#! / usr / bin / bash |
|
#Autor: Shivam Rai / |
|
#Fecha: 18/06/2021 |
|
# Descripción: herramienta de educación automatizada |
|
midar « |
|
——— _______ _______ _______ _______ _ _ |
|
(____) (____ (____ (___) ((/ || / | / | |
|
| () || ( / | ( / | () || (|| / / ( /) |
|
| (____) || (__ | | | | | || | || (_ / / (_) / |
|
| __) | __) | | | | | || ( ) || _ ( / |
|
| ( (| (| | | | | || | || ( ) ( |
|
| ) __ | (____ / | (____ / | (___) ||) || / | | |
|
| / __ / (_______ / (_______ / (_______) | /) _) | _ / / _ / |
|
« |
|
si [[ $(id -u) != 0 ]]; luego |
|
hecho en[!] Install.sh requiere derechos de root « |
|
Salida 0 |
|
ser |
|
Objetivo = $ 1 |
|
si [ ! -d “$target” ];luego |
|
mkdir $ objetivo |
|
ser |
|
si [ ! -d “$target/reconky” ];luego |
|
mkdir $ objetivo / reconky |
|
ser |
|
si [ ! -d ‘$target/reconky/sublist3r’ ];luego |
|
mkdir $ objetivo / reconky / sublist3r |
|
Toque $ target / reconky / sublist3r / subdomains.txt |
|
ser |
|
si [ ! -d ‘$tagget/reconky/httprobe’ ]; luego |
|
mkdir $ objetivo / reconky / httprobe |
|
ser |
|
si [ ! -d ‘$target/reconky/assetfinder’ ];luego |
|
mkdir $ target / reconky / assetfinder |
|
Toque $ target / reconky / assetfinder / subdomains1.txt |
|
ser |
|
si [ ! -d ‘$target/reconky/Subdomain_Takeover’ ]; luego |
|
mkdir $ target / reconky / Subdomain_Takeover |
|
ser |
|
si [ ! -d ‘$target/reconky/scans’ ]; luego |
|
mkdir $ target / reconky / scans |
|
ser |
|
si [ ! -d ‘$target/reconky/wayback_urls’ ]; luego |
|
mkdir $ objetivo / reconky / wayback_urls |
|
mkdir $ objetivo / reconky / wayback_urls / params |
|
Toca $ target / reconky / wayback_urls / params / params.txt |
|
mkdir $ target / reconky / wayback_urls / extensions |
|
ser |
|
si [ ! -d ‘$target/reconky/amass’ ]; luego |
|
mkdir $ objetivo / reconky / amass |
|
Toque $ target / reconky / amass / subdomains2.txt |
|
ser |
|
si [ ! -d ‘$target/reconky/witness’ ]; luego |
|
mkdir $ target / reconky / eyewitness |
|
ser |
|
si [ ! -d ‘$target/reconky/knockpy’ ]; luego |
|
mkdir $ objetivo / reconky / knockpy |
|
Toque $ target / reconky / knockpy / subdomains3.txt |
|
ser |
|
si [ ! -f “$target/reconky/httprobe/alivee.txt” ];luego |
|
Toque $ target / reconky / httprobe / alivee.txt |
|
ser |
|
rojo = `tput setaf 1` |
|
verde = `tput setaf 2` |
|
amarillo = `tput setaf 3` |
|
eco |
|
echo $ yellow ”Bienvenido a Reconky Script – Un excelente script de automatización para Bug Bounty / Pentesting” $ yellow |
|
eco |
|
echo $ red «[+++] Recopila subdominios con Assetfinder y Sublist3r …[+++]»$ Red |
|
eco |
|
echo $ red «[+++] Verificación dúplex para subdominios con amas …[+++]»$ Red |
|
eco |
|
echo $ red «[+++] Enumeración de subdominios en un dominio objetivo mediante ataque de diccionario …[+++]»$ Red |
|
eco |
|
echo $ red «[+++] Buscar dominios vivos con Httprobe …[+++]»$ Red |
|
eco |
|
echo $ red «[+++] Buscar posible adquisición de subdominios …[+++]»$ Red |
|
eco |
|
echo $ green «[+++] Buscar puertos abiertos con nmap …[+++]»$ Green |
|
eco |
|
echo $ green «[+++] Arrastrando y ensamblando todos los parámetros posibles encontrados en los datos wayback_url …[+++]»$ Green |
|
eco |
|
echo $ green «[+++] Arrastrando y compilando archivos json / js / php / aspx / desde la salida de wayback …[+++]»$ Green |
|
eco |
|
echo $ green «[+++] Gowtiness continuo (testigo ocular) contra todos los dominios compilados (vivos) …[+++]»$ Green |
|
eco |
|
echo $ amarillo «[+++]La iluminación está en progreso Tómate un café o té;)[+++]»$ Yellow |
|
eco |
|
Assetfinder $ target >> $ target / reconky / assetfinder / subdomains1.txt |
|
cat $ target / reconky / assetfinder / subdomains1.txt | grep $ 1 >> $ target / reconky / Subdomain_final.txt |
|
eco |
|
sublist3r -d $ objetivo -v -t 100 -o $ objetivo / reconky / sublist3r / subdomains.txt |
|
cat $ target / reconky / sublist3r / subdomains.txt | grep $ 1 >> $ target / reconky / Subdomain_final.txt |
|
eco |
|
amass enum -d $ target -o $ target / reconky / amass / subdomains2.txt |
|
cat $ target / reconky / amass / subdomains2.txt | grep $ 1 >> $ target / reconky / Subdomain_final.txt |
|
eco |
|
Knockpy $ target >> $ target / reconky / knockpy / subdomains3.txt |
|
awk ‘/ $ target / print’ $ target / reconky / knockpy / subdomains3.txt | cut -d ”” -f 9 >> $ target / reconky / Subdomain_final.txt |
|
eco |
|
cat $ target / reconky / Subdomain_final.txt | sort -u | httprobe | sed -E ‘s / ^ s *. *: / /// g’ >> $ objetivo / reconky / httprobe / alivee.txt |
|
eco |
|
si [ ! -f “$target/reconky/Subdomain_Takeover/Subdomain_Takeover.txt” ];luego |
|
Toque $ target / reconky / Subdomain_Takeover / Subdomain_Takeover.txt |
|
ser |
|
subjack -w $ target / reconky / Subdomain_final.txt -t 70 -timeout 25 -ssl -c /root/go/src/github.com/haccer/subjack/fingerprints.json -v 3 -o $ target / reconky / Subdomain_Takeover /Subdomain_Takeover.txt |
|
eco |
|
nmap -iL $ objetivo / reconky / httprobe / alivee.txt -T4 -oA $ objetivo / reconky / scans / scanned.txt |
|
eco |
|
si [ ! -f “$target/reconky/wayback_urls/wayback_output.txt” ];luego |
|
Toca $ target / reconky / wayback_urls / wayback_output.txt |
|
ser |
|
cat $ target / reconky / Subdomain_final.txt | Wegbackurls >> $ target / reconky / wayback_urls / wayback_output.txt |
|
ordenar -u $ objetivo / reconky / wayback_urls / wayback_output.txt |
|
Cat $ target / reconky / wayback_urls / wayback_output.txt | grep ‘? * =’ | Cortar -d ‘=’ -f 1 | sort -u >> $ objetivo / reconky / wayback_urls / params / params.txt |
|
para i en $ (cat $ target / reconky / wayback_urls / params / params.txt); do echo $ i ‘=’; hecho |
|
eco |
|
para i en $ (cat $ target / reconky / wayback_urls / wayback_output.txt); hacer |
|
ext = «$ i ## *.» |
|
si [[ “ext”==”php” ]];luego |
|
echo $ i >> $ objetivo / reconky / wayback_urls / extensions / php1.txt |
|
ordenar -u $ destino / reconky / wayback_urls / extensions / php1.txt >> $ destino / reconky / wayback_urls / extensions / php.txt |
|
rm $ objetivo / reconky / wayback_urls / extensions / php1.txt |
|
ser |
|
si [[ “ext”==”js” ]];luego |
|
echo $ i >> $ objetivo / reconky / wayback_urls / extensions / js1.txt |
|
ordenar -u $ destino / reconky / wayback_urls / extensions / js1.txt >> $ destino / reconky / wayback_urls / extensions / js.txt |
|
rm $ objetivo / reconky / wayback_urls / extensions / js1.txt |
|
ser |
|
si [[ “ext”==”html” ]];luego |
|
echo $ i >> $ objetivo / reconky / wayback_urls / extensions / html1.txt |
|
ordenar -u $ destino / reconky / wayback_urls / extensions / html1.txt >> $ destino / reconky / wayback_urls / extensions / html.txt |
|
rm $ objetivo / reconky / wayback_urls / extensions / html1.txt |
|
ser |
|
si [[ “ext”==”json” ]];luego |
|
echo $ i >> $ objetivo / reconky / wayback_urls / extensions / json1.txt |
|
ordenar -u $ destino / reconky / wayback_urls / extensions / json1.txt >> $ destino / reconky / wayback_urls / extensions / json.txt |
|
rm $ objetivo / reconky / wayback_urls / extensions / json1.txt |
|
ser |
|
si [[ “ext”==”aspx” ]];luego |
|
echo $ i >> $ objetivo / reconky / wayback_urls / extensions / aspx1.txt |
|
ordenar -u $ destino / reconky / wayback_urls / extensions / aspx1.txt >> $ destino / reconky / wayback_urls / extensions / aspx.txt |
|
rm $ objetivo / reconky / wayback_urls / extensions / aspx1.txt |
|
ser |
|
hizo |
|
Testigo -f $ objetivo / reconky / httprobe / alivee.txt -web -d $ objetivo / Scout / testigo ocular – determinado |