AutoScan/scan.sh at master · JoshuaMart/AutoScan · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
## VARIABLES
ResultsPath="/root/Recon/Scan"
ToolsPath="/root/Tools"

FfufDiscoveryWordlist="/root/Tools/Wordlists/dicc.txt"

## FUNCTION
die() {
    printf '%s\n' "$1" >&2
    exit 1
}

help() {
  banner
  echo -e "Usage : ./recon.sh -d domain.tld
      -d  | --domain      (required) : Domain in domain.tld format
  "
}

banner() {
  echo -e "
█████╗ ██╗   ██╗████████╗ ██████╗ ███████╗ ██████╗ █████╗ ███╗   ██╗
██╔══██╗██║   ██║╚══██╔══╝██╔═══██╗██╔════╝██╔════╝██╔══██╗████╗  ██║
███████║██║   ██║   ██║   ██║   ██║███████╗██║     ███████║██╔██╗ ██║
██╔══██║██║   ██║   ██║   ██║   ██║╚════██║██║     ██╔══██║██║╚██╗██║
██║  ██║╚██████╔╝   ██║   ╚██████╔╝███████║╚██████╗██║  ██║██║ ╚████║
╚═╝  ╚═╝ ╚═════╝    ╚═╝    ╚═════╝ ╚══════╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═══╝
 "
}

scan() {
  banner

	echo -e "Scan is in \e[31mprogress\e[0m, take a coffee"

	## Nuclei
	echo -e ">> \e[36mNuclei\e[0m is in progress"
	echo -e $domain | httprobe -p http:81 -p https:81 -p https:8443 -p http:8080 -p https:8080 > $ResultsPath/$domain/httprobe.txt
  nuclei -l $ResultsPath/$domain/httprobe.txt -t "$ToolsPath/nuclei-templates/all/*.yaml" -o $ResultsPath/$domain/nuclei.txt > /dev/null 2>&1

	## Hawkraler
	echo -e ">> \e[36mHakrawler\e[0m is in progress"
	echo -e $domain | hakrawler -forms -js -linkfinder -plain -robots -sitemap -usewayback -outdir $ResultsPath/$domain/hakrawler | kxss >> $ResultsPath/$domain/kxss.txt

	## ParamSpider
	echo -e ">> \e[36mParamSpider\e[0m is in progress"
	cd $ToolsPath/ParamSpider/
	python3 paramspider.py --domain $domain --exclude woff,css,js,png,svg,jpg -o paramspider.txt > /dev/null 2>&1
	mv ./output/paramspider.txt $ResultsPath/$domain/

  ## GF
  echo -e ">> \e[36mGF\e[0m is in progress"
  mkdir $ResultsPath/$domain/GF

  gf xss $ResultsPath/$domain/paramspider.txt >> $ResultsPath/$domain/GF/xss.txt

  gf potential $ResultsPath/$domain/paramspider.txt >> $ResultsPath/$domain/GF/potential.txt

  gf debug_logic $ResultsPath/$domain/paramspider.txt >> $ResultsPath/$domain/GF/debug_logic.txt

  gf idor $ResultsPath/$domain/paramspider.txt >> $ResultsPath/$domain/GF/idor.txt

  gf lfi $ResultsPath/$domain/paramspider.txt >> $ResultsPath/$domain/GF/lfi.txt

  gf rce $ResultsPath/$domain/paramspider.txt >> $ResultsPath/$domain/GF/rce.txt

  gf redirect $ResultsPath/$domain/paramspider.txt >> $ResultsPath/$domain/GF/redirect.txt

  gf sqli $ResultsPath/$domain/paramspider.txt >> $ResultsPath/$domain/GF/sqli.txt

  gf ssrf $ResultsPath/$domain/paramspider.txt >> $ResultsPath/$domain/GF/ssrf.txt

  gf ssti $ResultsPath/$domain/paramspider.txt >> $ResultsPath/$domain/GF/ssti.txt

	## Ffuf Discovery
	echo -e ">> \e[36mFfuf\e[0m is in progress"
	ffuf -mc all -c -H "X-Forwarded-For: 127.0.0.1" -H "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" -u "https://$domain/FUZZ" -w $FfufDiscoveryWordlist -D -e js,php,bak,txt,asp,aspx,jsp,html,zip,jar,sql,json,old,gz,shtml,log,swp,yaml,yml,config,save,rsa,ppk -ac -o $ResultsPath/$domain/result_dir.tmp > /dev/null 2>&1
	cat $ResultsPath/$domain/result_dir.tmp | jq '[.results[]|{status: .status, length: .length, url: .url}]' | grep -oP "status\":\s(\d{3})|length\":\s(\d{1,7})|url\":\s\"(http[s]?:\/\/.*?)\"" | paste -d' ' - - - | awk '{print $2" "$4" "$6}' | sed 's/\"//g' > $ResultsPath/$domain/ffuf_discovery.txt
	rm $ResultsPath/$domain/result_dir.tmp

	## JSScanner
	echo -e ">> \e[36mJSScanner\e[0m is in progress"
	echo -e "https://$domain" > $ToolsPath/JSScanner/alive.txt
	cd $ToolsPath/JSScanner/
  bash script.sh > /dev/null 2>&1
	mkdir $ResultsPath/$domain/JSScanner
	mv js $ResultsPath/$domain/JSScanner/ && mv db $ResultsPath/$domain/JSScanner/

	echo -e "=========== Scan is \e[32mfinish\e[0m ==========="
}

while :; do
    case $1 in
        -h|-\?|--help)
            help
            exit
            ;;
        -d|--domain)
            if [ "$2" ]; then
                domain=$2
                shift
            else
                die 'ERROR: "--domain" requires a non-empty option argument.'
            fi
            ;;
        --domain=)
            die 'ERROR: "--domain" requires a non-empty option argument.'
            ;;
        --)
            shift
            break
            ;;
        -?*)
            printf 'WARN: Unknown option (ignored): %s\n' "$1" >&2
            ;;
        *)
            break
    esac

    shift
done

if [ -z "$domain" ]
then
  help
  die 'ERROR: "--domain" requires a non-empty option argument.'
else
  if [ ! -d "$ResultsPath/$domain" ];then
    mkdir -p $ResultsPath/$domain
  fi
  scan
fi