Dev

Terraform/README.md

@@ -1,24 +1,28 @@
 # reconFTW loves Ansible+Terraform <3
-This is an automatized script created to work under AWS by using Terraform and Ansible. It allows you to easily deploy it or to easily adapt it into your IaaC strategy.
+
+This is an automated script created to work under AWS by using Terraform and Ansible. It allows you to easily deploy it or to easily adapt it into your IaaC strategy.
 
 ## Requirements
+
 You would need to have installed:
-- AWS CLI (https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)
-- Terraform (https://learn.hashicorp.com/tutorials/terraform/install-cli)
-- Ansible (https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
-
-As well as both access_key  and secret_key (https://aws.amazon.com/premiumsupport/knowledge-center/create-access-key/)
-
-## Deploying reconFTW on the AWS Cloud
-- Please note that this will have a cost (unless you are in the Free Tier)
-1. Move to the Terraform folder
-(Optional an recommended) 1.1 Put your own Amass config file and reconFTW config file on the files/ folder
-2. Create a key pair to be used:  ssh-keygen -f terraform-keys -t ecdsa -b 521
-3. Use the terraform init command 
-4. Use the terraform apply commmand
-5. Click on "yes" when Terraform asks you
-6. Wait, because it can take up to 15 min.
-4. Once the process has finished, you can now login with:
-ssh admin@ip -i terraform-keys
-5. ???
-6. If you have finished playing with ReconFTW and hacking the world remember to destroy the instance with the terraform destroy command
+
+- AWS CLI (<https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html>)
+- Terraform (<https://learn.hashicorp.com/tutorials/terraform/install-cli>)
+- Ansible (<https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html>)
+
+As well as both `access_key` and `secret_key` (<https://aws.amazon.com/premiumsupport/knowledge-center/create-access-key/>)
+
+## Deploying reconFTW on the AWS Cloud using Terraform and Ansible
+
+Note: **this will charge costs (unless you are in the Free Tier)**
+
+1. Move to the Terraform folder (optional but recommended): `cd terraform`
+    - Put your own Amass config file and reconFTW config file on the files/ folder
+1. Create a key pair to be used, e.g: `ssh-keygen -f terraform-keys -t ecdsa -b 521`
+1. Run `terraform init`
+1. Run `terraform apply`
+1. Type "yes" and hit enter
+1. Wait, because it can take up to 15 min.
+1. Once the process has finished, you can now login, using `ssh admin@ip -i terraform-keys`
+1. ???
+1. If you have finished playing with reconFTW and hacking the world, remember to destroy the instance using `terraform destroy`

install.sh

@@ -69,7 +69,7 @@ gotools["analyticsrelationships"]="go install -v github.com/Josue87/analyticsrel
 gotools["gotator"]="go install -v github.com/Josue87/gotator@latest"
 gotools["roboxtractor"]="go install -v github.com/Josue87/roboxtractor@latest"
 gotools["mapcidr"]="go install -v github.com/projectdiscovery/mapcidr/cmd/mapcidr@latest"
-gotools["ipcdn"]="go install -v github.com/six2dez/ipcdn@latest"
+gotools["cdncheck"]="go install -v github.com/projectdiscovery/cdncheck/cmd/cdncheck@latest"
 gotools["dnstake"]="go install -v github.com/pwnesia/dnstake/cmd/dnstake@latest"
 gotools["gowitness"]="go install -v github.com/sensepost/gowitness@latest"
 gotools["tlsx"]="go install github.com/projectdiscovery/tlsx/cmd/tlsx@latest"
@@ -138,12 +138,6 @@ function banner_web(){
 install_webserver(){
     printf "${bblue} Running: Installing web reconftw ${reset}\n\n"
 
-    ver=$(python3 -V 2>&1 | sed 's/.* \([0-9]\).\([0-9]\).*/\1\2/')
-    if [ "$ver" -lt "31" ]; then
-        echo "The web interface requires python 3.10 or greater"
-        exit 1
-    fi
-
     printf "${yellow} Installing python libraries...${reset}\n\n"
 
     # Install venv
@@ -660,7 +654,7 @@ eval strip -s "$HOME"/go/bin/* $DEBUG_STD
 eval $SUDO cp "$HOME"/go/bin/* /usr/local/bin/ $DEBUG_STD
 
 if [ "$web" = true ]; then
-    sh -c 'echo 3 | ./install.sh'
+    sh -c "echo 3 | $SCRIPTPATH/install.sh"
 fi
 
 printf "${yellow} Remember set your api keys:\n - amass (~/.config/amass/config.ini)\n - subfinder (~/.config/subfinder/provider-config.yaml)\n - GitLab (~/Tools/.gitlab_tokens)\n - SSRF Server (COLLAB_SERVER in reconftw.cfg or env var) \n - Blind XSS Server (XSS_SERVER in reconftw.cfg or env var) \n - notify (~/.config/notify/provider-config.yaml) \n - WHOISXML API (WHOISXML_API in reconftw.cfg or env var)\n - subgpt_cookies.json (subgpt_cookies.json file, follow instructions at https://github.com/s0md3v/SubGPT#getting-bing-cookie)\n\n\n${reset}"

reconftw.sh

@@ -97,7 +97,7 @@ function tools_installed(){
 	which mapcidr &>/dev/null || { printf "${bred} [*] mapcidr			[NO]${reset}\n"; allinstalled=false;}
 	which ppfuzz &>/dev/null || { printf "${bred} [*] ppfuzz			[NO]${reset}\n"; allinstalled=false;}
 	which searchsploit &>/dev/null || { printf "${bred} [*] searchsploit		[NO]${reset}\n"; allinstalled=false;}
-	which ipcdn &>/dev/null || { printf "${bred} [*] ipcdn			[NO]${reset}\n"; allinstalled=false;}
+	which cdncheck &>/dev/null || { printf "${bred} [*] cdncheck			[NO]${reset}\n"; allinstalled=false;}
 	which interactsh-client &>/dev/null || { printf "${bred} [*] interactsh-client		[NO]${reset}\n"; allinstalled=false;}
 	which tlsx &>/dev/null || { printf "${bred} [*] tlsx			[NO]${reset}\n"; allinstalled=false;}
 	which bbrf &>/dev/null || { printf "${bred} [*] bbrf			[NO]${reset}\n"; allinstalled=false;}
@@ -1131,7 +1131,8 @@ function portscan(){
 			[ -s "hosts/subs_ips_vhosts.txt" ] && cat hosts/subs_ips_vhosts.txt | cut -d ' ' -f1 | grep -aEiv "^(127|10|169\.154|172\.1[6789]|172\.2[0-9]|172\.3[01]|192\.168)\." | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | anew -q hosts/ips.txt
 		else echo $domain | grep -aEiv "^(127|10|169\.154|172\.1[6789]|172\.2[0-9]|172\.3[01]|192\.168)\." | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | anew -q hosts/ips.txt
 		fi
-		[ -s "hosts/ips.txt" ] && cat hosts/ips.txt | ipcdn -m not | grep -aEiv "^(127|10|169\.154|172\.1[6789]|172\.2[0-9]|172\.3[01]|192\.168)\." | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | anew -q .tmp/ips_nocdn.txt
+		[ ! -s "hosts/cdn_providers.txt" ] && cat hosts/ips.txt 2>/dev/null | cdncheck -silent -resp -nc 2>/dev/null > hosts/cdn_providers.txt
+		[ -s "hosts/ips.txt" ] && comm -23 <(cat hosts/ips.txt | sort -u) <(cat hosts/cdn_providers.txt | cut -d'[' -f1 | sed 's/[[:space:]]*$//' | sort -u) | grep -aEiv "^(127|10|169\.154|172\.1[6789]|172\.2[0-9]|172\.3[01]|192\.168)\." | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | sort -u | anew -q .tmp/ips_nocdn.txt
 		printf "${bblue}\n Resolved IP addresses (No CDN) ${reset}\n\n";
 		[ -s ".tmp/ips_nocdn.txt" ] && cat .tmp/ips_nocdn.txt | sort
 		printf "${bblue}\n Scanning ports... ${reset}\n\n";
@@ -1167,7 +1168,7 @@ function cdnprovider(){
 	if { [ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ] || [ "$DIFF" = true ]; } && [ "$CDN_IP" = true ]; then
 		start_func ${FUNCNAME[0]} "CDN provider check"
 		[ -s "subdomains/subdomains_dnsregs.json" ] && cat subdomains/subdomains_dnsregs.json | jq -r 'try . | .a[]' | grep -aEiv "^(127|10|169\.154|172\.1[6789]|172\.2[0-9]|172\.3[01]|192\.168)\." | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | sort -u > .tmp/ips_cdn.txt
-		[ -s ".tmp/ips_cdn.txt" ] && cat .tmp/ips_cdn.txt | ipcdn -m all | anew -q $dir/hosts/cdn_providers.txt
+		[ -s ".tmp/ips_cdn.txt" ] && cat .tmp/ips_cdn.txt | cdncheck -silent -resp -nc | anew -q $dir/hosts/cdn_providers.txt
 		end_func "Results are saved in hosts/cdn_providers.txt" ${FUNCNAME[0]}
 	else
 		if [ "$CDN_IP" = false ]; then

web/scans/tasks.py

@@ -28,24 +28,33 @@ def new_scan_single_domain(*command):
     command.append(str(path))
 
 
-    match str(command[3]):
-        case '-r': # RECON
-            scan_mode = "[ -r ] - Recon"
-
-        case '-s': # SUBDOMAINS
-            scan_mode = "[ -s ] - Subdomains"
-
-        case '-p': # PASSIVE
-            scan_mode = "[ -p ] - Passive"
+    mode = str(command[3])
 
-        case '-w': # WEB
-            scan_mode = "[ -w ] - Web"
+    if mode == '-r': # RECON
+        scan_mode = "[ -r ] - Recon"
 
-        case '-n': # OSINT
-            scan_mode = "[ -n ] - Osint"
-
-        case '-a': # ALL
-            scan_mode = "[ -a ] - All"
+    elif mode == '-s': # SUBDOMAINS
+        scan_mode = "[ -s ] - Subdomains"
+
+    elif mode == '-p': # PASSIVE
+        scan_mode = "[ -p ] - Passive"
+
+    elif mode == '-w': # WEB
+        scan_mode = "[ -w ] - Web"
+
+    elif mode == '-n': # OSINT
+        scan_mode = "[ -n ] - Osint"
+
+    elif mode == '-a': # ALL
+        scan_mode = "[ -a ] - All"
+
+    # GENERAL OPTIONS
+    g_opt = str(command[-3])
+    if '--deep' in command:
+            scan_mode += ' / Deep Scan'
+    if '-v' in command:
+            scan_mode += ' / Axiom'
+
 
 
     # ADDING DOMAIN