking for alive subdomains

echo -e "${yellow}[=] Checking for alive subdomains [<]${reset}" cat subdomains.txt | httpx -status-code -ac 260 -silent | anew alive_subdomains.txt echo "We have $(cat alive_subdomains.txt | wc -l) active subdomains" | notify -silent

echo "Recon script completed!"

PreviousStronger Encryption and Decryption in Node.jsNextencode_decode.py

Last updated 1 year ago

Page cover image