From 8a277bf87e22c799b5b83f135ceb4f927023bef9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Wed, 7 Feb 2024 17:54:38 +0100 Subject: [PATCH 01/28] Add multi custom functions --- reconftw.sh | 230 ++++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 194 insertions(+), 36 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index 8a4abadd..5655077f 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -402,6 +402,7 @@ function tools_installed() { function google_dorks() { + mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $GOOGLE_DORKS == true ]] && [[ $OSINT == true ]]; then python3 ${tools}/dorks_hunter/dorks_hunter.py -d "$domain" -o osint/dorks.txt || { echo "dorks_hunter command failed" @@ -420,6 +421,7 @@ function google_dorks() { function github_dorks() { + mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $GITHUB_DORKS == true ]] && [[ $OSINT == true ]]; then start_func "${FUNCNAME[0]}" "Github Dorks in process" if [[ -s ${GITHUB_TOKENS} ]]; then @@ -450,6 +452,7 @@ function github_dorks() { function github_repos() { + mkdir -p .tmp if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $GITHUB_REPOS == true ]] && [[ $OSINT == true ]]; then start_func "${FUNCNAME[0]}" "Github Repos analysis in process" @@ -483,6 +486,7 @@ function github_repos() { function metadata() { + mkdir -p osint if { [[ ! -f "${called_fn_dir}/.${FUNCNAME[0]}" ]] || [[ ${DIFF} == true ]]; } && [[ ${METADATA} == true ]] && [[ ${OSINT} == true ]] && ! [[ ${domain} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Scanning metadata in public files" metafinder -d "$domain" -l $METAFINDER_LIMIT -o osint -go -bi -ba &>>"$LOGFILE" || { @@ -510,6 +514,7 @@ function metadata() { function apileaks() { + mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $API_LEAKS == true ]] && [[ $OSINT == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Scanning for leaks in APIs public directories" @@ -547,6 +552,7 @@ function apileaks() { function emails() { + mkdir -p {.tmp,osint} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $EMAILS == true ]] && [[ $OSINT == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Searching emails/users/passwords leaks" emailfinder -d $domain 2>>"$LOGFILE" | anew -q .tmp/emailfinder.txt || { @@ -574,6 +580,7 @@ function emails() { function domain_info() { + mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $DOMAIN_INFO == true ]] && [[ $OSINT == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Searching domain info (whois, registrant name/email domains)" whois -H $domain >osint/domain_info_general.txt || { echo "whois command failed"; } @@ -602,6 +609,7 @@ function domain_info() { function ip_info() { + mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $IP_INFO == true ]] && [[ $OSINT == true ]] && [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Searching ip info" if [[ -n $WHOISXML_API ]]; then @@ -633,6 +641,8 @@ function ip_info() { ############################################################################################################### function subdomains_full() { + + mkdir -p {.tmp,webs,subdomains} NUMOFLINES_subs="0" NUMOFLINES_probed="0" printf "${bgreen}#######################################################################\n\n" @@ -687,6 +697,7 @@ function subdomains_full() { function sub_passive() { + mkdir -p .tmp if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBPASSIVE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Passive Subdomain Enumeration" @@ -726,6 +737,7 @@ function sub_passive() { function sub_crt() { + if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBCRT == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Crtsh Subdomain Enumeration" crt -s -json -l ${CTR_LIMIT} $domain 2>>"$LOGFILE" | jq -r '.[].subdomain' 2>>"$LOGFILE" | sed -e 's/^\*\.//' | anew -q .tmp/crtsh_subs_tmp.txt 2>>"$LOGFILE" >/dev/null @@ -744,6 +756,7 @@ function sub_crt() { function sub_active() { + mkdir -p {.tmp,subdomains} if [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Active Subdomain Enumeration" find .tmp -type f -iname "*_subs.txt" -exec cat {} + | anew -q .tmp/subs_no_resolved.txt @@ -772,6 +785,7 @@ function sub_active() { function sub_noerror() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBNOERROR == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Checking NOERROR DNS response" if [[ $(echo "${RANDOM}thistotallynotexist${RANDOM}.$domain" | dnsx -r $resolvers -rcode noerror,nxdomain -retry 3 -silent | cut -d' ' -f2) == "[NXDOMAIN]" ]]; then @@ -799,6 +813,7 @@ function sub_noerror() { function sub_dns() { + mkdir -p {.tmp,subdomains} if [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : DNS Subdomain Enumeration and PTR search" if [[ $AXIOM != true ]]; then @@ -828,6 +843,7 @@ function sub_dns() { function sub_brute() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBBRUTE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Bruteforce Subdomain Enumeration" if [[ $AXIOM != true ]]; then @@ -862,9 +878,11 @@ function sub_brute() { function sub_scraping() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBSCRAPING == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Source code scraping subdomain search" touch .tmp/scrap_subs.txt + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" if [[ -s "$dir/subdomains/subdomains.txt" ]]; then if [[ $(cat subdomains/subdomains.txt | wc -l) -le $DEEP_LIMIT ]] || [[ $DEEP == true ]]; then if [[ $AXIOM != true ]]; then @@ -920,10 +938,10 @@ function sub_scraping() { function sub_analytics() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBANALYTICS == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Analytics Subdomain Enumeration" if [[ -s ".tmp/probed_tmp_scrap.txt" ]]; then - mkdir -p .tmp/output_analytics/ analyticsrelationships -ch <.tmp/probed_tmp_scrap.txt >>.tmp/analytics_subs_tmp.txt 2>>"$LOGFILE" [ -s ".tmp/analytics_subs_tmp.txt" ] && cat .tmp/analytics_subs_tmp.txt | grep "\.$domain$\|^$domain$" | grep -E '^((http|https):\/\/)?([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{1,}(\/.*)?$' | sed "s/|__ //" | anew -q .tmp/analytics_subs_clean.txt @@ -950,8 +968,10 @@ function sub_analytics() { function sub_permut() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBPERMUTE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Permutations Subdomain Enumeration" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" if [[ $DEEP == true ]] || [[ "$(cat subdomains/subdomains.txt | wc -l)" -le $DEEP_LIMIT ]]; then if [[ $PERMUTATIONS_OPTION == "gotator" ]]; then [ -s "subdomains/subdomains.txt" ] && gotator -sub subdomains/subdomains.txt -perm ${tools}/permutations_list.txt $GOTATOR_FLAGS -silent 2>>"$LOGFILE" | head -c $PERMUTATIONS_LIMIT >.tmp/gotator1.txt @@ -1009,13 +1029,14 @@ function sub_permut() { function sub_regex_permut() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBREGEXPERMUTE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Permutations by regex analysis" pushd "${tools}/regulator" >/dev/null || { echo "Failed to cd directory in ${FUNCNAME[0]} @ line ${LINENO}" } - + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" python3 main.py -t $domain -f ${dir}/subdomains/subdomains.txt -o ${dir}/.tmp/${domain}.brute popd >/dev/null || { @@ -1052,6 +1073,7 @@ function sub_recursive_passive() { if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUB_RECURSIVE_PASSIVE == true ]] && [[ -s "subdomains/subdomains.txt" ]]; then start_subfunc ${FUNCNAME[0]} "Running : Subdomains recursive search passive" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" # Passive recursive [ -s "subdomains/subdomains.txt" ] && dsieve -if subdomains/subdomains.txt -f 3 -top $DEEP_RECURSIVE_PASSIVE >.tmp/subdomains_recurs_top.txt if [[ $AXIOM != true ]]; then @@ -1079,8 +1101,10 @@ function sub_recursive_passive() { function sub_recursive_brute() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUB_RECURSIVE_BRUTE == true ]] && [[ -s "subdomains/subdomains.txt" ]]; then start_subfunc ${FUNCNAME[0]} "Running : Subdomains recursive search active" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" if [[ $(cat subdomains/subdomains.txt | wc -l) -le $DEEP_LIMIT ]]; then [ ! -s ".tmp/subdomains_recurs_top.txt" ] && dsieve -if subdomains/subdomains.txt -f 3 -top $DEEP_RECURSIVE_PASSIVE >.tmp/subdomains_recurs_top.txt ripgen -d .tmp/subdomains_recurs_top.txt -w $subs_wordlist >.tmp/brute_recursive_wordlist.txt @@ -1147,6 +1171,7 @@ function sub_recursive_brute() { function subtakeover() { + mkdir -p {.tmp,webs,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBTAKEOVER == true ]]; then start_func ${FUNCNAME[0]} "Looking for possible subdomain and DNS takeover" touch .tmp/tko.txt @@ -1182,6 +1207,7 @@ function subtakeover() { function zonetransfer() { + mkdir -p subdomains if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $ZONETRANSFER == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Zone transfer check" for ns in $(dig +short ns "$domain"); do dig axfr "$domain" @"$ns" >>subdomains/zonetransfer.txt; done @@ -1207,8 +1233,10 @@ function zonetransfer() { function s3buckets() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $S3BUCKETS == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "AWS S3 buckets search" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" # S3Scanner if [[ $AXIOM != true ]]; then [ -s "subdomains/subdomains.txt" ] && s3scanner scan -f subdomains/subdomains.txt 2>>"$LOGFILE" | anew -q .tmp/s3buckets.txt @@ -1254,6 +1282,7 @@ function s3buckets() { function geo_info() { + mkdir -p hosts if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $GEO_INFO == true ]]; then start_func ${FUNCNAME[0]} "Running: ipinfo via ipapi.co" ips_file="${dir}/hosts/ips.txt" @@ -1316,8 +1345,10 @@ function geo_info() { function webprobe_simple() { + mkdir -p {.tmp,webs,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WEBPROBESIMPLE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Http probing $domain" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" if [[ $AXIOM != true ]]; then cat subdomains/subdomains.txt | httpx ${HTTPX_FLAGS} -no-color -json -random-agent -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -retries 2 -timeout $HTTPX_TIMEOUT -o .tmp/web_full_info_probe.txt 2>>"$LOGFILE" >/dev/null else @@ -1346,8 +1377,10 @@ function webprobe_simple() { function webprobe_full() { + mkdir -p {.tmp,webs,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WEBPROBEFULL == true ]]; then start_func ${FUNCNAME[0]} "Http probing non standard ports" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" if [[ -s "subdomains/subdomains.txt" ]]; then if [[ $AXIOM != true ]]; then if [[ -s "subdomains/subdomains.txt" ]]; then @@ -1389,6 +1422,7 @@ function webprobe_full() { function screenshot() { + mkdir -p {webs,screenshots} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WEBSCREENSHOT == true ]]; then start_func ${FUNCNAME[0]} "Web Screenshots" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -1411,11 +1445,11 @@ function screenshot() { function virtualhosts() { + mkdir -p {.tmp/virtualhosts,virtualhosts,webs} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $VIRTUALHOSTS == true ]]; then start_func ${FUNCNAME[0]} "Virtual Hosts dicovery" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt if [[ -s "webs/webs_all.txt" ]]; then - mkdir -p $dir/virtualhosts $dir/.tmp/virtualhosts interlace -tL webs/webs_all.txt -threads ${INTERLACE_THREADS} -c "ffuf -ac -t ${FFUF_THREADS} -rate ${FFUF_RATELIMIT} -H \"${HEADER}\" -H \"Host: FUZZ._cleantarget_\" -w ${fuzz_wordlist} -maxtime ${FFUF_MAXTIME} -u _target_ -of json -o _output_/_cleantarget_.json" -o $dir/.tmp/virtualhosts 2>>"$LOGFILE" >/dev/null for sub in $(cat webs/webs_all.txt); do sub_out=$(echo $sub | sed -e 's|^[^/]*//||' -e 's|/.*$||') @@ -1442,6 +1476,7 @@ function virtualhosts() { function favicon() { + mkdir -p hosts if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $FAVICON == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Favicon Ip Lookup" pushd "${tools}/fav-up" >/dev/null || { @@ -1479,6 +1514,7 @@ function favicon() { function portscan() { + mkdir -p {.tmp,subdomains,hosts} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $PORTSCANNER == true ]]; then start_func ${FUNCNAME[0]} "Port scan" if ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then @@ -1546,6 +1582,7 @@ function portscan() { function cdnprovider() { + mkdir -p {.tmp,subdomains,hosts} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $CDN_IP == true ]]; then start_func ${FUNCNAME[0]} "CDN provider check" [ -s "subdomains/subdomains_dnsregs.json" ] && cat subdomains/subdomains_dnsregs.json | jq -r 'try . | .a[]' | grep -aEiv "^(127|10|169\.154|172\.1[6789]|172\.2[0-9]|172\.3[01]|192\.168)\." | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | sort -u >.tmp/ips_cdn.txt @@ -1567,6 +1604,7 @@ function cdnprovider() { function waf_checks() { + mkdir -p {.tmp,webs} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WAF_DETECTION == true ]]; then start_func ${FUNCNAME[0]} "Website's WAF detection" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -1599,10 +1637,11 @@ function waf_checks() { function nuclei_check() { + mkdir -p {.tmp,webs,subdomains,nuclei_output} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $NUCLEICHECK == true ]]; then start_func ${FUNCNAME[0]} "Templates based web scanner" nuclei -update 2>>"$LOGFILE" >/dev/null - mkdir -p nuclei_output + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt [ ! -s ".tmp/webs_subs.txt" ] && cat subdomains/subdomains.txt webs/webs_all.txt 2>>"$LOGFILE" | anew -q .tmp/webs_subs.txt if [[ $AXIOM != true ]]; then # avoid globbing (expansion of *). @@ -1636,11 +1675,12 @@ function nuclei_check() { function fuzz() { + mkdir -p {.tmp/fuzzing,webs,fuzzing} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $FUZZ == true ]]; then start_func ${FUNCNAME[0]} "Web directory fuzzing" + [[ -n $multi ]] && [ ! -f "$dir/webs/webs.txt" ] && echo "$domain" > "$dir/webs/webs.txt" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt if [[ -s "webs/webs_all.txt" ]]; then - mkdir -p $dir/fuzzing $dir/.tmp/fuzzing if [[ $AXIOM != true ]]; then interlace -tL webs/webs_all.txt -threads ${INTERLACE_THREADS} -c "ffuf ${FFUF_FLAGS} -t ${FFUF_THREADS} -rate ${FFUF_RATELIMIT} -H \"${HEADER}\" -w ${fuzz_wordlist} -maxtime ${FFUF_MAXTIME} -u _target_/FUZZ -o _output_/_cleantarget_.json" -o $dir/.tmp/fuzzing 2>>"$LOGFILE" >/dev/null for sub in $(cat webs/webs_all.txt); do @@ -1675,9 +1715,11 @@ function fuzz() { function cms_scanner() { + mkdir -p {.tmp,webs,cms} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $CMS_SCANNER == true ]]; then start_func ${FUNCNAME[0]} "CMS Scanner" - mkdir -p $dir/cms && rm -rf $dir/cms/* + rm -rf $dir/cms/* + [[ -n $multi ]] && [ ! -f "$dir/webs/webs.txt" ] && echo "$domain" > "$dir/webs/webs.txt" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt if [[ -s "webs/webs_all.txt" ]]; then tr '\n' ',' .tmp/cms.txt 2>>"$LOGFILE" @@ -1717,9 +1759,9 @@ function cms_scanner() { function urlchecks() { + mkdir -p {.tmp,webs} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $URL_CHECK == true ]]; then start_func ${FUNCNAME[0]} "URL Extraction" - mkdir -p js [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt if [[ -s "webs/webs_all.txt" ]]; then if [[ $AXIOM != true ]]; then @@ -1797,9 +1839,9 @@ function urlchecks() { function url_gf() { + mkdir -p {.tmp,webs,gf} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $URL_GF == true ]]; then start_func ${FUNCNAME[0]} "Vulnerable Pattern Search" - mkdir -p gf if [[ -s "webs/url_extract.txt" ]]; then gf xss webs/url_extract.txt | anew -q gf/xss.txt gf ssti webs/url_extract.txt | anew -q gf/ssti.txt @@ -1825,6 +1867,7 @@ function url_gf() { function url_ext() { + mkdir -p {.tmp,webs} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $URL_EXT == true ]]; then if [[ -s ".tmp/url_extract_tmp.txt" ]]; then start_func ${FUNCNAME[0]} "Urls by extension" @@ -1851,6 +1894,7 @@ function url_ext() { function jschecks() { + mkdir -p {.tmp,webs,subdomains,js} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $JSCHECKS == true ]]; then start_func ${FUNCNAME[0]} "Javascript Scan" if [[ -s ".tmp/url_extract_js.txt" ]]; then @@ -1904,6 +1948,7 @@ function jschecks() { function wordlist_gen() { + mkdir -p {.tmp,webs} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WORDLIST == true ]]; then start_func ${FUNCNAME[0]} "Wordlist generation" if [[ -s ".tmp/url_extract_tmp.txt" ]]; then @@ -1930,6 +1975,7 @@ function wordlist_gen() { function wordlist_gen_roboxtractor() { + mkdir -p webs if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $ROBOTSWORDLIST == true ]]; then start_func ${FUNCNAME[0]} "Robots wordlist generation" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -1949,6 +1995,7 @@ function wordlist_gen_roboxtractor() { function password_dict() { + mkdir -p webs if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $PASSWORD_DICT == true ]]; then start_func ${FUNCNAME[0]} "Password dictionary generation" word=${domain%%.*} @@ -1970,6 +2017,7 @@ function password_dict() { function brokenLinks() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $BROKENLINKS == true ]]; then start_func ${FUNCNAME[0]} "Broken links checks" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -2008,6 +2056,7 @@ function brokenLinks() { function xss() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $XSS == true ]] && [[ -s "gf/xss.txt" ]]; then start_func ${FUNCNAME[0]} "XSS Analysis" [ -s "gf/xss.txt" ] && cat gf/xss.txt | qsreplace FUZZ | sed '/FUZZ/!d' | Gxss -c 100 -p Xss | qsreplace FUZZ | sed '/FUZZ/!d' | anew -q .tmp/xss_reflected.txt @@ -2067,6 +2116,7 @@ function xss() { function cors() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $CORS == true ]]; then start_func ${FUNCNAME[0]} "CORS Scan" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -2084,6 +2134,7 @@ function cors() { function open_redirect() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $OPEN_REDIRECT == true ]] && [[ -s "gf/redirect.txt" ]]; then start_func ${FUNCNAME[0]} "Open redirects checks" if [[ $DEEP == true ]] || [[ $(cat gf/redirect.txt | wc -l) -le $DEEP_LIMIT ]]; then @@ -2109,6 +2160,7 @@ function open_redirect() { function ssrf_checks() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SSRF_CHECKS == true ]] && [[ -s "gf/ssrf.txt" ]]; then start_func ${FUNCNAME[0]} "SSRF checks" if [[ -z $COLLAB_SERVER ]]; then @@ -2149,6 +2201,7 @@ function ssrf_checks() { function crlf_checks() { + mkdir -p {webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $CRLF_CHECKS == true ]]; then start_func ${FUNCNAME[0]} "CRLF checks" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -2170,6 +2223,7 @@ function crlf_checks() { function lfi() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $LFI == true ]] && [[ -s "gf/lfi.txt" ]]; then start_func ${FUNCNAME[0]} "LFI checks" if [[ -s "gf/lfi.txt" ]]; then @@ -2195,6 +2249,7 @@ function lfi() { function ssti() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SSTI == true ]] && [[ -s "gf/ssti.txt" ]]; then start_func ${FUNCNAME[0]} "SSTI checks" if [[ -s "gf/ssti.txt" ]]; then @@ -2221,6 +2276,7 @@ function ssti() { function sqli() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SQLI == true ]] && [[ -s "gf/sqli.txt" ]]; then start_func ${FUNCNAME[0]} "SQLi checks" @@ -2250,8 +2306,10 @@ function sqli() { function test_ssl() { + mkdir -p {hosts,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $TEST_SSL == true ]]; then start_func ${FUNCNAME[0]} "SSL Test" + [[ -n $multi ]] && [ ! -f "$dir/hosts/ips.txt" ] && echo "$domain" > "$dir/hosts/ips.txt" ${tools}/testssl.sh/testssl.sh --quiet --color 0 -U -iL hosts/ips.txt 2>>"$LOGFILE" >vulns/testssl.txt end_func "Results are saved in vulns/testssl.txt" ${FUNCNAME[0]} else @@ -2266,6 +2324,7 @@ function test_ssl() { function spraying() { + mkdir -p vulns if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SPRAY == true ]]; then start_func ${FUNCNAME[0]} "Password spraying" @@ -2290,6 +2349,7 @@ function spraying() { function command_injection() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $COMM_INJ == true ]] && [[ -s "gf/rce.txt" ]]; then start_func ${FUNCNAME[0]} "Command Injection checks" [ -s "gf/rce.txt" ] && cat gf/rce.txt | qsreplace FUZZ | sed '/FUZZ/!d' | anew -q .tmp/tmp_rce.txt @@ -2313,6 +2373,7 @@ function command_injection() { function 4xxbypass() { + mkdir -p {.tmp,fuzzing,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $BYPASSER4XX == true ]]; then if [[ $(cat fuzzing/fuzzing_full.txt 2>/dev/null | grep -E '^4' | grep -Ev '^404' | cut -d ' ' -f3 | wc -l) -le 1000 ]] || [[ $DEEP == true ]]; then start_func "403 bypass" @@ -2343,6 +2404,7 @@ function 4xxbypass() { function prototype_pollution() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $PROTO_POLLUTION == true ]]; then start_func ${FUNCNAME[0]} "Prototype Pollution checks" if [[ $DEEP == true ]] || [[ $(cat webs/url_extract.txt | wc -l) -le $DEEP_LIMIT ]]; then @@ -2364,6 +2426,7 @@ function prototype_pollution() { function smuggling() { + mkdir -p {.tmp,webs,vulns/smuggling} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SMUGGLING == true ]]; then start_func ${FUNCNAME[0]} "HTTP Request Smuggling checks" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -2372,7 +2435,6 @@ function smuggling() { echo "Failed to cd directory in ${FUNCNAME[0]} @ line ${LINENO}" } cat $dir/webs/webs_all.txt | python3 smuggler.py -q --no-color 2>/dev/null | anew -q $dir/.tmp/smuggling.txt - mkdir -p $dir/vulns/smuggling/ find payloads -type f ! -name "README*" -exec mv {} $dir/vulns/smuggling/ \; popd >/dev/null || { echo "Failed to popd in ${FUNCNAME[0]} @ line ${LINENO}" @@ -2394,6 +2456,7 @@ function smuggling() { function webcache() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WEBCACHE == true ]]; then start_func ${FUNCNAME[0]} "Web Cache Poisoning checks" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -2423,6 +2486,7 @@ function webcache() { function fuzzparams() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $FUZZPARAMS == true ]]; then start_func ${FUNCNAME[0]} "Fuzzing params values checks" if [[ $DEEP == true ]] || [[ $(cat webs/url_extract.txt | wc -l) -le $DEEP_LIMIT2 ]]; then @@ -2814,7 +2878,7 @@ function start() { list="${dir}/target.txt" fi fi - mkdir -p .tmp .log osint subdomains webs hosts vulns + mkdir -p .log NOW=$(date +"%F") NOWT=$(date +"%T") @@ -2980,7 +3044,7 @@ function multi_osint() { echo "Failed to cd directory '$workdir' in ${FUNCNAME[0]} @ line ${LINENO}" exit 1 } - mkdir -p .tmp .called_fn osint subdomains webs hosts vulns + mkdir -p {.called_fn,.log} NOW=$(date +"%F") NOWT=$(date +"%T") @@ -2996,7 +3060,7 @@ function multi_osint() { echo "Failed to cd directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" exit 1 } - mkdir -p .tmp .called_fn osint subdomains webs hosts vulns + mkdir -p {.called_fn,.log} NOW=$(date +"%F") NOWT=$(date +"%T") LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" @@ -3097,7 +3161,7 @@ function multi_recon() { exit 1 } - mkdir -p .tmp .log .called_fn osint subdomains webs hosts vulns + mkdir -p {.called_fn,.log} NOW=$(date +"%F") NOWT=$(date +"%T") LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" @@ -3114,7 +3178,7 @@ function multi_recon() { echo "Failed to cd directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" exit 1 } - mkdir -p .tmp .log .called_fn osint subdomains webs hosts vulns + mkdir -p {.called_fn,.log} NOW=$(date +"%F") NOWT=$(date +"%T") @@ -3137,10 +3201,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished 1st loop in ${runtime} $currently ${reset}\n" + printf "${bgreen} $domain finished 1st loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3175,10 +3239,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished 2nd loop in ${runtime} $currently ${reset}\n" + printf "${bgreen} $domain finished 2nd loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3230,10 +3294,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished 3rd loop in ${runtime} $currently ${reset}\n" + printf "${bgreen} $domain finished 3rd loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3260,10 +3324,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished final loop in ${runtime} $currently ${reset}\n" + printf "${bgreen} $domain finished final loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3276,6 +3340,93 @@ function multi_recon() { end } +function multi_custom() { + + global_start=$(date +%s) + + if [[ $NOTIFICATION == true ]]; then + NOTIFY="notify -silent" + else + NOTIFY="" + fi + + if [[ -s $list ]]; then + sed -i 's/\r$//' $list + targets=$(cat $list) + else + notification "Target list not provided" error + exit + fi + + workdir=${SCRIPTPATH}/Recon/$multi + mkdir -p $workdir || { + echo "Failed to create directory '$workdir' in ${FUNCNAME[0]} @ line ${LINENO}" + exit 1 + } + cd "$workdir" || { + echo "Failed to cd directory '$workdir' in ${FUNCNAME[0]} @ line ${LINENO}" + exit 1 + } + + mkdir -p {.log} + NOW=$(date +"%F") + NOWT=$(date +"%T") + LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" + touch .log/${NOW}_${NOWT}.txt + echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + + [ -n "$flist" ] && LISTTOTAL=$(cat "$flist" | wc -l) + + + if [[ $AXIOM == true ]]; then + axiom_lauch + axiom_selected + fi + + custom_function_list=$(echo $custom_function|sed -i 's/,/\n/') + + [ -n "$custom_function_list" ] && LISTFUNCTOTAL=$(echo "$flist" | wc -l) + + for domain in $targets; do + loopstart=$(date +%s) + dir=$workdir/targets/$domain + + cd "$dir" || { + echo "Failed to cd directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" + exit 1 + } + mkdir -p {.called_fn,.log} + called_fn_dir=$dir/.called_fn + + echo $domain > $dir/.tmp/webs_subs.txt + func_count=0 + for custom_f in $custom_function_list; do + ((func_count++)) + + loopstart=$(date +%s) + + $custom_f + + currently=$(date +"%H:%M:%S") + loopend=$(date +%s) + getElapsedTime $loopstart $loopend + printf "${bgreen}#######################################################################${reset}\n" + printf "${bgreen} $domain finished $custom_function in ${runtime} $currently ${reset}\n" + if [[ -n $flist ]]; then + POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') + printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL (${func_count}/${LISTFUNCTOTAL})${reset}\n" + fi + printf "${bgreen}#######################################################################${reset}\n" + done + done + + if [[ $AXIOM == true ]]; then + axiom_shutdown + fi + + end +} + function subs_menu() { start @@ -3380,7 +3531,7 @@ if [[ $OSTYPE == "darwin"* ]]; then PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH" fi -PROGARGS=$(getopt -o 'd:m:l:x:i:o:f:q:c:rspanvh::' --long 'domain:,list:,recon,subdomains,passive,all,web,osint,deep,help,vps' -n 'reconFTW' -- "$@") +PROGARGS=$(getopt -o 'd:m:l:x:i:o:f:q:c:rspanvh::' --long 'domain:,list:,custom:,recon,subdomains,passive,all,web,osint,deep,help,vps' -n 'reconFTW' -- "$@") # Note the quotes around "$PROGARGS": they are essential! eval set -- "$PROGARGS" @@ -3679,19 +3830,26 @@ case $opt_mode in fi ;; 'c') - export DIFF=true - dir="${SCRIPTPATH}/Recon/$domain" - cd $dir || { - echo "Failed to cd directory '$dir'" - exit 1 - } - LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" - called_fn_dir=$dir/.called_fn - $custom_function - cd ${SCRIPTPATH} || { - echo "Failed to cd directory '$dir'" - exit 1 - } + if [[ -n $multi ]]; then + if [[ $AXIOM == true ]]; then + mode="multi_custom" + fi + multi_custom + else + export DIFF=true + dir="${SCRIPTPATH}/Recon/$domain" + cd $dir || { + echo "Failed to cd directory '$dir'" + exit 1 + } + LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" + called_fn_dir=$dir/.called_fn + $custom_function + cd ${SCRIPTPATH} || { + echo "Failed to cd directory '$dir'" + exit 1 + } + fi exit ;; # No mode selected. EXIT! From 4b65306547382bf0f1d2bae083062d0aeaf55b1b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 15:21:32 +0100 Subject: [PATCH 02/28] Several patches for bash script, needed by the trap error function Nuclei output now in json format Externalyze reconftw and axiom repo in order tu use custom code --- .gitignore | 1 + Docker/Dockerfile | 10 +++++-- reconftw.cfg | 4 +-- reconftw.sh | 67 +++++++++++++++++++++++++++++++++-------------- 4 files changed, 59 insertions(+), 23 deletions(-) diff --git a/.gitignore b/.gitignore index 801b55e2..28f04e81 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ test/ *.tar *.tar.* *.zip +.DS_Store diff --git a/Docker/Dockerfile b/Docker/Dockerfile index ebb0d53e..a9c9faff 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -10,6 +10,9 @@ ARG SHODAN_API_KEY="XXXXXXXXXXXXXX" ARG LANG=en_US.UTF-8 ARG LANGUAGE=en_US +ARG GIT_REPOSITORY_AXIOM +ARG GIT_REPOSITORY_RECONFTW + ################################################## ###> Do NOT change anything beyond this point <### ################################################## @@ -38,6 +41,9 @@ ENV LANG=$LANG ENV LANGUAGE=$LANGUAGE ENV LC_ALL=$LANG +ENV GIT_REPOSITORY_AXIOM=${GIT_REPOSITORY_AXIOM:-"https://github.com/pry0cc/axiom"} +ENV GIT_REPOSITORY_RECONFTW=${GIT_REPOSITORY_RECONFTW:-"https://github.com/six2dez/reconftw"} + ENV DEBIAN_FRONTEND=noninteractive ENV DEBCONF_NONINTERACTIVE_SEEN=true @@ -80,7 +86,7 @@ localepurge ###>> Configure Axiom <<### mkdir -p /root/.axiom/ -git clone https://github.com/pry0cc/axiom /root/.axiom/ +git clone ${AXIOM_GIT_REPOSITORY} /root/.axiom/ cd /root/.axiom/interact ./axiom-configure --unattended --shell Bash ## This avoids useless error messages later. @@ -90,7 +96,7 @@ touch /root/.axiom/interact/includes/functions.sh ###>> Install reconFTW <<### mkdir -p /root/Tools mkdir -p /reconftw -git clone https://github.com/six2dez/reconftw.git /reconftw +git clone ${GIT_REPOSITORY_RECONFTW} /reconftw cd /reconftw sh -c 'echo 1 | ./install.sh' diff --git a/reconftw.cfg b/reconftw.cfg index 018c003b..89873f06 100644 --- a/reconftw.cfg +++ b/reconftw.cfg @@ -1,6 +1,6 @@ -################################################################# +############################################# # reconFTW config file # -################################################################# +############################################# # General values tools=~/Tools # Path installed tools diff --git a/reconftw.sh b/reconftw.sh index 5655077f..07dca4d7 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -12,6 +12,19 @@ # ░ ░ ░░ ░ ░ ░ ░ ░ # + +# Error Management +set -eEuo pipefail +function failure() { + local lineno=$1 + local msg=$2 + shift 2 + local func=$(echo "${@}"|tr ' ' '|') + echo "##### ERROR [$lineno][$func] $msg #####" +} +trap 'failure ${LINENO} "$BASH_COMMAND" ${FUNCNAME[@]}' ERR + + function banner_graber() { source "${SCRIPTPATH}"/banners.txt randx=$(shuf -i 1-23 -n 1) @@ -404,6 +417,7 @@ function google_dorks() { mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $GOOGLE_DORKS == true ]] && [[ $OSINT == true ]]; then + start_func "${FUNCNAME[0]}" "Google Dorks in process" python3 ${tools}/dorks_hunter/dorks_hunter.py -d "$domain" -o osint/dorks.txt || { echo "dorks_hunter command failed" exit 1 @@ -1277,7 +1291,7 @@ function s3buckets() { } ############################################################################################################### -############################################# GEOLOCALIZATION INFO ####################################################### +############################################# GEOLOCALIZATION INFO ############################################ ############################################################################################################### function geo_info() { @@ -1348,7 +1362,7 @@ function webprobe_simple() { mkdir -p {.tmp,webs,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WEBPROBESIMPLE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Http probing $domain" - [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" && touch .tmp/web_full_info.txt webs/web_full_info.txt if [[ $AXIOM != true ]]; then cat subdomains/subdomains.txt | httpx ${HTTPX_FLAGS} -no-color -json -random-agent -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -retries 2 -timeout $HTTPX_TIMEOUT -o .tmp/web_full_info_probe.txt 2>>"$LOGFILE" >/dev/null else @@ -1380,7 +1394,7 @@ function webprobe_full() { mkdir -p {.tmp,webs,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WEBPROBEFULL == true ]]; then start_func ${FUNCNAME[0]} "Http probing non standard ports" - [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" && touch webs/webs.txt if [[ -s "subdomains/subdomains.txt" ]]; then if [[ $AXIOM != true ]]; then if [[ -s "subdomains/subdomains.txt" ]]; then @@ -1548,11 +1562,9 @@ function portscan() { formatted_json+="]" echo "$formatted_json" >"${dir}/hosts/portscan_shodan.txt" fi - else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi if [[ $PORTSCAN_PASSIVE == true ]] && [[ ! -f "hosts/portscan_passive.txt" ]] && [[ -s ".tmp/ips_nocdn.txt" ]]; then - smap -iL .tmp/ips_nocdn.txt >hosts/portscan_passive.txt + smap -iL .tmp/ips_nocdn.txt >hosts/portscan_passive.txt fi if [[ $PORTSCAN_ACTIVE == true ]]; then if [[ $AXIOM != true ]]; then @@ -1569,7 +1581,7 @@ function portscan() { notification "Webs detected from port scan: ${NUMOFLINES} new websites" good cat hosts/webs.txt fi - end_func "Results are saved in hosts/portscan_[passive|active|shodan].txt" ${FUNCNAME[0]} + end_func "Results are saved in hosts/portscan_[passive|active|shodan].[txt|xml]" ${FUNCNAME[0]} else if [[ $PORTSCANNER == false ]]; then printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" @@ -1641,14 +1653,14 @@ function nuclei_check() { if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $NUCLEICHECK == true ]]; then start_func ${FUNCNAME[0]} "Templates based web scanner" nuclei -update 2>>"$LOGFILE" >/dev/null - [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" && touch webs/webs.txt webs/webs_uncommon_ports.txt [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt [ ! -s ".tmp/webs_subs.txt" ] && cat subdomains/subdomains.txt webs/webs_all.txt 2>>"$LOGFILE" | anew -q .tmp/webs_subs.txt if [[ $AXIOM != true ]]; then # avoid globbing (expansion of *). IFS=',' read -ra severity_array <<<"$NUCLEI_SEVERITY" for crit in "${severity_array[@]}"; do printf "${yellow}\n Running : Nuclei $crit ${reset}\n\n" - cat .tmp/webs_subs.txt 2>/dev/null | nuclei $NUCLEI_FLAGS -severity $crit -nh -rl $NUCLEI_RATELIMIT -o nuclei_output/${crit}.txt + cat .tmp/webs_subs.txt 2>/dev/null | nuclei $NUCLEI_FLAGS -severity $crit -nh -rl $NUCLEI_RATELIMIT -j -o nuclei_output/${crit}.json done printf "\n\n" else @@ -1656,8 +1668,8 @@ function nuclei_check() { IFS=',' read -ra severity_array <<<"$NUCLEI_SEVERITY" for crit in "${severity_array[@]}"; do printf "${yellow}\n Running : Nuclei $crit, check results on nuclei_output folder${reset}\n\n" - axiom-scan .tmp/webs_subs.txt -m nuclei --nuclei-templates ${NUCLEI_TEMPLATES_PATH} -severity ${crit} -nh -rl $NUCLEI_RATELIMIT -o nuclei_output/${crit}.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null - [ -s "nuclei_output/${crit}.txt" ] && cat nuclei_output/${crit}.txt + axiom-scan .tmp/webs_subs.txt -m nuclei --nuclei-templates ${NUCLEI_TEMPLATES_PATH} -severity ${crit} -nh -rl $NUCLEI_RATELIMIT -j -o nuclei_output/${crit}.json $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null + [ -s "nuclei_output/${crit}.json" ] && jq -r '.|[.info.severity,.host,.info.nameo,.url]|@csv' |tr -d '"' nuclei_output/${crit}.json done printf "\n\n" fi @@ -1678,7 +1690,7 @@ function fuzz() { mkdir -p {.tmp/fuzzing,webs,fuzzing} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $FUZZ == true ]]; then start_func ${FUNCNAME[0]} "Web directory fuzzing" - [[ -n $multi ]] && [ ! -f "$dir/webs/webs.txt" ] && echo "$domain" > "$dir/webs/webs.txt" + [[ -n $multi ]] && [ ! -f "$dir/webs/webs.txt" ] && echo "$domain" > "$dir/webs/webs.txt" && touch webs/webs_uncommon_ports.txt [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt if [[ -s "webs/webs_all.txt" ]]; then if [[ $AXIOM != true ]]; then @@ -1719,7 +1731,7 @@ function cms_scanner() { if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $CMS_SCANNER == true ]]; then start_func ${FUNCNAME[0]} "CMS Scanner" rm -rf $dir/cms/* - [[ -n $multi ]] && [ ! -f "$dir/webs/webs.txt" ] && echo "$domain" > "$dir/webs/webs.txt" + [[ -n $multi ]] && [ ! -f "$dir/webs/webs.txt" ] && echo "$domain" > "$dir/webs/webs.txt" && touch webs/webs_uncommon_ports.txt [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt if [[ -s "webs/webs_all.txt" ]]; then tr '\n' ',' .tmp/cms.txt 2>>"$LOGFILE" @@ -2764,7 +2776,7 @@ function axiom_lauch() { # let's fire up a FLEET! if [[ $AXIOM_FLEET_LAUNCH == true ]] && [[ -n $AXIOM_FLEET_NAME ]] && [[ -n $AXIOM_FLEET_COUNT ]]; then start_func ${FUNCNAME[0]} "Launching our Axiom fleet" - python3 -m pip install --upgrade linode-cli 2>>"$LOGFILE" >/dev/null + #python3 -m pip install --upgrade linode-cli 2>>"$LOGFILE" >/dev/null # Check to see if we have a fleet already, if so, SKIP THIS! NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME") if [[ $NUMOFNODES -ge $AXIOM_FLEET_COUNT ]]; then @@ -3368,7 +3380,7 @@ function multi_custom() { exit 1 } - mkdir -p {.log} + mkdir -p .log NOW=$(date +"%F") NOWT=$(date +"%T") LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" @@ -3383,13 +3395,18 @@ function multi_custom() { axiom_selected fi - custom_function_list=$(echo $custom_function|sed -i 's/,/\n/') + custom_function_list=$(echo $custom_function|tr ',' '\n') + [ -n "$custom_function_list" ] && LISTFUNCTOTAL=$(echo "$flist" | wc -l) for domain in $targets; do loopstart=$(date +%s) dir=$workdir/targets/$domain + mkdir -p $dir || { + echo "Failed to create directory '$workdir' in ${FUNCNAME[0]} @ line ${LINENO}" + exit 1 + } cd "$dir" || { echo "Failed to cd directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" @@ -3398,10 +3415,9 @@ function multi_custom() { mkdir -p {.called_fn,.log} called_fn_dir=$dir/.called_fn - echo $domain > $dir/.tmp/webs_subs.txt func_count=0 for custom_f in $custom_function_list; do - ((func_count++)) + ((func_count=func_count+1)) loopstart=$(date +%s) @@ -3411,7 +3427,7 @@ function multi_custom() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished $custom_function in ${runtime} $currently ${reset}\n" + printf "${bgreen} $domain finished $custom_f in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL (${func_count}/${LISTFUNCTOTAL})${reset}\n" @@ -3656,6 +3672,19 @@ while true; do esac done +# Initialize some variables +opt_deep="${opt_deep:=false}" +rate_limit="${rate_limit:=0}" +outOfScope_file="${outOfScope_file:=}" +inScope_file="${inScope_file:=}" +domain="${domain:=}" +multi="${multi:=}" +list="${list:=}" +opt_mode="${opt_mode:=}" +custom_function="${custom_function:=}" +AXIOM="${AXIOM:=false}" +CUSTOM_CONFIG="${CUSTOM_CONFIG:=}" + # This is the first thing to do to read in alternate config SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 || exit From c8b30e09f3d9aea70b4ffef4b92d8af926baa510 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 16:53:59 +0100 Subject: [PATCH 03/28] Add date into logs and notifications --- reconftw.sh | 393 +++++++++++++++++++++++++++------------------------- 1 file changed, 201 insertions(+), 192 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index 1daaeaec..bbfa7ee6 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -68,7 +68,7 @@ function check_version() { function tools_installed() { printf "\n\n${bgreen}#######################################################################${reset}\n" - printf "${bblue} Checking installed tools ${reset}\n\n" + printf "${bblue}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Checking installed tools ${reset}\n\n" allinstalled=true @@ -417,7 +417,7 @@ function tools_installed() { printf "\n${yellow} If nothing works and the world is gonna end you can always ping me :D ${reset}\n\n" fi - printf "${bblue} Tools check finished\n" + printf "${bblue}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Tools check finished\n" printf "${bgreen}#######################################################################\n${reset}" } @@ -437,9 +437,9 @@ function google_dorks() { end_func "Results are saved in $domain/osint/dorks.txt" "${FUNCNAME[0]}" else if [[ $GOOGLE_DORKS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} are already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} are already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -463,14 +463,14 @@ function github_dorks() { } fi else - printf "\n${bred} Required file ${GITHUB_TOKENS} not exists or empty${reset}\n" + printf "\n${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Required file ${GITHUB_TOKENS} not exists or empty${reset}\n" fi end_func "Results are saved in $domain/osint/gitdorks.txt" "${FUNCNAME[0]}" else if [[ $GITHUB_DORKS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -497,14 +497,14 @@ function github_repos() { cat .tmp/github/* 2>/dev/null | jq -c | jq -r >osint/github_company_secrets.json 2>>"$LOGFILE" fi else - printf "\n${bred} Required file ${GITHUB_TOKENS} not exists or empty${reset}\n" + printf "\n${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Required file ${GITHUB_TOKENS} not exists or empty${reset}\n" fi end_func "Results are saved in $domain/osint/github_company_secrets.json" ${FUNCNAME[0]} else if [[ $GITHUB_REPOS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -524,14 +524,14 @@ function metadata() { end_func "Results are saved in $domain/osint/[software/authors/metadata_results].txt" ${FUNCNAME[0]} else if [[ $METADATA == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $METADATA == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -562,14 +562,14 @@ function apileaks() { end_func "Results are saved in $domain/osint/[software/authors/metadata_results].txt" ${FUNCNAME[0]} else if [[ $API_LEAKS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $API_LEAKS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -604,14 +604,14 @@ function emails() { end_func "Results are saved in $domain/osint/emails|passwords.txt" ${FUNCNAME[0]} else if [[ $EMAILS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $EMAILS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -633,14 +633,14 @@ function domain_info() { end_func "Results are saved in $domain/osint/domain_info_[general/name/email/ip].txt" ${FUNCNAME[0]} else if [[ $DOMAIN_INFO == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $DOMAIN_INFO == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -658,18 +658,18 @@ function ip_info() { curl "https://ip-geolocation.whoisxmlapi.com/api/v1?apiKey=${WHOISXML_API}&ipAddress=${domain}" 2>/dev/null | jq -r '.ip,.location' 2>>"$LOGFILE" | anew -q osint/ip_${domain}_location.txt end_func "Results are saved in $domain/osint/ip_[domain_relations|whois|location].txt" ${FUNCNAME[0]} else - printf "\n${yellow} No WHOISXML_API var defined, skipping function ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] No WHOISXML_API var defined, skipping function ${reset}\n" fi else if [[ $IP_INFO == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $IP_INFO == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -686,8 +686,8 @@ function subdomains_full() { NUMOFLINES_subs="0" NUMOFLINES_probed="0" printf "${bgreen}#######################################################################\n\n" - ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]] && printf "${bblue} Subdomain Enumeration $domain\n\n" - [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]] && printf "${bblue} Scanning IP $domain\n\n" + ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]] && printf "${bblue}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Subdomain Enumeration $domain\n\n" + [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]] && printf "${bblue}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Scanning IP $domain\n\n" [ -s "subdomains/subdomains.txt" ] && cp subdomains/subdomains.txt .tmp/subdomains_old.txt [ -s "webs/webs.txt" ] && cp webs/webs.txt .tmp/probed_old.txt @@ -725,13 +725,13 @@ function subdomains_full() { [ -s "$outOfScope_file" ] && deleteOutScoped $outOfScope_file webs/webs.txt NUMOFLINES_probed=$(cat webs/webs.txt 2>>"$LOGFILE" | anew .tmp/probed_old.txt | sed '/^$/d' | wc -l) fi - printf "${bblue}\n Total subdomains: ${reset}\n\n" + printf "${bblue}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Total subdomains: ${reset}\n\n" notification "- ${NUMOFLINES_subs} alive" good [ -s "subdomains/subdomains.txt" ] && cat subdomains/subdomains.txt | sort notification "- ${NUMOFLINES_probed} new web probed" good [ -s "webs/webs.txt" ] && cat webs/webs.txt | sort notification "Subdomain Enumeration Finished" good - printf "${bblue} Results are saved in $domain/subdomains/subdomains.txt and webs/webs.txt${reset}\n" + printf "${bblue}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Results are saved in $domain/subdomains/subdomains.txt and webs/webs.txt${reset}\n" printf "${bgreen}#######################################################################\n\n" } @@ -767,9 +767,9 @@ function sub_passive() { end_subfunc "${NUMOFLINES} new subs (passive)" ${FUNCNAME[0]} else if [[ $SUBPASSIVE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -786,9 +786,9 @@ function sub_crt() { end_subfunc "${NUMOFLINES} new subs (cert transparency)" ${FUNCNAME[0]} else if [[ $SUBCRT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -818,7 +818,7 @@ function sub_active() { NUMOFLINES=$(cat .tmp/subdomains_tmp.txt 2>>"$LOGFILE" | grep "\.$domain$\|^$domain$" | grep -E '^((http|https):\/\/)?([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{1,}(\/.*)?$' | anew subdomains/subdomains.txt | sed '/^$/d' | wc -l) end_subfunc "${NUMOFLINES} subs DNS resolved from passive" ${FUNCNAME[0]} else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi } @@ -839,13 +839,13 @@ function sub_noerror() { NUMOFLINES=$(cat .tmp/subs_noerror.txt 2>>"$LOGFILE" | sed "s/*.//" | grep ".$domain$" | grep -E '^((http|https):\/\/)?([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{1,}(\/.*)?$' | anew subdomains/subdomains.txt | sed '/^$/d' | wc -l) end_subfunc "${NUMOFLINES} new subs (DNS noerror)" ${FUNCNAME[0]} else - printf "\n${yellow} Detected DNSSEC black lies, skipping this technique ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Detected DNSSEC black lies, skipping this technique ${reset}\n" fi else if [[ $SUBNOERROR == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -876,7 +876,7 @@ function sub_dns() { NUMOFLINES=$(cat .tmp/subdomains_dns_resolved.txt 2>>"$LOGFILE" | grep "\.$domain$\|^$domain$" | grep -E '^((http|https):\/\/)?([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{1,}(\/.*)?$' | anew subdomains/subdomains.txt | sed '/^$/d' | wc -l) end_subfunc "${NUMOFLINES} new subs (dns resolution)" ${FUNCNAME[0]} else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi } @@ -908,9 +908,9 @@ function sub_brute() { end_subfunc "${NUMOFLINES} new subs (bruteforce)" ${FUNCNAME[0]} else if [[ $SUBBRUTE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -968,9 +968,9 @@ function sub_scraping() { fi else if [[ $SUBSCRAPING == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -998,9 +998,9 @@ function sub_analytics() { end_subfunc "${NUMOFLINES} new subs (analytics relationship)" ${FUNCNAME[0]} else if [[ $SUBANALYTICS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1059,9 +1059,9 @@ function sub_permut() { end_subfunc "${NUMOFLINES} new subs (permutations)" ${FUNCNAME[0]} else if [[ $SUBPERMUTE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1101,9 +1101,9 @@ function sub_regex_permut() { end_subfunc "${NUMOFLINES} new subs (permutations by regex)" ${FUNCNAME[0]} else if [[ $SUBREGEXPERMUTE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1131,9 +1131,9 @@ function sub_recursive_passive() { end_subfunc "${NUMOFLINES} new subs (recursive)" ${FUNCNAME[0]} else if [[ $SUB_RECURSIVE_PASSIVE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1201,9 +1201,9 @@ function sub_recursive_brute() { end_subfunc "${NUMOFLINES} new subs (recursive active)" ${FUNCNAME[0]} else if [[ $SUB_RECURSIVE_BRUTE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1237,9 +1237,9 @@ function subtakeover() { end_func "Results are saved in $domain/webs/takeover.txt" ${FUNCNAME[0]} else if [[ $SUBTAKEOVER == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1257,14 +1257,14 @@ function zonetransfer() { end_func "Results are saved in $domain/subdomains/zonetransfer.txt" ${FUNCNAME[0]} else if [[ $ZONETRANSFER == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $ZONETRANSFER == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -1302,14 +1302,14 @@ function s3buckets() { end_func "Results are saved in subdomains/s3buckets.txt and subdomains/cloud_assets.txt" ${FUNCNAME[0]} else if [[ $S3BUCKETS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $S3BUCKETS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -1371,9 +1371,9 @@ function geo_info() { end_func "Results are saved in hosts/geoip.txt and hosts/geoip.json" ${FUNCNAME[0]} else if [[ $GEO_INFO == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1407,9 +1407,9 @@ function webprobe_simple() { fi else if [[ $WEBPROBESIMPLE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1452,9 +1452,9 @@ function webprobe_full() { fi else if [[ $WEBPROBEFULL == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1475,9 +1475,9 @@ function screenshot() { end_func "Results are saved in $domain/screenshots folder" ${FUNCNAME[0]} else if [[ $WEBSCREENSHOT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1502,9 +1502,9 @@ function virtualhosts() { fi else if [[ $VIRTUALHOSTS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1538,14 +1538,14 @@ function favicon() { end_func "Results are saved in hosts/favicontest.txt" ${FUNCNAME[0]} else if [[ $FAVICON == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $FAVICON == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -1566,9 +1566,9 @@ function portscan() { fi [ ! -s "hosts/cdn_providers.txt" ] && cat hosts/ips.txt 2>/dev/null | cdncheck -silent -resp -cdn -waf -nc 2>/dev/null >hosts/cdn_providers.txt [ -s "hosts/ips.txt" ] && comm -23 <(cat hosts/ips.txt | sort -u) <(cat hosts/cdn_providers.txt | cut -d'[' -f1 | sed 's/[[:space:]]*$//' | sort -u) | grep -aEiv "^(127|10|169\.154|172\.1[6789]|172\.2[0-9]|172\.3[01]|192\.168)\." | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | sort -u | anew -q .tmp/ips_nocdn.txt - printf "${bblue}\n Resolved IP addresses (No CDN) ${reset}\n\n" + printf "${bblue}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Resolved IP addresses (No CDN) ${reset}\n\n" [ -s ".tmp/ips_nocdn.txt" ] && cat .tmp/ips_nocdn.txt | sort - printf "${bblue}\n Scanning ports... ${reset}\n\n" + printf "${bblue}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Scanning ports... ${reset}\n\n" ips_file="${dir}/hosts/ips.txt" if [ "$PORTSCAN_PASSIVE" = true ]; then if [ ! -f $ips_file ]; then @@ -1610,9 +1610,9 @@ function portscan() { end_func "Results are saved in hosts/portscan_[passive|active|shodan].[txt|xml]" ${FUNCNAME[0]} else if [[ $PORTSCANNER == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1628,9 +1628,9 @@ function cdnprovider() { end_func "Results are saved in hosts/cdn_providers.txt" ${FUNCNAME[0]} else if [[ $CDN_IP == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1665,9 +1665,9 @@ function waf_checks() { fi else if [[ $WAF_DETECTION == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1685,7 +1685,7 @@ function nuclei_check() { if [[ $AXIOM != true ]]; then # avoid globbing (expansion of *). IFS=',' read -ra severity_array <<<"$NUCLEI_SEVERITY" for crit in "${severity_array[@]}"; do - printf "${yellow}\n Running : Nuclei $crit ${reset}\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Nuclei $crit ${reset}\n\n" cat .tmp/webs_subs.txt 2>/dev/null | nuclei $NUCLEI_FLAGS -severity $crit -nh -rl $NUCLEI_RATELIMIT -j -o nuclei_output/${crit}.json done printf "\n\n" @@ -1693,7 +1693,7 @@ function nuclei_check() { if [[ -s ".tmp/webs_subs.txt" ]]; then IFS=',' read -ra severity_array <<<"$NUCLEI_SEVERITY" for crit in "${severity_array[@]}"; do - printf "${yellow}\n Running : Nuclei $crit, check results on nuclei_output folder${reset}\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Nuclei $crit, check results on nuclei_output folder${reset}\n\n" axiom-scan .tmp/webs_subs.txt -m nuclei --nuclei-templates ${NUCLEI_TEMPLATES_PATH} -severity ${crit} -nh -rl $NUCLEI_RATELIMIT -j -o nuclei_output/${crit}.json $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null [ -s "nuclei_output/${crit}.json" ] && jq -r '.|[.info.severity,.host,.info.nameo,.url]|@csv' |tr -d '"' nuclei_output/${crit}.json done @@ -1703,9 +1703,9 @@ function nuclei_check() { end_func "Results are saved in $domain/nuclei_output folder" ${FUNCNAME[0]} else if [[ $NUCLEICHECK == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1743,9 +1743,9 @@ function fuzz() { fi else if [[ $FUZZ == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1769,9 +1769,9 @@ function iishortname() { fi else if [[ $IIS_SHORTNAME == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1813,9 +1813,9 @@ function cms_scanner() { fi else if [[ $CMS_SCANNER == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1893,9 +1893,9 @@ function urlchecks() { fi else if [[ $URL_CHECK == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1921,9 +1921,9 @@ function url_gf() { end_func "Results are saved in $domain/gf folder" ${FUNCNAME[0]} else if [[ $URL_GF == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1948,9 +1948,9 @@ function url_ext() { fi else if [[ $URL_EXT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1971,21 +1971,21 @@ function jschecks() { [ -s ".tmp/subjslinks.txt" ] && cat .tmp/subjslinks.txt | egrep -iv "\.(eot|jpg|jpeg|gif|css|tif|tiff|png|ttf|otf|woff|woff2|ico|pdf|svg|txt|js)" | anew -q js/nojs_links.txt [ -s ".tmp/subjslinks.txt" ] && cat .tmp/subjslinks.txt | grep -iE "\.js($|\?)" | anew -q .tmp/url_extract_js.txt cat .tmp/url_extract_js.txt | python3 ${tools}/urless/urless/urless.py | anew -q js/url_extract_js.txt 2>>"$LOGFILE" >/dev/null - printf "${yellow} Running : Resolving JS Urls 2/5${reset}\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Resolving JS Urls 2/5${reset}\n" if [[ $AXIOM != true ]]; then [ -s "js/url_extract_js.txt" ] && cat js/url_extract_js.txt | httpx -follow-redirects -random-agent -silent -timeout $HTTPX_TIMEOUT -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -status-code -content-type -retries 2 -no-color | grep "[200]" | grep "javascript" | cut -d ' ' -f1 | anew -q js/js_livelinks.txt else [ -s "js/url_extract_js.txt" ] && axiom-scan js/url_extract_js.txt -m httpx -follow-host-redirects -H \"${HEADER}\" -status-code -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -timeout $HTTPX_TIMEOUT -silent -content-type -retries 2 -no-color -o .tmp/js_livelinks.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null [ -s ".tmp/js_livelinks.txt" ] && cat .tmp/js_livelinks.txt | anew .tmp/web_full_info.txt | grep "[200]" | grep "javascript" | cut -d ' ' -f1 | anew -q js/js_livelinks.txt fi - printf "${yellow} Running : Gathering endpoints 3/5${reset}\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Gathering endpoints 3/5${reset}\n" [ -s "js/js_livelinks.txt" ] && python3 ${tools}/xnLinkFinder/xnLinkFinder.py -i js/js_livelinks.txt -sf subdomains/subdomains.txt -d $XNLINKFINDER_DEPTH -o .tmp/js_endpoints.txt 2>>"$LOGFILE" >/dev/null [ -s "parameters.txt" ] && rm -f parameters.txt 2>>"$LOGFILE" >/dev/null if [[ -s ".tmp/js_endpoints.txt" ]]; then sed -i '/^\//!d' .tmp/js_endpoints.txt cat .tmp/js_endpoints.txt | anew -q js/js_endpoints.txt fi - printf "${yellow} Running : Gathering secrets 4/5${reset}\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Gathering secrets 4/5${reset}\n" if [[ $AXIOM != true ]]; then [ -s "js/js_livelinks.txt" ] && cat js/js_livelinks.txt | mantra -ua ${HEADER} -s | anew -q js/js_secrets.txt @@ -1994,7 +1994,7 @@ function jschecks() { [ -s "js/js_secrets.txt" ] && trufflehog filesystem js/js_secrets.txt -j | jq -c | anew -q js/js_secrets_trufflehog.txt fi [ -s "js/js_secrets.txt" ] && sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2};?)?)?[mGK]//g" -i js/js_secrets.txt - printf "${yellow} Running : Building wordlist 5/5${reset}\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Building wordlist 5/5${reset}\n" [ -s "js/js_livelinks.txt" ] && interlace -tL js/js_livelinks.txt -threads ${INTERLACE_THREADS} -c "python3 ${tools}/getjswords.py '_target_' | anew -q webs/dict_words.txt" 2>>"$LOGFILE" >/dev/null end_func "Results are saved in $domain/js folder" ${FUNCNAME[0]} else @@ -2002,9 +2002,9 @@ function jschecks() { fi else if [[ $JSCHECKS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2029,9 +2029,9 @@ function wordlist_gen() { fi else if [[ $WORDLIST == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2049,9 +2049,9 @@ function wordlist_gen_roboxtractor() { end_func "Results are saved in $domain/webs/robots_wordlist.txt" ${FUNCNAME[0]} else if [[ $ROBOTSWORDLIST == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2067,9 +2067,9 @@ function password_dict() { end_func "Results are saved in $domain/webs/password_dict.txt" ${FUNCNAME[0]} else if [[ $PASSWORD_DICT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2110,9 +2110,9 @@ function brokenLinks() { end_func "Results are saved in vulns/brokenLinks.txt" ${FUNCNAME[0]} else if [[ $BROKENLINKS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2129,7 +2129,7 @@ function xss() { if [[ -n $XSS_SERVER ]]; then [ -s ".tmp/xss_reflected.txt" ] && cat .tmp/xss_reflected.txt | dalfox pipe --silence --no-color --no-spinner --only-poc r --ignore-return 302,404,403 --skip-bav -b ${XSS_SERVER} -w $DALFOX_THREADS 2>>"$LOGFILE" | anew -q vulns/xss.txt else - printf "${yellow}\n No XSS_SERVER defined, blind xss skipped\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] No XSS_SERVER defined, blind xss skipped\n\n" [ -s ".tmp/xss_reflected.txt" ] && cat .tmp/xss_reflected.txt | dalfox pipe --silence --no-color --no-spinner --only-poc r --ignore-return 302,404,403 --skip-bav -w $DALFOX_THREADS 2>>"$LOGFILE" | anew -q vulns/xss.txt fi else @@ -2137,11 +2137,11 @@ function xss() { if [[ -n $XSS_SERVER ]]; then cat .tmp/xss_reflected.txt | dalfox pipe --silence --no-color --no-spinner --skip-bav --skip-mining-dom --skip-mining-dict --only-poc r --ignore-return 302,404,403 -b ${XSS_SERVER} -w $DALFOX_THREADS 2>>"$LOGFILE" | anew -q vulns/xss.txt else - printf "${yellow}\n No XSS_SERVER defined, blind xss skipped\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] No XSS_SERVER defined, blind xss skipped\n\n" cat .tmp/xss_reflected.txt | dalfox pipe --silence --no-color --no-spinner --skip-bav --skip-mining-dom --skip-mining-dict --only-poc r --ignore-return 302,404,403 -w $DALFOX_THREADS 2>>"$LOGFILE" | anew -q vulns/xss.txt fi else - printf "${bred} Skipping XSS: Too many URLs to test, try with --deep flag${reset}\n" + printf "${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Skipping XSS: Too many URLs to test, try with --deep flag${reset}\n" fi fi else @@ -2149,7 +2149,7 @@ function xss() { if [[ -n $XSS_SERVER ]]; then [ -s ".tmp/xss_reflected.txt" ] && axiom-scan .tmp/xss_reflected.txt -m dalfox --skip-bav -b ${XSS_SERVER} -w $DALFOX_THREADS -o vulns/xss.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null else - printf "${yellow}\n No XSS_SERVER defined, blind xss skipped\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] No XSS_SERVER defined, blind xss skipped\n\n" [ -s ".tmp/xss_reflected.txt" ] && axiom-scan .tmp/xss_reflected.txt -m dalfox --skip-bav -w $DALFOX_THREADS -o vulns/xss.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null fi else @@ -2157,22 +2157,22 @@ function xss() { if [[ -n $XSS_SERVER ]]; then axiom-scan .tmp/xss_reflected.txt -m dalfox --skip-bav --skip-grepping --skip-mining-all --skip-mining-dict -b ${XSS_SERVER} -w $DALFOX_THREADS -o vulns/xss.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null else - printf "${yellow}\n No XSS_SERVER defined, blind xss skipped\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] No XSS_SERVER defined, blind xss skipped\n\n" axiom-scan .tmp/xss_reflected.txt -m dalfox --skip-bav --skip-grepping --skip-mining-all --skip-mining-dict -w $DALFOX_THREADS -o vulns/xss.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null fi else - printf "${bred} Skipping XSS: Too many URLs to test, try with --deep flag${reset}\n" + printf "${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Skipping XSS: Too many URLs to test, try with --deep flag${reset}\n" fi fi fi end_func "Results are saved in vulns/xss.txt" ${FUNCNAME[0]} else if [[ $XSS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/xss.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to XSS ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to XSS ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2188,9 +2188,9 @@ function cors() { end_func "Results are saved in vulns/cors.txt" ${FUNCNAME[0]} else if [[ $CORS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2212,11 +2212,11 @@ function open_redirect() { fi else if [[ $OPEN_REDIRECT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/redirect.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to Open Redirect ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to Open Redirect ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2253,11 +2253,11 @@ function ssrf_checks() { pkill -f interactsh-client & else if [[ $SSRF_CHECKS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/ssrf.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to SSRF ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to SSRF ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2277,9 +2277,9 @@ function crlf_checks() { fi else if [[ $CRLF_CHECKS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2301,11 +2301,11 @@ function lfi() { fi else if [[ $LFI == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/lfi.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to LFI ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to LFI ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2328,11 +2328,11 @@ function ssti() { fi else if [[ $SSTI == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/ssti.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to SSTI ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to SSTI ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2358,11 +2358,11 @@ function sqli() { fi else if [[ $SQLI == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/sqli.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to SQLi ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to SQLi ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2378,9 +2378,9 @@ function test_ssl() { end_func "Results are saved in vulns/testssl.txt" ${FUNCNAME[0]} else if [[ $TEST_SSL == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2403,9 +2403,9 @@ function spraying() { end_func "Results are saved in vulns/brutespray folder" ${FUNCNAME[0]} else if [[ $SPRAY == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2425,11 +2425,11 @@ function command_injection() { fi else if [[ $COMM_INJ == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/rce.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to Command Injection ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to Command Injection ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2458,9 +2458,9 @@ function 4xxbypass() { fi else if [[ $BYPASSER4XX == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2480,9 +2480,9 @@ function prototype_pollution() { fi else if [[ $PROTO_POLLUTION == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2510,9 +2510,9 @@ function smuggling() { fi else if [[ $SMUGGLING == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2540,9 +2540,9 @@ function webcache() { fi else if [[ $WEBCACHE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2569,9 +2569,9 @@ function fuzzparams() { fi else if [[ $FUZZPARAMS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2646,21 +2646,26 @@ function remove_big_files() { function notification() { if [[ -n $1 ]] && [[ -n $2 ]]; then + if [[ -z $3 ]]; then + current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') + else + current_date="$3" + fi case $2 in info) - text="\n${bblue} ${1} ${reset}" + text="\n${bblue}[$current_date] ${1} ${reset}" printf "${text}\n" && printf "${text} - ${domain}\n" | $NOTIFY ;; warn) - text="\n${yellow} ${1} ${reset}" + text="\n${yellow}[$current_date] ${1} ${reset}" printf "${text}\n" && printf "${text} - ${domain}\n" | $NOTIFY ;; error) - text="\n${bred} ${1} ${reset}" + text="\n${bred}[$current_date] ${1} ${reset}" printf "${text}\n" && printf "${text} - ${domain}\n" | $NOTIFY ;; good) - text="\n${bgreen} ${1} ${reset}" + text="\n${bgreen}[$current_date] ${1} ${reset}" printf "${text}\n" && printf "${text} - ${domain}\n" | $NOTIFY ;; esac @@ -2693,7 +2698,7 @@ function transfer { function sendToNotify { if [[ -z $1 ]]; then - printf "\n${yellow} no file provided to send ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] No file provided to send ${reset}\n" else if [[ -z $NOTIFY_CONFIG ]]; then NOTIFY_CONFIG=~/.config/notify/provider-config.yaml @@ -2704,27 +2709,28 @@ function sendToNotify { return 0 fi if grep -q '^ telegram\|^telegram\|^ telegram' $NOTIFY_CONFIG; then - notification "Sending ${domain} data over Telegram" info + notification "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Sending ${domain} data over Telegram" info telegram_chat_id=$(cat ${NOTIFY_CONFIG} | grep '^ telegram_chat_id\|^telegram_chat_id\|^ telegram_chat_id' | xargs | cut -d' ' -f2) telegram_key=$(cat ${NOTIFY_CONFIG} | grep '^ telegram_api_key\|^telegram_api_key\|^ telegram_apikey' | xargs | cut -d' ' -f2) curl -F document=@${1} "https://api.telegram.org/bot${telegram_key}/sendDocument?chat_id=${telegram_chat_id}" 2>>"$LOGFILE" >/dev/null fi if grep -q '^ discord\|^discord\|^ discord' $NOTIFY_CONFIG; then - notification "Sending ${domain} data over Discord" info + notification "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Sending ${domain} data over Discord" info discord_url=$(cat ${NOTIFY_CONFIG} | grep '^ discord_webhook_url\|^discord_webhook_url\|^ discord_webhook_url' | xargs | cut -d' ' -f2) curl -v -i -H "Accept: application/json" -H "Content-Type: multipart/form-data" -X POST -F file1=@${1} $discord_url 2>>"$LOGFILE" >/dev/null fi if [[ -n $slack_channel ]] && [[ -n $slack_auth ]]; then - notification "Sending ${domain} data over Slack" info + notification "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Sending ${domain} data over Slack" info curl -F file=@${1} -F "initial_comment=reconftw zip file" -F channels=${slack_channel} -H "Authorization: Bearer ${slack_auth}" https://slack.com/api/files.upload 2>>"$LOGFILE" >/dev/null fi fi } function start_func() { + current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') printf "${bgreen}#######################################################################" - notification "${2}" info - echo "[ $(date +"%F %T") ] Start function : ${1} " >>"${LOGFILE}" + notification "${2}" info $current_date + echo "[$current_date] Start function: ${1} " >>"${LOGFILE}" start=$(date +%s) } @@ -2732,15 +2738,17 @@ function end_func() { touch $called_fn_dir/.${2} end=$(date +%s) getElapsedTime $start $end - notification "${2} Finished in ${runtime}" info - echo "[ $(date +"%F %T") ] End function : ${2} " >>"${LOGFILE}" - printf "${bblue} ${1} ${reset}\n" + current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') + notification "${2} Finished in ${runtime}" info $current_date + echo "[$current_date] End function: ${2} " >>"${LOGFILE}" + printf "${bblue}[$current_date] ${1} ${reset}\n" printf "${bgreen}#######################################################################${reset}\n" } function start_subfunc() { - notification "${2}" warn - echo "[ $(date +"%F %T") ] Start subfunction : ${1} " >>"${LOGFILE}" + current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') + notification " ${2}" info $current_date + echo "[$current_date] Start subfunction: ${1} " >>"${LOGFILE}" start_sub=$(date +%s) } @@ -2748,8 +2756,9 @@ function end_subfunc() { touch $called_fn_dir/.${2} end_sub=$(date +%s) getElapsedTime $start_sub $end_sub - notification "${1} in ${runtime}" good - echo "[ $(date +"%F %T") ] End subfunction : ${1} " >>"${LOGFILE}" + current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') + notification " ${1} in ${runtime}" good $current_date + echo "[$current_date] End subfunction: ${1} " >>"${LOGFILE}" } function check_inscope() { @@ -2895,8 +2904,8 @@ function start() { fi printf "\n${bgreen}#######################################################################${reset}" - notification "Recon succesfully started on ${domain}" good - [ "$SOFT_NOTIFICATION" = true ] && echo "Recon succesfully started on ${domain}" | notify -silent + notification "Recon succesfully started on ${domain}" good $(date +'%Y-%m-%dT%H:%M:%S%z') + [ "$SOFT_NOTIFICATION" = true ] && echo "$(date +'%Y-%m-%dT%H:%M:%S%z') Recon succesfully started on ${domain}" | notify -silent printf "${bgreen}#######################################################################${reset}\n" if [[ $upgrade_before_running == true ]]; then ${SCRIPTPATH}/install.sh --tools @@ -2951,7 +2960,7 @@ function start() { echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" printf "\n" - printf "${bred} Target: ${domain}\n\n" + printf "${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Target: ${domain}\n\n" } function end() { @@ -2959,7 +2968,7 @@ function end() { find $dir -type f -empty -print | grep -v '.called_fn' | grep -v '.log' | grep -v '.tmp' | xargs rm -f 2>>"$LOGFILE" >/dev/null find $dir -type d -empty -print -delete 2>>"$LOGFILE" >/dev/null - echo "End $(date +"%F") $(date +"%T")" >>"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] End >>"${LOGFILE}" if [[ $PRESERVE != true ]]; then find $dir -type f -empty | grep -v "called_fn" | xargs rm -f 2>>"$LOGFILE" >/dev/null @@ -2987,11 +2996,11 @@ function end() { global_end=$(date +%s) getElapsedTime $global_start $global_end printf "${bgreen}#######################################################################${reset}\n" - notification "Finished Recon on: ${domain} under ${finaldir} in: ${runtime}" good - [ "$SOFT_NOTIFICATION" = true ] && echo "Finished Recon on: ${domain} under ${finaldir} in: ${runtime}" | notify -silent + notification "Finished Recon on: ${domain} under ${finaldir} in: ${runtime}" good $(date +'%Y-%m-%dT%H:%M:%S%z') + [ "$SOFT_NOTIFICATION" = true ] && echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Finished Recon on: ${domain} under ${finaldir} in: ${runtime}" | notify -silent printf "${bgreen}#######################################################################${reset}\n" - #Seperator for more clear messges in telegram_Bot - echo "****** Stay safe 🦠 and secure 🔐 ******" | $NOTIFY + #Separator for more clear messges in telegram_Bot + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] ****** Stay safe 🦠 and secure 🔐 ******" | $NOTIFY } @@ -3266,10 +3275,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished 1st loop in ${runtime} $currently ${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain finished 1st loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3304,10 +3313,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished 2nd loop in ${runtime} $currently ${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain finished 2nd loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3360,10 +3369,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished 3rd loop in ${runtime} $currently ${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain finished 3rd loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3390,10 +3399,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished final loop in ${runtime} $currently ${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain finished final loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3481,10 +3490,10 @@ function multi_custom() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished $custom_f in ${runtime} $currently ${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain finished $custom_f in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL (${func_count}/${LISTFUNCTOTAL})${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain is $POSINLIST of $LISTTOTAL (${func_count}/${LISTFUNCTOTAL})${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done From dff4ead6521a42946f6eca714bf4e1d2369b1e09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 16:57:00 +0100 Subject: [PATCH 04/28] Typo error --- reconftw.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reconftw.sh b/reconftw.sh index bbfa7ee6..f06f0671 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -2968,7 +2968,7 @@ function end() { find $dir -type f -empty -print | grep -v '.called_fn' | grep -v '.log' | grep -v '.tmp' | xargs rm -f 2>>"$LOGFILE" >/dev/null find $dir -type d -empty -print -delete 2>>"$LOGFILE" >/dev/null - echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] End >>"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] End" >>"${LOGFILE}" if [[ $PRESERVE != true ]]; then find $dir -type f -empty | grep -v "called_fn" | xargs rm -f 2>>"$LOGFILE" >/dev/null From b1e4ee7a00fa494a81ff97745ac9a9a418c70f40 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 17:00:41 +0100 Subject: [PATCH 05/28] Another typo error --- reconftw.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reconftw.sh b/reconftw.sh index f06f0671..fca892a9 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -470,7 +470,7 @@ function github_dorks() { if [[ $GITHUB_DORKS == false ]] || [[ $OSINT == false ]]; then printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi From 6e99a5821eb9e0ca2e8190ab8aecbc88e2d17e1f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 17:16:44 +0100 Subject: [PATCH 06/28] nuclei format json online --- reconftw.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index fca892a9..564fefd0 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -1686,7 +1686,7 @@ function nuclei_check() { IFS=',' read -ra severity_array <<<"$NUCLEI_SEVERITY" for crit in "${severity_array[@]}"; do printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Nuclei $crit ${reset}\n\n" - cat .tmp/webs_subs.txt 2>/dev/null | nuclei $NUCLEI_FLAGS -severity $crit -nh -rl $NUCLEI_RATELIMIT -j -o nuclei_output/${crit}.json + cat .tmp/webs_subs.txt 2>/dev/null | nuclei $NUCLEI_FLAGS -severity $crit -nh -rl $NUCLEI_RATELIMIT -jle nuclei_output/${crit}.json done printf "\n\n" else @@ -1694,7 +1694,7 @@ function nuclei_check() { IFS=',' read -ra severity_array <<<"$NUCLEI_SEVERITY" for crit in "${severity_array[@]}"; do printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Nuclei $crit, check results on nuclei_output folder${reset}\n\n" - axiom-scan .tmp/webs_subs.txt -m nuclei --nuclei-templates ${NUCLEI_TEMPLATES_PATH} -severity ${crit} -nh -rl $NUCLEI_RATELIMIT -j -o nuclei_output/${crit}.json $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null + axiom-scan .tmp/webs_subs.txt -m nuclei --nuclei-templates ${NUCLEI_TEMPLATES_PATH} -severity ${crit} -nh -rl $NUCLEI_RATELIMIT -jle nuclei_output/${crit}.json $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null [ -s "nuclei_output/${crit}.json" ] && jq -r '.|[.info.severity,.host,.info.nameo,.url]|@csv' |tr -d '"' nuclei_output/${crit}.json done printf "\n\n" From 91ad8b8cdf2e566bdc5c002d70565d15660cf006 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 17:34:52 +0100 Subject: [PATCH 07/28] Adjust axim functions when fleet is empty --- reconftw.sh | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index 564fefd0..d311f897 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -2833,13 +2833,13 @@ function ipcidr_target() { fi } -function axiom_lauch() { +function axiom_launch() { # let's fire up a FLEET! if [[ $AXIOM_FLEET_LAUNCH == true ]] && [[ -n $AXIOM_FLEET_NAME ]] && [[ -n $AXIOM_FLEET_COUNT ]]; then start_func ${FUNCNAME[0]} "Launching our Axiom fleet" #python3 -m pip install --upgrade linode-cli 2>>"$LOGFILE" >/dev/null # Check to see if we have a fleet already, if so, SKIP THIS! - NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME") + NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME" || true) if [[ $NUMOFNODES -ge $AXIOM_FLEET_COUNT ]]; then axiom-select "$AXIOM_FLEET_NAME*" end_func "Axiom fleet $AXIOM_FLEET_NAME already has $NUMOFNODES instances" @@ -2860,8 +2860,8 @@ function axiom_lauch() { eval "$AXIOM_POST_START" 2>>"$LOGFILE" >/dev/null fi - NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME") - echo "Axiom fleet $AXIOM_FLEET_NAME launched w/ $NUMOFNODES instances" | $NOTIFY + NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME" || true) + echo "[$(date +"%Y-%m-%dT%H:%M:%S%z")] Axiom fleet $AXIOM_FLEET_NAME launched w/ $NUMOFNODES instances" | $NOTIFY end_func "Axiom fleet $AXIOM_FLEET_NAME launched w/ $NUMOFNODES instances" fi fi @@ -2875,7 +2875,7 @@ function axiom_shutdown() { return fi eval axiom-rm -f "$AXIOM_FLEET_NAME*" - echo "Axiom fleet $AXIOM_FLEET_NAME shutdown" | $NOTIFY + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Axiom fleet $AXIOM_FLEET_NAME shutdown" | $NOTIFY notification "Axiom fleet $AXIOM_FLEET_NAME shutdown" info fi } @@ -3027,7 +3027,7 @@ function passive() { SUB_RECURSIVE_BRUTE=false WEBPROBESIMPLE=false if [[ $AXIOM == true ]]; then - axiom_lauch + axiom_launch axiom_selected fi @@ -3172,7 +3172,7 @@ function recon() { favicon if [[ $AXIOM == true ]]; then - axiom_lauch + axiom_launch axiom_selected fi @@ -3288,7 +3288,7 @@ function multi_recon() { } if [[ $AXIOM == true ]]; then - axiom_lauch + axiom_launch axiom_selected fi @@ -3454,7 +3454,7 @@ function multi_custom() { if [[ $AXIOM == true ]]; then - axiom_lauch + axiom_launch axiom_selected fi @@ -3510,7 +3510,7 @@ function subs_menu() { start if [[ $AXIOM == true ]]; then - axiom_lauch + axiom_launch axiom_selected fi From 7cddba27d47860c28a312844f45b66291845d806 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 17:44:30 +0100 Subject: [PATCH 08/28] Add AXIOM_POST_START inialization --- reconftw.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/reconftw.sh b/reconftw.sh index d311f897..9dbd3591 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -3747,6 +3747,7 @@ list="${list:=}" opt_mode="${opt_mode:=}" custom_function="${custom_function:=}" AXIOM="${AXIOM:=false}" +AXIOM_POST_START="${AXIOM_POST_START:=}" CUSTOM_CONFIG="${CUSTOM_CONFIG:=}" # This is the first thing to do to read in alternate config From 756c032e2f830036f703ec6327cd569226a18bb2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 17:49:53 +0100 Subject: [PATCH 09/28] add .called_fn dir --- reconftw.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/reconftw.sh b/reconftw.sh index 9dbd3591..d1032d11 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -3443,7 +3443,8 @@ function multi_custom() { exit 1 } - mkdir -p .log + mkdir -p {.called_fn,.log} + called_fn_dir=$dir/.called_fn NOW=$(date +"%F") NOWT=$(date +"%T") LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" From 13557333e4e1ae5568df17b0b0376a3bd160578c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 17:50:59 +0100 Subject: [PATCH 10/28] correct dir path --- reconftw.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reconftw.sh b/reconftw.sh index d1032d11..2077b349 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -3444,7 +3444,7 @@ function multi_custom() { } mkdir -p {.called_fn,.log} - called_fn_dir=$dir/.called_fn + called_fn_dir=$workdir/.called_fn NOW=$(date +"%F") NOWT=$(date +"%T") LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" From 075a551ab75039dc62d9f942a1050416d4e07f84 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 17:54:36 +0100 Subject: [PATCH 11/28] double error log --- reconftw.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index 2077b349..33a2d1ec 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -2862,7 +2862,7 @@ function axiom_launch() { NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME" || true) echo "[$(date +"%Y-%m-%dT%H:%M:%S%z")] Axiom fleet $AXIOM_FLEET_NAME launched w/ $NUMOFNODES instances" | $NOTIFY - end_func "Axiom fleet $AXIOM_FLEET_NAME launched w/ $NUMOFNODES instances" + end_func "Axiom fleet $AXIOM_FLEET_NAME launched w/ $NUMOFNODES instances" info fi fi } @@ -2883,12 +2883,12 @@ function axiom_shutdown() { function axiom_selected() { if [[ ! $(axiom-ls | tail -n +2 | sed '$ d' | wc -l) -gt 0 ]]; then - notification "\n\n${bred} No axiom instances running ${reset}\n\n" error + notification "No axiom instances running ${reset}\n\n" error exit fi if [[ ! $(cat ~/.axiom/selected.conf | sed '/^\s*$/d' | wc -l) -gt 0 ]]; then - notification "\n\n${bred} No axiom instances selected ${reset}\n\n" error + notification "No axiom instances selected ${reset}\n\n" error exit fi } @@ -2933,7 +2933,7 @@ function start() { fi if [[ -z $domain ]]; then - notification "\n\n${bred} No domain or list provided ${reset}\n\n" error + notification "${bred} No domain or list provided ${reset}\n\n" error exit fi From 245e124cdb5af2ce34a69e7ef546765ee44b9029 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 17:57:11 +0100 Subject: [PATCH 12/28] add info level log when axiom fleet is ready --- reconftw.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reconftw.sh b/reconftw.sh index 33a2d1ec..051c704e 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -2842,7 +2842,7 @@ function axiom_launch() { NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME" || true) if [[ $NUMOFNODES -ge $AXIOM_FLEET_COUNT ]]; then axiom-select "$AXIOM_FLEET_NAME*" - end_func "Axiom fleet $AXIOM_FLEET_NAME already has $NUMOFNODES instances" + end_func "Axiom fleet $AXIOM_FLEET_NAME already has $NUMOFNODES instances" info+ else if [[ $NUMOFNODES -eq 0 ]]; then startcount=$AXIOM_FLEET_COUNT From cd9ec5f6232f7dfcfde7ac5db8d8f26c8a583518 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 18:21:40 +0100 Subject: [PATCH 13/28] parallelize custom actions --- reconftw.sh | 62 +++++++++++++++++------------------------------------ 1 file changed, 20 insertions(+), 42 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index 051c704e..c2a2b854 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -2957,7 +2957,7 @@ function start() { NOWT=$(date +"%T") LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" printf "\n" printf "${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Target: ${domain}\n\n" @@ -3123,7 +3123,7 @@ function multi_osint() { NOWT=$(date +"%T") LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" for domain in $targets; do dir=$workdir/targets/$domain @@ -3138,7 +3138,7 @@ function multi_osint() { NOWT=$(date +"%T") LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" domain_info ip_info emails @@ -3240,7 +3240,7 @@ function multi_recon() { NOWT=$(date +"%T") LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" [ -n "$flist" ] && LISTTOTAL=$(cat "$flist" | wc -l) @@ -3258,7 +3258,7 @@ function multi_recon() { NOWT=$(date +"%T") LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" loopstart=$(date +%s) domain_info @@ -3449,10 +3449,9 @@ function multi_custom() { NOWT=$(date +"%T") LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" - - [ -n "$flist" ] && LISTTOTAL=$(cat "$flist" | wc -l) + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" + [ -n "$flist" ] && entries=$(cat "$flist" | wc -l) if [[ $AXIOM == true ]]; then axiom_launch @@ -3460,44 +3459,23 @@ function multi_custom() { fi custom_function_list=$(echo $custom_function|tr ',' '\n') + [ -n "$custom_function_list" ] && func_total=$(cat "$custom_function_list" | wc -l) + func_count=0 + domain=$(cat $flist) + for custom_f in $custom_function_list; do + ((func_count=func_count+1)) - [ -n "$custom_function_list" ] && LISTFUNCTOTAL=$(echo "$flist" | wc -l) - - for domain in $targets; do loopstart=$(date +%s) - dir=$workdir/targets/$domain - mkdir -p $dir || { - echo "Failed to create directory '$workdir' in ${FUNCNAME[0]} @ line ${LINENO}" - exit 1 - } + + $custom_f - cd "$dir" || { - echo "Failed to cd directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" - exit 1 - } - mkdir -p {.called_fn,.log} - called_fn_dir=$dir/.called_fn - - func_count=0 - for custom_f in $custom_function_list; do - ((func_count=func_count+1)) - - loopstart=$(date +%s) - - $custom_f - - currently=$(date +"%H:%M:%S") - loopend=$(date +%s) - getElapsedTime $loopstart $loopend - printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain finished $custom_f in ${runtime} $currently ${reset}\n" - if [[ -n $flist ]]; then - POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain is $POSINLIST of $LISTTOTAL (${func_count}/${LISTFUNCTOTAL})${reset}\n" - fi - printf "${bgreen}#######################################################################${reset}\n" - done + currently=$(date +"%H:%M:%S") + loopend=$(date +%s) + getElapsedTime $loopstart $loopend + printf "${bgreen}#######################################################################${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Finished $custom_f ($func_count/$func_total) for $entries entries in ${runtime} $currently ${reset}\n" + printf "${bgreen}#######################################################################${reset}\n" done if [[ $AXIOM == true ]]; then From 1c27654da60ac8eecf2b7096d2966ffed22eac9b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 18:23:25 +0100 Subject: [PATCH 14/28] correct custom function list --- reconftw.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reconftw.sh b/reconftw.sh index c2a2b854..e912905d 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -3459,7 +3459,7 @@ function multi_custom() { fi custom_function_list=$(echo $custom_function|tr ',' '\n') - [ -n "$custom_function_list" ] && func_total=$(cat "$custom_function_list" | wc -l) + func_total=$(echo "$custom_function_list" | wc -l) func_count=0 domain=$(cat $flist) From f037950944a5f2680828d3a57175aa5aeb48163e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 18:29:07 +0100 Subject: [PATCH 15/28] Correct dir path --- reconftw.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index e912905d..2e4137b3 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -1678,7 +1678,7 @@ function nuclei_check() { mkdir -p {.tmp,webs,subdomains,nuclei_output} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $NUCLEICHECK == true ]]; then start_func ${FUNCNAME[0]} "Templates based web scanner" - nuclei -update 2>>"$LOGFILE" >/dev/null + nuclei -update 2>>"$LOGFILE" >/dev/null+ [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" && touch webs/webs.txt webs/webs_uncommon_ports.txt [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt [ ! -s ".tmp/webs_subs.txt" ] && cat subdomains/subdomains.txt webs/webs_all.txt 2>>"$LOGFILE" | anew -q .tmp/webs_subs.txt @@ -3433,21 +3433,21 @@ function multi_custom() { exit fi - workdir=${SCRIPTPATH}/Recon/$multi - mkdir -p $workdir || { - echo "Failed to create directory '$workdir' in ${FUNCNAME[0]} @ line ${LINENO}" + dir=${SCRIPTPATH}/Recon/$multi + mkdir -p $dir || { + echo "Failed to create directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" exit 1 } - cd "$workdir" || { - echo "Failed to cd directory '$workdir' in ${FUNCNAME[0]} @ line ${LINENO}" + cd "$dir" || { + echo "Failed to cd directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" exit 1 } mkdir -p {.called_fn,.log} - called_fn_dir=$workdir/.called_fn + called_fn_dir=$dir/.called_fn NOW=$(date +"%F") NOWT=$(date +"%T") - LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" + LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" From 1d819ff1786a6e568e89f626015b8c21d3918eaf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 18:56:20 +0100 Subject: [PATCH 16/28] trap error --- reconftw.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/reconftw.sh b/reconftw.sh index 2e4137b3..df6c30dc 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -2874,7 +2874,8 @@ function axiom_shutdown() { notification "Automatic Axiom fleet shutdown is not enabled in this mode" info return fi - eval axiom-rm -f "$AXIOM_FLEET_NAME*" + eval axiom-rm -f "$AXIOM_FLEET_NAME*" || true + axiom-ls | grep "$AXIOM_FLEET_NAME" || true echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Axiom fleet $AXIOM_FLEET_NAME shutdown" | $NOTIFY notification "Axiom fleet $AXIOM_FLEET_NAME shutdown" info fi @@ -3434,6 +3435,7 @@ function multi_custom() { fi dir=${SCRIPTPATH}/Recon/$multi + rm -rf $dir mkdir -p $dir || { echo "Failed to create directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" exit 1 From ac83b3ae9572ffc8570026a2e968d2b5ba5a3410 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 19:33:03 +0100 Subject: [PATCH 17/28] Simplify notification --- reconftw.sh | 36 ++++++++---------------------------- 1 file changed, 8 insertions(+), 28 deletions(-) diff --git a/reconftw.sh b/reconftw.sh index df6c30dc..f3ecd9f8 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -2646,6 +2646,12 @@ function remove_big_files() { function notification() { if [[ -n $1 ]] && [[ -n $2 ]]; then + + if [[ $NOTIFICATION == true ]]; then + NOTIFY="notify -silent" + else + NOTIFY="true" + fi if [[ -z $3 ]]; then current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') else @@ -2861,8 +2867,7 @@ function axiom_launch() { fi NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME" || true) - echo "[$(date +"%Y-%m-%dT%H:%M:%S%z")] Axiom fleet $AXIOM_FLEET_NAME launched w/ $NUMOFNODES instances" | $NOTIFY - end_func "Axiom fleet $AXIOM_FLEET_NAME launched w/ $NUMOFNODES instances" info + end_func "Axiom fleet $AXIOM_FLEET_NAME launched $NUMOFNODES instances" info fi fi } @@ -2876,7 +2881,6 @@ function axiom_shutdown() { fi eval axiom-rm -f "$AXIOM_FLEET_NAME*" || true axiom-ls | grep "$AXIOM_FLEET_NAME" || true - echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Axiom fleet $AXIOM_FLEET_NAME shutdown" | $NOTIFY notification "Axiom fleet $AXIOM_FLEET_NAME shutdown" info fi } @@ -2898,12 +2902,6 @@ function start() { global_start=$(date +%s) - if [[ $NOTIFICATION == true ]]; then - NOTIFY="notify -silent" - else - NOTIFY="" - fi - printf "\n${bgreen}#######################################################################${reset}" notification "Recon succesfully started on ${domain}" good $(date +'%Y-%m-%dT%H:%M:%S%z') [ "$SOFT_NOTIFICATION" = true ] && echo "$(date +'%Y-%m-%dT%H:%M:%S%z') Recon succesfully started on ${domain}" | notify -silent @@ -3001,7 +2999,7 @@ function end() { [ "$SOFT_NOTIFICATION" = true ] && echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Finished Recon on: ${domain} under ${finaldir} in: ${runtime}" | notify -silent printf "${bgreen}#######################################################################${reset}\n" #Separator for more clear messges in telegram_Bot - echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] ****** Stay safe 🦠 and secure 🔐 ******" | $NOTIFY + notification echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] ****** Stay safe 🦠 and secure 🔐 ******" info } @@ -3093,12 +3091,6 @@ function multi_osint() { global_start=$(date +%s) - if [[ $NOTIFICATION == true ]]; then - NOTIFY="notify -silent" - else - NOTIFY="" - fi - #[[ -n "$domain" ]] && ipcidr_target $domain if [[ -s $list ]]; then @@ -3210,12 +3202,6 @@ function multi_recon() { global_start=$(date +%s) - if [[ $NOTIFICATION == true ]]; then - NOTIFY="notify -silent" - else - NOTIFY="" - fi - #[[ -n "$domain" ]] && ipcidr_target $domain if [[ -s $list ]]; then @@ -3420,12 +3406,6 @@ function multi_custom() { global_start=$(date +%s) - if [[ $NOTIFICATION == true ]]; then - NOTIFY="notify -silent" - else - NOTIFY="" - fi - if [[ -s $list ]]; then sed -i 's/\r$//' $list targets=$(cat $list) From d58b96dcfe128f8aa2717d67c4fc4c622b4f67fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 20:28:11 +0100 Subject: [PATCH 18/28] Correct ARG --- Docker/Dockerfile | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index a9c9faff..f635f624 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -10,8 +10,8 @@ ARG SHODAN_API_KEY="XXXXXXXXXXXXXX" ARG LANG=en_US.UTF-8 ARG LANGUAGE=en_US -ARG GIT_REPOSITORY_AXIOM -ARG GIT_REPOSITORY_RECONFTW +ARG GIT_REPOSITORY_AXIOM="https://github.com/pry0cc/axiom" +ARG GIT_REPOSITORY_RECONFTW="https://github.com/six2dez/reconftw" ################################################## ###> Do NOT change anything beyond this point <### @@ -33,6 +33,9 @@ ARG SHODAN_API_KEY ARG LANG ARG LANGUAGE +ARG GIT_REPOSITORY_AXIOM +ARG GIT_REPOSITORY_RECONFTW + ENV COLLAB_SERVER=$COLLAB_SERVER ENV XSS_SERVER=$XSS_SERVER ENV SHODAN_API_KEY=$SHODAN_API_KEY @@ -41,8 +44,8 @@ ENV LANG=$LANG ENV LANGUAGE=$LANGUAGE ENV LC_ALL=$LANG -ENV GIT_REPOSITORY_AXIOM=${GIT_REPOSITORY_AXIOM:-"https://github.com/pry0cc/axiom"} -ENV GIT_REPOSITORY_RECONFTW=${GIT_REPOSITORY_RECONFTW:-"https://github.com/six2dez/reconftw"} +ENV GIT_REPOSITORY_AXIOM=$GIT_REPOSITORY_AXIOM +ENV GIT_REPOSITORY_RECONFTW=$GIT_REPOSITORY_RECONFToW ENV DEBIAN_FRONTEND=noninteractive ENV DEBCONF_NONINTERACTIVE_SEEN=true @@ -86,7 +89,7 @@ localepurge ###>> Configure Axiom <<### mkdir -p /root/.axiom/ -git clone ${AXIOM_GIT_REPOSITORY} /root/.axiom/ +git clone ${GIT_REPOSITORY_AXIOM} /root/.axiom/ cd /root/.axiom/interact ./axiom-configure --unattended --shell Bash ## This avoids useless error messages later. From b5dae2baca6af1037da4fa15de36e789d7574c2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 20:38:10 +0100 Subject: [PATCH 19/28] var name error --- Docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index f635f624..9d00e3a3 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -45,7 +45,7 @@ ENV LANGUAGE=$LANGUAGE ENV LC_ALL=$LANG ENV GIT_REPOSITORY_AXIOM=$GIT_REPOSITORY_AXIOM -ENV GIT_REPOSITORY_RECONFTW=$GIT_REPOSITORY_RECONFToW +ENV GIT_REPOSITORY_RECONFTW=$GIT_REPOSITORY_RECONFT ENV DEBIAN_FRONTEND=noninteractive ENV DEBCONF_NONINTERACTIVE_SEEN=true From 3cafa8cc3b590ce8198c5f99cb4458f8951e7892 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Thu, 8 Feb 2024 20:38:37 +0100 Subject: [PATCH 20/28] another var name error --- Docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index 9d00e3a3..ee0b3d72 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -45,7 +45,7 @@ ENV LANGUAGE=$LANGUAGE ENV LC_ALL=$LANG ENV GIT_REPOSITORY_AXIOM=$GIT_REPOSITORY_AXIOM -ENV GIT_REPOSITORY_RECONFTW=$GIT_REPOSITORY_RECONFT +ENV GIT_REPOSITORY_RECONFTW=$GIT_REPOSITORY_RECONFTW ENV DEBIAN_FRONTEND=noninteractive ENV DEBCONF_NONINTERACTIVE_SEEN=true From f961b8bcbea64360c80db1c03d435f29010bf889 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Fri, 9 Feb 2024 10:31:21 +0100 Subject: [PATCH 21/28] Add axiom configure into Dockerfile --- Docker/Dockerfile | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index ee0b3d72..a7ce7709 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -124,6 +124,24 @@ COPY amass_config.ini /root/.config/amass/config.ini COPY github_tokens.txt /root/Tools/.github_tokens COPY notify.conf /root/.config/notify/notify.conf +###>> Configure Axiom Provider <<### +COPY axiom-config.ini /root/.axiom/configs/config.ini +COPY axiom-custom-provider.json /root/.axiom/accounts/personal.json + +RUN <> Regenerate SSH Keys <<### +# You REALLY do NOT want to use the default SSH keys in the base image +find /root/.ssh -type f -delete +ssh-keygen -b 2048 -t rsa -f /root/.ssh/axiom_rsa -q -N "" +cat /root/.ssh/axiom_rsa.pub > /root/.axiom/configs/authorized_keys +eot + +RUN axiom-account personal +RUN az group delete --name axiom --yes --no-wait + +# This command exits with return code 1, so leave the '|| :' or the build will fail. +RUN axiom-build reconftw || : + ## Issue 271 EXPOSE 85-90 From ac05f4f8556cc792bb6f79d2be1975b2709e0d61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Fri, 9 Feb 2024 17:33:18 +0100 Subject: [PATCH 22/28] Custm reconftw into dockerfile --- Docker/Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index a7ce7709..0fb6f079 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -125,9 +125,6 @@ COPY github_tokens.txt /root/Tools/.github_tokens COPY notify.conf /root/.config/notify/notify.conf ###>> Configure Axiom Provider <<### -COPY axiom-config.ini /root/.axiom/configs/config.ini -COPY axiom-custom-provider.json /root/.axiom/accounts/personal.json - RUN <> Regenerate SSH Keys <<### # You REALLY do NOT want to use the default SSH keys in the base image @@ -139,6 +136,9 @@ eot RUN axiom-account personal RUN az group delete --name axiom --yes --no-wait +COPY axiom-config.ini /root/.axiom/configs/config.ini +COPY axiom-custom-provider.json /root/.axiom/accounts/personal.json + # This command exits with return code 1, so leave the '|| :' or the build will fail. RUN axiom-build reconftw || : From 4b85d75904143c05b9da8bcb980b9b7020fbde45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Sun, 11 Feb 2024 14:40:38 +0100 Subject: [PATCH 23/28] Add wapiti scanner --- install.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/install.sh b/install.sh index 8cc5a869..78ad4bcd 100755 --- a/install.sh +++ b/install.sh @@ -107,6 +107,7 @@ repos["trufflehog"]="trufflesecurity/trufflehog" repos["dontgo403"]="devploit/dontgo403" repos["SwaggerSpy"]="UndeadSec/SwaggerSpy" repos["LeakSearch"]="JoelGMSec/LeakSearch" +repos["Wapiti"]="wapiti-scanner/wapiti" function banner() { tput clear @@ -215,6 +216,9 @@ function install_tools() { fi if [[ "dontgo403" == "$repo" ]]; then eval go get $DEBUG_STD && eval go build $DEBUG_STD && eval chmod +x ./dontgo403 $DEBUG_STD + fi + if [[ "wapiti" == "$repo" ]]; then + eval make install $DEBUG_STD fi fi if [[ "gf" == "$repo" ]]; then @@ -230,18 +234,18 @@ function install_tools() { if [[ "True" == "$IS_ARM" ]]; then if [[ "True" == "$RPI_3" ]]; then - install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz" "ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz" + install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.2/ppfuzz-v1.0.2-armv7-unknown-linux-gnueabihf.tar.gz" "ppfuzz-v1.0.2-armv7-unknown-linux-gnueabihf.tar.gz" elif [[ "True" == "$RPI_4" ]]; then - install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-aarch64-unknown-linux-gnueabihf.tar.gz" "ppfuzz-v1.0.1-aarch64-unknown-linux-gnueabihf.tar.gz" + install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.2/ppfuzz-v1.0.2-aarch64-unknown-linux-gnueabihf.tar.gz" "ppfuzz-v1.0.2-aarch64-unknown-linux-gnueabihf.tar.gz" fi elif [[ "True" == "$IS_MAC" ]]; then if [[ "True" == "$IS_ARM" ]]; then - install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz" "ppfuzz-v1.0.1-armv7-unknown-linux-gnueabihf.tar.gz" + install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.2/ppfuzz-v1.0.2-armv7-unknown-linux-gnueabihf.tar.gz" "ppfuzz-v1.0.2-armv7-unknown-linux-gnueabihf.tar.gz" else - install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz" "ppfuzz-v1.0.1-x86_64-apple-darwin.tar.gz" + install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.2/ppfuzz-v1.0.2-x86_64-apple-darwin.tar.gz" "ppfuzz-v1.0.2-x86_64-apple-darwin.tar.gz" fi else - install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.1/ppfuzz-v1.0.1-x86_64-unknown-linux-musl.tar.gz" "ppfuzz-v1.0.1-x86_64-unknown-linux-musl.tar.gz" + install_ppfuzz "https://github.com/dwisiswant0/ppfuzz/releases/download/v1.0.2/ppfuzz-v1.0.2-x86_64-unknown-linux-musl.tar.gz" "ppfuzz-v1.0.2-x86_64-unknown-linux-musl.tar.gz" fi eval $SUDO chmod 755 /usr/local/bin/ppfuzz eval $SUDO strip -s /usr/local/bin/ppfuzz $DEBUG_STD From b428a4f32c0c134cd225b7f2c239c456d4ecaedf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Sun, 11 Feb 2024 14:53:45 +0100 Subject: [PATCH 24/28] Add axiom account profile before configuration --- Docker/Dockerfile | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index 0fb6f079..a66b92a0 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -133,11 +133,10 @@ ssh-keygen -b 2048 -t rsa -f /root/.ssh/axiom_rsa -q -N "" cat /root/.ssh/axiom_rsa.pub > /root/.axiom/configs/authorized_keys eot -RUN axiom-account personal -RUN az group delete --name axiom --yes --no-wait - COPY axiom-config.ini /root/.axiom/configs/config.ini COPY axiom-custom-provider.json /root/.axiom/accounts/personal.json +RUN axiom-account personal +RUN az group delete --name axiom --yes --no-wait # This command exits with return code 1, so leave the '|| :' or the build will fail. RUN axiom-build reconftw || : From 9754488828c35ffbb86387d0254ae084b58184cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Sun, 11 Feb 2024 15:16:46 +0100 Subject: [PATCH 25/28] Double add config --- Docker/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index a66b92a0..8fc008de 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -139,6 +139,7 @@ RUN axiom-account personal RUN az group delete --name axiom --yes --no-wait # This command exits with return code 1, so leave the '|| :' or the build will fail. +COPY axiom-custom-provider.json /root/.axiom/accounts/personal.json RUN axiom-build reconftw || : ## Issue 271 From 33067b8c3118ccb97d5f24f190f208ecde4b9de8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20GAUTRIAS?= Date: Mon, 12 Feb 2024 11:57:04 +0100 Subject: [PATCH 26/28] Add vim, jq, nmon and htop --- Docker/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Docker/Dockerfile b/Docker/Dockerfile index 8fc008de..d89def37 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -73,7 +73,7 @@ echo "deb-src http://kali.download/kali kali-rolling main contrib non-free" >> / apt clean all apt update apt full-upgrade -f -y --allow-downgrades -apt install -y --no-install-recommends apt-utils ca-certificates curl git lsb-release nano wget +apt install -y --no-install-recommends apt-utils ca-certificates curl git lsb-release nano wget vim jq htop nmon ###>> Congifure Locales <<### apt install -y --no-install-recommends locales From f609793545c952098a8f7e39d4689aed4195ecc2 Mon Sep 17 00:00:00 2001 From: six2dez Date: Sat, 2 Mar 2024 21:08:00 +0100 Subject: [PATCH 27/28] Merge branch 'main' of https://github.com/tdf-discipline-cybersecurity/reconftw into tdf-discipline-cybersecurity-main --- .gitignore | 1 + Docker/Dockerfile | 33 ++- install.sh | 4 + reconftw.cfg | 4 +- reconftw.sh | 682 ++++++++++++++++++++++++++++------------------ 5 files changed, 457 insertions(+), 267 deletions(-) diff --git a/.gitignore b/.gitignore index 801b55e2..28f04e81 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ test/ *.tar *.tar.* *.zip +.DS_Store diff --git a/Docker/Dockerfile b/Docker/Dockerfile index ebb0d53e..d89def37 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -10,6 +10,9 @@ ARG SHODAN_API_KEY="XXXXXXXXXXXXXX" ARG LANG=en_US.UTF-8 ARG LANGUAGE=en_US +ARG GIT_REPOSITORY_AXIOM="https://github.com/pry0cc/axiom" +ARG GIT_REPOSITORY_RECONFTW="https://github.com/six2dez/reconftw" + ################################################## ###> Do NOT change anything beyond this point <### ################################################## @@ -30,6 +33,9 @@ ARG SHODAN_API_KEY ARG LANG ARG LANGUAGE +ARG GIT_REPOSITORY_AXIOM +ARG GIT_REPOSITORY_RECONFTW + ENV COLLAB_SERVER=$COLLAB_SERVER ENV XSS_SERVER=$XSS_SERVER ENV SHODAN_API_KEY=$SHODAN_API_KEY @@ -38,6 +44,9 @@ ENV LANG=$LANG ENV LANGUAGE=$LANGUAGE ENV LC_ALL=$LANG +ENV GIT_REPOSITORY_AXIOM=$GIT_REPOSITORY_AXIOM +ENV GIT_REPOSITORY_RECONFTW=$GIT_REPOSITORY_RECONFTW + ENV DEBIAN_FRONTEND=noninteractive ENV DEBCONF_NONINTERACTIVE_SEEN=true @@ -64,7 +73,7 @@ echo "deb-src http://kali.download/kali kali-rolling main contrib non-free" >> / apt clean all apt update apt full-upgrade -f -y --allow-downgrades -apt install -y --no-install-recommends apt-utils ca-certificates curl git lsb-release nano wget +apt install -y --no-install-recommends apt-utils ca-certificates curl git lsb-release nano wget vim jq htop nmon ###>> Congifure Locales <<### apt install -y --no-install-recommends locales @@ -80,7 +89,7 @@ localepurge ###>> Configure Axiom <<### mkdir -p /root/.axiom/ -git clone https://github.com/pry0cc/axiom /root/.axiom/ +git clone ${GIT_REPOSITORY_AXIOM} /root/.axiom/ cd /root/.axiom/interact ./axiom-configure --unattended --shell Bash ## This avoids useless error messages later. @@ -90,7 +99,7 @@ touch /root/.axiom/interact/includes/functions.sh ###>> Install reconFTW <<### mkdir -p /root/Tools mkdir -p /reconftw -git clone https://github.com/six2dez/reconftw.git /reconftw +git clone ${GIT_REPOSITORY_RECONFTW} /reconftw cd /reconftw sh -c 'echo 1 | ./install.sh' @@ -115,6 +124,24 @@ COPY amass_config.ini /root/.config/amass/config.ini COPY github_tokens.txt /root/Tools/.github_tokens COPY notify.conf /root/.config/notify/notify.conf +###>> Configure Axiom Provider <<### +RUN <> Regenerate SSH Keys <<### +# You REALLY do NOT want to use the default SSH keys in the base image +find /root/.ssh -type f -delete +ssh-keygen -b 2048 -t rsa -f /root/.ssh/axiom_rsa -q -N "" +cat /root/.ssh/axiom_rsa.pub > /root/.axiom/configs/authorized_keys +eot + +COPY axiom-config.ini /root/.axiom/configs/config.ini +COPY axiom-custom-provider.json /root/.axiom/accounts/personal.json +RUN axiom-account personal +RUN az group delete --name axiom --yes --no-wait + +# This command exits with return code 1, so leave the '|| :' or the build will fail. +COPY axiom-custom-provider.json /root/.axiom/accounts/personal.json +RUN axiom-build reconftw || : + ## Issue 271 EXPOSE 85-90 diff --git a/install.sh b/install.sh index 49b608a4..93e1f3f1 100755 --- a/install.sh +++ b/install.sh @@ -108,6 +108,7 @@ repos["trufflehog"]="trufflesecurity/trufflehog" repos["nomore403"]="devploit/nomore403" repos["SwaggerSpy"]="UndeadSec/SwaggerSpy" repos["LeakSearch"]="JoelGMSec/LeakSearch" +repos["Wapiti"]="wapiti-scanner/wapiti" function banner() { tput clear @@ -211,6 +212,9 @@ function install_tools() { if [[ "brutespray" == "$repo" ]]; then eval go build -o brutespray main.go $DEBUG_STD && eval chmod +x ./brutespray $DEBUG_STD fi + if [[ "wapiti" == "$repo" ]]; then + eval make install $DEBUG_STD + fi fi if [[ "gf" == "$repo" ]]; then eval cp -r examples ~/.gf $DEBUG_ERROR diff --git a/reconftw.cfg b/reconftw.cfg index 99c5e544..306fcbd0 100644 --- a/reconftw.cfg +++ b/reconftw.cfg @@ -1,6 +1,6 @@ -################################################################# +############################################# # reconFTW config file # -################################################################# +############################################# # General values tools=~/Tools # Path installed tools diff --git a/reconftw.sh b/reconftw.sh index f1d1dcbb..82168e3a 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -12,6 +12,19 @@ # ░ ░ ░░ ░ ░ ░ ░ ░ # + +# Error Management +set -eEuo pipefail +function failure() { + local lineno=$1 + local msg=$2 + shift 2 + local func=$(echo "${@}"|tr ' ' '|') + echo "##### ERROR [$lineno][$func] $msg #####" +} +trap 'failure ${LINENO} "$BASH_COMMAND" ${FUNCNAME[@]}' ERR + + function banner_graber() { source "${SCRIPTPATH}"/banners.txt randx=$(shuf -i 1-23 -n 1) @@ -55,7 +68,7 @@ function check_version() { function tools_installed() { printf "\n\n${bgreen}#######################################################################${reset}\n" - printf "${bblue} Checking installed tools ${reset}\n\n" + printf "${bblue}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Checking installed tools ${reset}\n\n" allinstalled=true @@ -404,7 +417,7 @@ function tools_installed() { printf "\n${yellow} If nothing works and the world is gonna end you can always ping me :D ${reset}\n\n" fi - printf "${bblue} Tools check finished\n" + printf "${bblue}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Tools check finished\n" printf "${bgreen}#######################################################################\n${reset}" } @@ -414,7 +427,9 @@ function tools_installed() { function google_dorks() { + mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $GOOGLE_DORKS == true ]] && [[ $OSINT == true ]]; then + start_func "${FUNCNAME[0]}" "Google Dorks in process" python3 ${tools}/dorks_hunter/dorks_hunter.py -d "$domain" -o osint/dorks.txt || { echo "dorks_hunter command failed" exit 1 @@ -422,9 +437,9 @@ function google_dorks() { end_func "Results are saved in $domain/osint/dorks.txt" "${FUNCNAME[0]}" else if [[ $GOOGLE_DORKS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} are already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} are already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -432,6 +447,7 @@ function google_dorks() { function github_dorks() { + mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $GITHUB_DORKS == true ]] && [[ $OSINT == true ]]; then start_func "${FUNCNAME[0]}" "Github Dorks in process" if [[ -s ${GITHUB_TOKENS} ]]; then @@ -447,14 +463,14 @@ function github_dorks() { } fi else - printf "\n${bred} Required file ${GITHUB_TOKENS} not exists or empty${reset}\n" + printf "\n${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Required file ${GITHUB_TOKENS} not exists or empty${reset}\n" fi end_func "Results are saved in $domain/osint/gitdorks.txt" "${FUNCNAME[0]}" else if [[ $GITHUB_DORKS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -462,6 +478,7 @@ function github_dorks() { function github_repos() { + mkdir -p .tmp if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $GITHUB_REPOS == true ]] && [[ $OSINT == true ]]; then start_func "${FUNCNAME[0]}" "Github Repos analysis in process" @@ -480,14 +497,14 @@ function github_repos() { cat .tmp/github/* 2>/dev/null | jq -c | jq -r >osint/github_company_secrets.json 2>>"$LOGFILE" fi else - printf "\n${bred} Required file ${GITHUB_TOKENS} not exists or empty${reset}\n" + printf "\n${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Required file ${GITHUB_TOKENS} not exists or empty${reset}\n" fi end_func "Results are saved in $domain/osint/github_company_secrets.json" ${FUNCNAME[0]} else if [[ $GITHUB_REPOS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -495,6 +512,7 @@ function github_repos() { function metadata() { + mkdir -p osint if { [[ ! -f "${called_fn_dir}/.${FUNCNAME[0]}" ]] || [[ ${DIFF} == true ]]; } && [[ ${METADATA} == true ]] && [[ ${OSINT} == true ]] && ! [[ ${domain} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Scanning metadata in public files" metafinder -d "$domain" -l $METAFINDER_LIMIT -o osint -go -bi -ba &>>"$LOGFILE" || { @@ -506,14 +524,14 @@ function metadata() { end_func "Results are saved in $domain/osint/[software/authors/metadata_results].txt" ${FUNCNAME[0]} else if [[ $METADATA == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $METADATA == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -522,6 +540,7 @@ function metadata() { function apileaks() { + mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $API_LEAKS == true ]] && [[ $OSINT == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Scanning for leaks in APIs public directories" @@ -543,14 +562,14 @@ function apileaks() { end_func "Results are saved in $domain/osint/[software/authors/metadata_results].txt" ${FUNCNAME[0]} else if [[ $API_LEAKS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $API_LEAKS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -559,6 +578,7 @@ function apileaks() { function emails() { + mkdir -p {.tmp,osint} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $EMAILS == true ]] && [[ $OSINT == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Searching emails/users/passwords leaks" emailfinder -d $domain 2>>"$LOGFILE" | anew -q .tmp/emailfinder.txt || { @@ -584,14 +604,14 @@ function emails() { end_func "Results are saved in $domain/osint/emails|passwords.txt" ${FUNCNAME[0]} else if [[ $EMAILS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $EMAILS == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -600,6 +620,7 @@ function emails() { function domain_info() { + mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $DOMAIN_INFO == true ]] && [[ $OSINT == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Searching domain info (whois, registrant name/email domains)" whois -H $domain >osint/domain_info_general.txt || { echo "whois command failed"; } @@ -612,14 +633,14 @@ function domain_info() { end_func "Results are saved in $domain/osint/domain_info_[general/name/email/ip].txt" ${FUNCNAME[0]} else if [[ $DOMAIN_INFO == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $DOMAIN_INFO == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -628,6 +649,7 @@ function domain_info() { function ip_info() { + mkdir -p osint if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $IP_INFO == true ]] && [[ $OSINT == true ]] && [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Searching ip info" if [[ -n $WHOISXML_API ]]; then @@ -636,18 +658,18 @@ function ip_info() { curl "https://ip-geolocation.whoisxmlapi.com/api/v1?apiKey=${WHOISXML_API}&ipAddress=${domain}" 2>/dev/null | jq -r '.ip,.location' 2>>"$LOGFILE" | anew -q osint/ip_${domain}_location.txt end_func "Results are saved in $domain/osint/ip_[domain_relations|whois|location].txt" ${FUNCNAME[0]} else - printf "\n${yellow} No WHOISXML_API var defined, skipping function ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] No WHOISXML_API var defined, skipping function ${reset}\n" fi else if [[ $IP_INFO == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $IP_INFO == false ]] || [[ $OSINT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -659,11 +681,13 @@ function ip_info() { ############################################################################################################### function subdomains_full() { + + mkdir -p {.tmp,webs,subdomains} NUMOFLINES_subs="0" NUMOFLINES_probed="0" printf "${bgreen}#######################################################################\n\n" - ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]] && printf "${bblue} Subdomain Enumeration $domain\n\n" - [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]] && printf "${bblue} Scanning IP $domain\n\n" + ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]] && printf "${bblue}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Subdomain Enumeration $domain\n\n" + [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]] && printf "${bblue}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Scanning IP $domain\n\n" [ -s "subdomains/subdomains.txt" ] && cp subdomains/subdomains.txt .tmp/subdomains_old.txt [ -s "webs/webs.txt" ] && cp webs/webs.txt .tmp/probed_old.txt @@ -701,18 +725,19 @@ function subdomains_full() { [ -s "$outOfScope_file" ] && deleteOutScoped $outOfScope_file webs/webs.txt NUMOFLINES_probed=$(cat webs/webs.txt 2>>"$LOGFILE" | anew .tmp/probed_old.txt | sed '/^$/d' | wc -l) fi - printf "${bblue}\n Total subdomains: ${reset}\n\n" + printf "${bblue}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Total subdomains: ${reset}\n\n" notification "- ${NUMOFLINES_subs} alive" good [ -s "subdomains/subdomains.txt" ] && cat subdomains/subdomains.txt | sort notification "- ${NUMOFLINES_probed} new web probed" good [ -s "webs/webs.txt" ] && cat webs/webs.txt | sort notification "Subdomain Enumeration Finished" good - printf "${bblue} Results are saved in $domain/subdomains/subdomains.txt and webs/webs.txt${reset}\n" + printf "${bblue}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Results are saved in $domain/subdomains/subdomains.txt and webs/webs.txt${reset}\n" printf "${bgreen}#######################################################################\n\n" } function sub_passive() { + mkdir -p .tmp if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBPASSIVE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Passive Subdomain Enumeration" @@ -742,9 +767,9 @@ function sub_passive() { end_subfunc "${NUMOFLINES} new subs (passive)" ${FUNCNAME[0]} else if [[ $SUBPASSIVE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -752,6 +777,7 @@ function sub_passive() { function sub_crt() { + if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBCRT == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Crtsh Subdomain Enumeration" crt -s -json -l ${CTR_LIMIT} $domain 2>>"$LOGFILE" | jq -r '.[].subdomain' 2>>"$LOGFILE" | sed -e 's/^\*\.//' | anew -q .tmp/crtsh_subs_tmp.txt 2>>"$LOGFILE" >/dev/null @@ -760,9 +786,9 @@ function sub_crt() { end_subfunc "${NUMOFLINES} new subs (cert transparency)" ${FUNCNAME[0]} else if [[ $SUBCRT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -770,6 +796,7 @@ function sub_crt() { function sub_active() { + mkdir -p {.tmp,subdomains} if [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Active Subdomain Enumeration" find .tmp -type f -iname "*_subs.txt" -exec cat {} + | anew -q .tmp/subs_no_resolved.txt @@ -791,13 +818,14 @@ function sub_active() { NUMOFLINES=$(cat .tmp/subdomains_tmp.txt 2>>"$LOGFILE" | grep "\.$domain$\|^$domain$" | grep -E '^((http|https):\/\/)?([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{1,}(\/.*)?$' | anew subdomains/subdomains.txt | sed '/^$/d' | wc -l) end_subfunc "${NUMOFLINES} subs DNS resolved from passive" ${FUNCNAME[0]} else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi } function sub_noerror() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBNOERROR == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Checking NOERROR DNS response" if [[ $(echo "${RANDOM}thistotallynotexist${RANDOM}.$domain" | dnsx -r $resolvers -rcode noerror,nxdomain -retry 3 -silent | cut -d' ' -f2) == "[NXDOMAIN]" ]]; then @@ -811,13 +839,13 @@ function sub_noerror() { NUMOFLINES=$(cat .tmp/subs_noerror.txt 2>>"$LOGFILE" | sed "s/*.//" | grep ".$domain$" | grep -E '^((http|https):\/\/)?([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{1,}(\/.*)?$' | anew subdomains/subdomains.txt | sed '/^$/d' | wc -l) end_subfunc "${NUMOFLINES} new subs (DNS noerror)" ${FUNCNAME[0]} else - printf "\n${yellow} Detected DNSSEC black lies, skipping this technique ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Detected DNSSEC black lies, skipping this technique ${reset}\n" fi else if [[ $SUBNOERROR == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -825,6 +853,7 @@ function sub_noerror() { function sub_dns() { + mkdir -p {.tmp,subdomains} if [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : DNS Subdomain Enumeration and PTR search" if [[ $AXIOM != true ]]; then @@ -847,13 +876,14 @@ function sub_dns() { NUMOFLINES=$(cat .tmp/subdomains_dns_resolved.txt 2>>"$LOGFILE" | grep "\.$domain$\|^$domain$" | grep -E '^((http|https):\/\/)?([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{1,}(\/.*)?$' | anew subdomains/subdomains.txt | sed '/^$/d' | wc -l) end_subfunc "${NUMOFLINES} new subs (dns resolution)" ${FUNCNAME[0]} else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi } function sub_brute() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBBRUTE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Bruteforce Subdomain Enumeration" if [[ $AXIOM != true ]]; then @@ -878,9 +908,9 @@ function sub_brute() { end_subfunc "${NUMOFLINES} new subs (bruteforce)" ${FUNCNAME[0]} else if [[ $SUBBRUTE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -888,9 +918,11 @@ function sub_brute() { function sub_scraping() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBSCRAPING == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Source code scraping subdomain search" touch .tmp/scrap_subs.txt + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" if [[ -s "$dir/subdomains/subdomains.txt" ]]; then if [[ $(cat subdomains/subdomains.txt | wc -l) -le $DEEP_LIMIT ]] || [[ $DEEP == true ]]; then if [[ $AXIOM != true ]]; then @@ -936,9 +968,9 @@ function sub_scraping() { fi else if [[ $SUBSCRAPING == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -946,10 +978,10 @@ function sub_scraping() { function sub_analytics() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBANALYTICS == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Analytics Subdomain Enumeration" if [[ -s ".tmp/probed_tmp_scrap.txt" ]]; then - mkdir -p .tmp/output_analytics/ analyticsrelationships -ch <.tmp/probed_tmp_scrap.txt >>.tmp/analytics_subs_tmp.txt 2>>"$LOGFILE" [ -s ".tmp/analytics_subs_tmp.txt" ] && cat .tmp/analytics_subs_tmp.txt | grep "\.$domain$\|^$domain$" | grep -E '^((http|https):\/\/)?([a-zA-Z0-9]([a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{1,}(\/.*)?$' | sed "s/|__ //" | anew -q .tmp/analytics_subs_clean.txt @@ -966,9 +998,9 @@ function sub_analytics() { end_subfunc "${NUMOFLINES} new subs (analytics relationship)" ${FUNCNAME[0]} else if [[ $SUBANALYTICS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -976,8 +1008,10 @@ function sub_analytics() { function sub_permut() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBPERMUTE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Permutations Subdomain Enumeration" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" if [[ $DEEP == true ]] || [[ "$(cat subdomains/subdomains.txt | wc -l)" -le $DEEP_LIMIT ]]; then if [[ $PERMUTATIONS_OPTION == "gotator" ]]; then [ -s "subdomains/subdomains.txt" ] && gotator -sub subdomains/subdomains.txt -perm ${tools}/permutations_list.txt $GOTATOR_FLAGS -silent 2>>"$LOGFILE" | head -c $PERMUTATIONS_LIMIT >.tmp/gotator1.txt @@ -1025,9 +1059,9 @@ function sub_permut() { end_subfunc "${NUMOFLINES} new subs (permutations)" ${FUNCNAME[0]} else if [[ $SUBPERMUTE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1035,13 +1069,14 @@ function sub_permut() { function sub_regex_permut() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBREGEXPERMUTE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Permutations by regex analysis" pushd "${tools}/regulator" >/dev/null || { echo "Failed to cd directory in ${FUNCNAME[0]} @ line ${LINENO}" } - + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" python3 main.py -t $domain -f ${dir}/subdomains/subdomains.txt -o ${dir}/.tmp/${domain}.brute popd >/dev/null || { @@ -1066,9 +1101,9 @@ function sub_regex_permut() { end_subfunc "${NUMOFLINES} new subs (permutations by regex)" ${FUNCNAME[0]} else if [[ $SUBREGEXPERMUTE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1078,6 +1113,7 @@ function sub_recursive_passive() { if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUB_RECURSIVE_PASSIVE == true ]] && [[ -s "subdomains/subdomains.txt" ]]; then start_subfunc ${FUNCNAME[0]} "Running : Subdomains recursive search passive" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" # Passive recursive [ -s "subdomains/subdomains.txt" ] && dsieve -if subdomains/subdomains.txt -f 3 -top $DEEP_RECURSIVE_PASSIVE >.tmp/subdomains_recurs_top.txt if [[ $AXIOM != true ]]; then @@ -1095,9 +1131,9 @@ function sub_recursive_passive() { end_subfunc "${NUMOFLINES} new subs (recursive)" ${FUNCNAME[0]} else if [[ $SUB_RECURSIVE_PASSIVE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1105,8 +1141,10 @@ function sub_recursive_passive() { function sub_recursive_brute() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUB_RECURSIVE_BRUTE == true ]] && [[ -s "subdomains/subdomains.txt" ]]; then start_subfunc ${FUNCNAME[0]} "Running : Subdomains recursive search active" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" if [[ $(cat subdomains/subdomains.txt | wc -l) -le $DEEP_LIMIT ]]; then [ ! -s ".tmp/subdomains_recurs_top.txt" ] && dsieve -if subdomains/subdomains.txt -f 3 -top $DEEP_RECURSIVE_PASSIVE >.tmp/subdomains_recurs_top.txt ripgen -d .tmp/subdomains_recurs_top.txt -w $subs_wordlist >.tmp/brute_recursive_wordlist.txt @@ -1163,9 +1201,9 @@ function sub_recursive_brute() { end_subfunc "${NUMOFLINES} new subs (recursive active)" ${FUNCNAME[0]} else if [[ $SUB_RECURSIVE_BRUTE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1173,6 +1211,7 @@ function sub_recursive_brute() { function subtakeover() { + mkdir -p {.tmp,webs,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SUBTAKEOVER == true ]]; then start_func ${FUNCNAME[0]} "Looking for possible subdomain and DNS takeover" touch .tmp/tko.txt @@ -1198,9 +1237,9 @@ function subtakeover() { end_func "Results are saved in $domain/webs/takeover.txt" ${FUNCNAME[0]} else if [[ $SUBTAKEOVER == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1208,6 +1247,7 @@ function subtakeover() { function zonetransfer() { + mkdir -p subdomains if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $ZONETRANSFER == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Zone transfer check" for ns in $(dig +short ns "$domain"); do dig axfr "$domain" @"$ns" >>subdomains/zonetransfer.txt; done @@ -1217,14 +1257,14 @@ function zonetransfer() { end_func "Results are saved in $domain/subdomains/zonetransfer.txt" ${FUNCNAME[0]} else if [[ $ZONETRANSFER == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $ZONETRANSFER == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -1233,8 +1273,10 @@ function zonetransfer() { function s3buckets() { + mkdir -p {.tmp,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $S3BUCKETS == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "AWS S3 buckets search" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" # S3Scanner if [[ $AXIOM != true ]]; then [ -s "subdomains/subdomains.txt" ] && s3scanner scan -f subdomains/subdomains.txt 2>>"$LOGFILE" | anew -q .tmp/s3buckets.txt @@ -1260,14 +1302,14 @@ function s3buckets() { end_func "Results are saved in subdomains/s3buckets.txt and subdomains/cloud_assets.txt" ${FUNCNAME[0]} else if [[ $S3BUCKETS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $S3BUCKETS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -1275,11 +1317,12 @@ function s3buckets() { } ############################################################################################################### -############################################# GEOLOCALIZATION INFO ####################################################### +############################################# GEOLOCALIZATION INFO ############################################ ############################################################################################################### function geo_info() { + mkdir -p hosts if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $GEO_INFO == true ]]; then start_func ${FUNCNAME[0]} "Running: ipinfo and geoinfo" ips_file="${dir}/hosts/ips.txt" @@ -1328,9 +1371,9 @@ function geo_info() { end_func "Results are saved in hosts/geoip.txt and hosts/geoip.json" ${FUNCNAME[0]} else if [[ $GEO_INFO == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1342,8 +1385,10 @@ function geo_info() { function webprobe_simple() { + mkdir -p {.tmp,webs,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WEBPROBESIMPLE == true ]]; then start_subfunc ${FUNCNAME[0]} "Running : Http probing $domain" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" && touch .tmp/web_full_info.txt webs/web_full_info.txt if [[ $AXIOM != true ]]; then cat subdomains/subdomains.txt | httpx ${HTTPX_FLAGS} -no-color -json -random-agent -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -retries 2 -timeout $HTTPX_TIMEOUT -o .tmp/web_full_info_probe.txt 2>>"$LOGFILE" >/dev/null else @@ -1362,9 +1407,9 @@ function webprobe_simple() { fi else if [[ $WEBPROBESIMPLE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1372,8 +1417,10 @@ function webprobe_simple() { function webprobe_full() { + mkdir -p {.tmp,webs,subdomains} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WEBPROBEFULL == true ]]; then start_func ${FUNCNAME[0]} "Http probing non standard ports" + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" && touch webs/webs.txt if [[ -s "subdomains/subdomains.txt" ]]; then if [[ $AXIOM != true ]]; then if [[ -s "subdomains/subdomains.txt" ]]; then @@ -1405,9 +1452,9 @@ function webprobe_full() { fi else if [[ $WEBPROBEFULL == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1415,6 +1462,7 @@ function webprobe_full() { function screenshot() { + mkdir -p {webs,screenshots} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WEBSCREENSHOT == true ]]; then start_func ${FUNCNAME[0]} "Web Screenshots" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -1427,9 +1475,9 @@ function screenshot() { end_func "Results are saved in $domain/screenshots folder" ${FUNCNAME[0]} else if [[ $WEBSCREENSHOT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1437,11 +1485,11 @@ function screenshot() { function virtualhosts() { + mkdir -p {.tmp/virtualhosts,virtualhosts,webs} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $VIRTUALHOSTS == true ]]; then start_func ${FUNCNAME[0]} "Virtual Hosts dicovery" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt if [[ -s "webs/webs_all.txt" ]]; then - mkdir -p $dir/virtualhosts $dir/.tmp/virtualhosts interlace -tL webs/webs_all.txt -threads ${INTERLACE_THREADS} -c "ffuf -ac -t ${FFUF_THREADS} -rate ${FFUF_RATELIMIT} -H \"${HEADER}\" -H \"Host: FUZZ._cleantarget_\" -w ${fuzz_wordlist} -maxtime ${FFUF_MAXTIME} -u _target_ -of json -o _output_/_cleantarget_.json" -o $dir/.tmp/virtualhosts 2>>"$LOGFILE" >/dev/null for sub in $(cat webs/webs_all.txt); do sub_out=$(echo $sub | sed -e 's|^[^/]*//||' -e 's|/.*$||') @@ -1454,9 +1502,9 @@ function virtualhosts() { fi else if [[ $VIRTUALHOSTS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1468,6 +1516,7 @@ function virtualhosts() { function favicon() { + mkdir -p hosts if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $FAVICON == true ]] && ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then start_func ${FUNCNAME[0]} "Favicon Ip Lookup" pushd "${tools}/fav-up" >/dev/null || { @@ -1489,14 +1538,14 @@ function favicon() { end_func "Results are saved in hosts/favicontest.txt" ${FUNCNAME[0]} else if [[ $FAVICON == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then return else if [[ $FAVICON == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi fi @@ -1505,6 +1554,7 @@ function favicon() { function portscan() { + mkdir -p {.tmp,subdomains,hosts} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $PORTSCANNER == true ]]; then start_func ${FUNCNAME[0]} "Port scan" if ! [[ $domain =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9] ]]; then @@ -1516,9 +1566,9 @@ function portscan() { fi [ ! -s "hosts/cdn_providers.txt" ] && cat hosts/ips.txt 2>/dev/null | cdncheck -silent -resp -cdn -waf -nc 2>/dev/null >hosts/cdn_providers.txt [ -s "hosts/ips.txt" ] && comm -23 <(cat hosts/ips.txt | sort -u) <(cat hosts/cdn_providers.txt | cut -d'[' -f1 | sed 's/[[:space:]]*$//' | sort -u) | grep -aEiv "^(127|10|169\.154|172\.1[6789]|172\.2[0-9]|172\.3[01]|192\.168)\." | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | sort -u | anew -q .tmp/ips_nocdn.txt - printf "${bblue}\n Resolved IP addresses (No CDN) ${reset}\n\n" + printf "${bblue}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Resolved IP addresses (No CDN) ${reset}\n\n" [ -s ".tmp/ips_nocdn.txt" ] && cat .tmp/ips_nocdn.txt | sort - printf "${bblue}\n Scanning ports... ${reset}\n\n" + printf "${bblue}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Scanning ports... ${reset}\n\n" ips_file="${dir}/hosts/ips.txt" if [ "$PORTSCAN_PASSIVE" = true ]; then if [ ! -f $ips_file ]; then @@ -1538,11 +1588,9 @@ function portscan() { formatted_json+="]" echo "$formatted_json" >"${dir}/hosts/portscan_shodan.txt" fi - else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi if [[ $PORTSCAN_PASSIVE == true ]] && [[ ! -f "hosts/portscan_passive.txt" ]] && [[ -s ".tmp/ips_nocdn.txt" ]]; then - smap -iL .tmp/ips_nocdn.txt >hosts/portscan_passive.txt + smap -iL .tmp/ips_nocdn.txt >hosts/portscan_passive.txt fi if [[ $PORTSCAN_ACTIVE == true ]]; then if [[ $AXIOM != true ]]; then @@ -1559,12 +1607,12 @@ function portscan() { notification "Webs detected from port scan: ${NUMOFLINES} new websites" good cat hosts/webs.txt fi - end_func "Results are saved in hosts/portscan_[passive|active|shodan].txt" ${FUNCNAME[0]} + end_func "Results are saved in hosts/portscan_[passive|active|shodan].[txt|xml]" ${FUNCNAME[0]} else if [[ $PORTSCANNER == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1572,6 +1620,7 @@ function portscan() { function cdnprovider() { + mkdir -p {.tmp,subdomains,hosts} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $CDN_IP == true ]]; then start_func ${FUNCNAME[0]} "CDN provider check" [ -s "subdomains/subdomains_dnsregs.json" ] && cat subdomains/subdomains_dnsregs.json | jq -r 'try . | .a[]' | grep -aEiv "^(127|10|169\.154|172\.1[6789]|172\.2[0-9]|172\.3[01]|192\.168)\." | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | sort -u >.tmp/ips_cdn.txt @@ -1579,9 +1628,9 @@ function cdnprovider() { end_func "Results are saved in hosts/cdn_providers.txt" ${FUNCNAME[0]} else if [[ $CDN_IP == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1593,6 +1642,7 @@ function cdnprovider() { function waf_checks() { + mkdir -p {.tmp,webs} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WAF_DETECTION == true ]]; then start_func ${FUNCNAME[0]} "Website's WAF detection" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -1615,9 +1665,9 @@ function waf_checks() { fi else if [[ $WAF_DETECTION == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1625,10 +1675,11 @@ function waf_checks() { function nuclei_check() { + mkdir -p {.tmp,webs,subdomains,nuclei_output} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $NUCLEICHECK == true ]]; then start_func ${FUNCNAME[0]} "Templates based web scanner" - nuclei -update 2>>"$LOGFILE" >/dev/null - mkdir -p nuclei_output + nuclei -update 2>>"$LOGFILE" >/dev/null+ + [[ -n $multi ]] && [ ! -f "$dir/subdomains/subdomains.txt" ] && echo "$domain" > "$dir/subdomains/subdomains.txt" && touch webs/webs.txt webs/webs_uncommon_ports.txt [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt [ ! -s ".tmp/webs_subs.txt" ] && cat subdomains/subdomains.txt webs/webs_all.txt 2>>"$LOGFILE" | anew -q .tmp/webs_subs.txt [ -s "$dir/fuzzing/fuzzing_full.txt" ] && cat $dir/fuzzing/fuzzing_full.txt | grep -e "^200" | cut -d " " -f3 | anew -q .tmp/webs_fuzz.txt @@ -1636,7 +1687,7 @@ function nuclei_check() { if [[ $AXIOM != true ]]; then # avoid globbing (expansion of *). IFS=',' read -ra severity_array <<<"$NUCLEI_SEVERITY" for crit in "${severity_array[@]}"; do - printf "${yellow}\n Running : Nuclei $crit ${reset}\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Nuclei $crit ${reset}\n\n" cat .tmp/webs_nuclei.txt 2>/dev/null | nuclei $NUCLEI_FLAGS -severity $crit -nh -rl $NUCLEI_RATELIMIT -o nuclei_output/${crit}.txt done printf "\n\n" @@ -1644,7 +1695,7 @@ function nuclei_check() { if [[ -s ".tmp/webs_nuclei.txt" ]]; then IFS=',' read -ra severity_array <<<"$NUCLEI_SEVERITY" for crit in "${severity_array[@]}"; do - printf "${yellow}\n Running : Nuclei $crit, check results on nuclei_output folder${reset}\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Nuclei $crit, check results on nuclei_output folder${reset}\n\n" axiom-scan .tmp/webs_nuclei.txt -m nuclei --nuclei-templates ${NUCLEI_TEMPLATES_PATH} -severity ${crit} -nh -rl $NUCLEI_RATELIMIT -o nuclei_output/${crit}.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null [ -s "nuclei_output/${crit}.txt" ] && cat nuclei_output/${crit}.txt done @@ -1654,9 +1705,9 @@ function nuclei_check() { end_func "Results are saved in $domain/nuclei_output folder" ${FUNCNAME[0]} else if [[ $NUCLEICHECK == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1664,11 +1715,12 @@ function nuclei_check() { function fuzz() { + mkdir -p {.tmp/fuzzing,webs,fuzzing} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $FUZZ == true ]]; then start_func ${FUNCNAME[0]} "Web directory fuzzing" + [[ -n $multi ]] && [ ! -f "$dir/webs/webs.txt" ] && echo "$domain" > "$dir/webs/webs.txt" && touch webs/webs_uncommon_ports.txt [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt if [[ -s "webs/webs_all.txt" ]]; then - mkdir -p $dir/fuzzing $dir/.tmp/fuzzing if [[ $AXIOM != true ]]; then interlace -tL webs/webs_all.txt -threads ${INTERLACE_THREADS} -c "ffuf ${FFUF_FLAGS} -t ${FFUF_THREADS} -rate ${FFUF_RATELIMIT} -H \"${HEADER}\" -w ${fuzz_wordlist} -maxtime ${FFUF_MAXTIME} -u _target_/FUZZ -o _output_/_cleantarget_.json" -o $dir/.tmp/fuzzing 2>>"$LOGFILE" >/dev/null for sub in $(cat webs/webs_all.txt); do @@ -1693,9 +1745,9 @@ function fuzz() { fi else if [[ $FUZZ == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1719,9 +1771,9 @@ function iishortname() { fi else if [[ $IIS_SHORTNAME == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1729,9 +1781,11 @@ function iishortname() { function cms_scanner() { + mkdir -p {.tmp,webs,cms} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $CMS_SCANNER == true ]]; then start_func ${FUNCNAME[0]} "CMS Scanner" - mkdir -p $dir/cms && rm -rf $dir/cms/* + rm -rf $dir/cms/* + [[ -n $multi ]] && [ ! -f "$dir/webs/webs.txt" ] && echo "$domain" > "$dir/webs/webs.txt" && touch webs/webs_uncommon_ports.txt [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt if [[ -s "webs/webs_all.txt" ]]; then tr '\n' ',' .tmp/cms.txt 2>>"$LOGFILE" @@ -1761,9 +1815,9 @@ function cms_scanner() { fi else if [[ $CMS_SCANNER == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1771,9 +1825,9 @@ function cms_scanner() { function urlchecks() { + mkdir -p {.tmp,webs} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $URL_CHECK == true ]]; then start_func ${FUNCNAME[0]} "URL Extraction" - mkdir -p js [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt if [[ -s "webs/webs_all.txt" ]]; then if [[ $AXIOM != true ]]; then @@ -1841,9 +1895,9 @@ function urlchecks() { fi else if [[ $URL_CHECK == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1851,9 +1905,9 @@ function urlchecks() { function url_gf() { + mkdir -p {.tmp,webs,gf} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $URL_GF == true ]]; then start_func ${FUNCNAME[0]} "Vulnerable Pattern Search" - mkdir -p gf if [[ -s "webs/url_extract.txt" ]]; then gf xss webs/url_extract.txt | anew -q gf/xss.txt gf ssti webs/url_extract.txt | anew -q gf/ssti.txt @@ -1869,9 +1923,9 @@ function url_gf() { end_func "Results are saved in $domain/gf folder" ${FUNCNAME[0]} else if [[ $URL_GF == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1879,6 +1933,7 @@ function url_gf() { function url_ext() { + mkdir -p {.tmp,webs} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $URL_EXT == true ]]; then if [[ -s ".tmp/url_extract_tmp.txt" ]]; then start_func ${FUNCNAME[0]} "Urls by extension" @@ -1895,9 +1950,9 @@ function url_ext() { fi else if [[ $URL_EXT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1905,6 +1960,7 @@ function url_ext() { function jschecks() { + mkdir -p {.tmp,webs,subdomains,js} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $JSCHECKS == true ]]; then start_func ${FUNCNAME[0]} "Javascript Scan" if [[ -s ".tmp/url_extract_js.txt" ]]; then @@ -1917,21 +1973,21 @@ function jschecks() { [ -s ".tmp/subjslinks.txt" ] && cat .tmp/subjslinks.txt | egrep -iv "\.(eot|jpg|jpeg|gif|css|tif|tiff|png|ttf|otf|woff|woff2|ico|pdf|svg|txt|js)" | anew -q js/nojs_links.txt [ -s ".tmp/subjslinks.txt" ] && cat .tmp/subjslinks.txt | grep -iE "\.js($|\?)" | anew -q .tmp/url_extract_js.txt cat .tmp/url_extract_js.txt | python3 ${tools}/urless/urless/urless.py | anew -q js/url_extract_js.txt 2>>"$LOGFILE" >/dev/null - printf "${yellow} Running : Resolving JS Urls 2/5${reset}\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Resolving JS Urls 2/5${reset}\n" if [[ $AXIOM != true ]]; then [ -s "js/url_extract_js.txt" ] && cat js/url_extract_js.txt | httpx -follow-redirects -random-agent -silent -timeout $HTTPX_TIMEOUT -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -status-code -content-type -retries 2 -no-color | grep "[200]" | grep "javascript" | cut -d ' ' -f1 | anew -q js/js_livelinks.txt else [ -s "js/url_extract_js.txt" ] && axiom-scan js/url_extract_js.txt -m httpx -follow-host-redirects -H \"${HEADER}\" -status-code -threads $HTTPX_THREADS -rl $HTTPX_RATELIMIT -timeout $HTTPX_TIMEOUT -silent -content-type -retries 2 -no-color -o .tmp/js_livelinks.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null [ -s ".tmp/js_livelinks.txt" ] && cat .tmp/js_livelinks.txt | anew .tmp/web_full_info.txt | grep "[200]" | grep "javascript" | cut -d ' ' -f1 | anew -q js/js_livelinks.txt fi - printf "${yellow} Running : Gathering endpoints 3/5${reset}\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Gathering endpoints 3/5${reset}\n" [ -s "js/js_livelinks.txt" ] && python3 ${tools}/xnLinkFinder/xnLinkFinder.py -i js/js_livelinks.txt -sf subdomains/subdomains.txt -d $XNLINKFINDER_DEPTH -o .tmp/js_endpoints.txt 2>>"$LOGFILE" >/dev/null [ -s "parameters.txt" ] && rm -f parameters.txt 2>>"$LOGFILE" >/dev/null if [[ -s ".tmp/js_endpoints.txt" ]]; then sed -i '/^\//!d' .tmp/js_endpoints.txt cat .tmp/js_endpoints.txt | anew -q js/js_endpoints.txt fi - printf "${yellow} Running : Gathering secrets 4/5${reset}\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Gathering secrets 4/5${reset}\n" if [[ $AXIOM != true ]]; then [ -s "js/js_livelinks.txt" ] && cat js/js_livelinks.txt | mantra -ua ${HEADER} -s | anew -q js/js_secrets.txt @@ -1940,7 +1996,7 @@ function jschecks() { [ -s "js/js_secrets.txt" ] && trufflehog filesystem js/js_secrets.txt -j 2>/dev/null | jq -c | anew -q js/js_secrets_trufflehog.txt fi [ -s "js/js_secrets.txt" ] && sed -r "s/\x1B\[([0-9]{1,3}(;[0-9]{1,2};?)?)?[mGK]//g" -i js/js_secrets.txt - printf "${yellow} Running : Building wordlist 5/5${reset}\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Running : Building wordlist 5/5${reset}\n" [ -s "js/js_livelinks.txt" ] && interlace -tL js/js_livelinks.txt -threads ${INTERLACE_THREADS} -c "python3 ${tools}/getjswords.py '_target_' | anew -q webs/dict_words.txt" 2>>"$LOGFILE" >/dev/null end_func "Results are saved in $domain/js folder" ${FUNCNAME[0]} else @@ -1948,9 +2004,9 @@ function jschecks() { fi else if [[ $JSCHECKS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1958,6 +2014,7 @@ function jschecks() { function wordlist_gen() { + mkdir -p {.tmp,webs} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WORDLIST == true ]]; then start_func ${FUNCNAME[0]} "Wordlist generation" if [[ -s ".tmp/url_extract_tmp.txt" ]]; then @@ -1974,9 +2031,9 @@ function wordlist_gen() { fi else if [[ $WORDLIST == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -1984,6 +2041,7 @@ function wordlist_gen() { function wordlist_gen_roboxtractor() { + mkdir -p webs if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $ROBOTSWORDLIST == true ]]; then start_func ${FUNCNAME[0]} "Robots wordlist generation" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -1993,9 +2051,9 @@ function wordlist_gen_roboxtractor() { end_func "Results are saved in $domain/webs/robots_wordlist.txt" ${FUNCNAME[0]} else if [[ $ROBOTSWORDLIST == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2003,6 +2061,7 @@ function wordlist_gen_roboxtractor() { function password_dict() { + mkdir -p webs if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $PASSWORD_DICT == true ]]; then start_func ${FUNCNAME[0]} "Password dictionary generation" word=${domain%%.*} @@ -2010,9 +2069,9 @@ function password_dict() { end_func "Results are saved in $domain/webs/password_dict.txt" ${FUNCNAME[0]} else if [[ $PASSWORD_DICT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2024,6 +2083,7 @@ function password_dict() { function brokenLinks() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $BROKENLINKS == true ]]; then start_func ${FUNCNAME[0]} "Broken links checks" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -2052,9 +2112,9 @@ function brokenLinks() { end_func "Results are saved in vulns/brokenLinks.txt" ${FUNCNAME[0]} else if [[ $BROKENLINKS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2062,6 +2122,7 @@ function brokenLinks() { function xss() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $XSS == true ]] && [[ -s "gf/xss.txt" ]]; then start_func ${FUNCNAME[0]} "XSS Analysis" [ -s "gf/xss.txt" ] && cat gf/xss.txt | qsreplace FUZZ | sed '/FUZZ/!d' | Gxss -c 100 -p Xss | qsreplace FUZZ | sed '/FUZZ/!d' | anew -q .tmp/xss_reflected.txt @@ -2070,7 +2131,7 @@ function xss() { if [[ -n $XSS_SERVER ]]; then [ -s ".tmp/xss_reflected.txt" ] && cat .tmp/xss_reflected.txt | dalfox pipe --silence --no-color --no-spinner --only-poc r --ignore-return 302,404,403 --skip-bav -b ${XSS_SERVER} -w $DALFOX_THREADS 2>>"$LOGFILE" | anew -q vulns/xss.txt else - printf "${yellow}\n No XSS_SERVER defined, blind xss skipped\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] No XSS_SERVER defined, blind xss skipped\n\n" [ -s ".tmp/xss_reflected.txt" ] && cat .tmp/xss_reflected.txt | dalfox pipe --silence --no-color --no-spinner --only-poc r --ignore-return 302,404,403 --skip-bav -w $DALFOX_THREADS 2>>"$LOGFILE" | anew -q vulns/xss.txt fi else @@ -2078,11 +2139,11 @@ function xss() { if [[ -n $XSS_SERVER ]]; then cat .tmp/xss_reflected.txt | dalfox pipe --silence --no-color --no-spinner --skip-bav --skip-mining-dom --skip-mining-dict --only-poc r --ignore-return 302,404,403 -b ${XSS_SERVER} -w $DALFOX_THREADS 2>>"$LOGFILE" | anew -q vulns/xss.txt else - printf "${yellow}\n No XSS_SERVER defined, blind xss skipped\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] No XSS_SERVER defined, blind xss skipped\n\n" cat .tmp/xss_reflected.txt | dalfox pipe --silence --no-color --no-spinner --skip-bav --skip-mining-dom --skip-mining-dict --only-poc r --ignore-return 302,404,403 -w $DALFOX_THREADS 2>>"$LOGFILE" | anew -q vulns/xss.txt fi else - printf "${bred} Skipping XSS: Too many URLs to test, try with --deep flag${reset}\n" + printf "${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Skipping XSS: Too many URLs to test, try with --deep flag${reset}\n" fi fi else @@ -2090,7 +2151,7 @@ function xss() { if [[ -n $XSS_SERVER ]]; then [ -s ".tmp/xss_reflected.txt" ] && axiom-scan .tmp/xss_reflected.txt -m dalfox --skip-bav -b ${XSS_SERVER} -w $DALFOX_THREADS -o vulns/xss.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null else - printf "${yellow}\n No XSS_SERVER defined, blind xss skipped\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] No XSS_SERVER defined, blind xss skipped\n\n" [ -s ".tmp/xss_reflected.txt" ] && axiom-scan .tmp/xss_reflected.txt -m dalfox --skip-bav -w $DALFOX_THREADS -o vulns/xss.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null fi else @@ -2098,22 +2159,22 @@ function xss() { if [[ -n $XSS_SERVER ]]; then axiom-scan .tmp/xss_reflected.txt -m dalfox --skip-bav --skip-grepping --skip-mining-all --skip-mining-dict -b ${XSS_SERVER} -w $DALFOX_THREADS -o vulns/xss.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null else - printf "${yellow}\n No XSS_SERVER defined, blind xss skipped\n\n" + printf "${yellow}\n[$(date +'%Y-%m-%dT%H:%M:%S%z')] No XSS_SERVER defined, blind xss skipped\n\n" axiom-scan .tmp/xss_reflected.txt -m dalfox --skip-bav --skip-grepping --skip-mining-all --skip-mining-dict -w $DALFOX_THREADS -o vulns/xss.txt $AXIOM_EXTRA_ARGS 2>>"$LOGFILE" >/dev/null fi else - printf "${bred} Skipping XSS: Too many URLs to test, try with --deep flag${reset}\n" + printf "${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Skipping XSS: Too many URLs to test, try with --deep flag${reset}\n" fi fi fi end_func "Results are saved in vulns/xss.txt" ${FUNCNAME[0]} else if [[ $XSS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/xss.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to XSS ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to XSS ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2121,6 +2182,7 @@ function xss() { function cors() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $CORS == true ]]; then start_func ${FUNCNAME[0]} "CORS Scan" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -2128,9 +2190,9 @@ function cors() { end_func "Results are saved in vulns/cors.txt" ${FUNCNAME[0]} else if [[ $CORS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2138,6 +2200,7 @@ function cors() { function open_redirect() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $OPEN_REDIRECT == true ]] && [[ -s "gf/redirect.txt" ]]; then start_func ${FUNCNAME[0]} "Open redirects checks" if [[ $DEEP == true ]] || [[ $(cat gf/redirect.txt | wc -l) -le $DEEP_LIMIT ]]; then @@ -2151,11 +2214,11 @@ function open_redirect() { fi else if [[ $OPEN_REDIRECT == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/redirect.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to Open Redirect ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to Open Redirect ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2163,6 +2226,7 @@ function open_redirect() { function ssrf_checks() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SSRF_CHECKS == true ]] && [[ -s "gf/ssrf.txt" ]]; then start_func ${FUNCNAME[0]} "SSRF checks" if [[ -z $COLLAB_SERVER ]]; then @@ -2191,11 +2255,11 @@ function ssrf_checks() { pkill -f interactsh-client & else if [[ $SSRF_CHECKS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/ssrf.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to SSRF ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to SSRF ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2203,6 +2267,7 @@ function ssrf_checks() { function crlf_checks() { + mkdir -p {webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $CRLF_CHECKS == true ]]; then start_func ${FUNCNAME[0]} "CRLF checks" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -2214,9 +2279,9 @@ function crlf_checks() { fi else if [[ $CRLF_CHECKS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2224,6 +2289,7 @@ function crlf_checks() { function lfi() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $LFI == true ]] && [[ -s "gf/lfi.txt" ]]; then start_func ${FUNCNAME[0]} "LFI checks" if [[ -s "gf/lfi.txt" ]]; then @@ -2237,11 +2303,11 @@ function lfi() { fi else if [[ $LFI == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/lfi.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to LFI ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to LFI ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2249,6 +2315,7 @@ function lfi() { function ssti() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SSTI == true ]] && [[ -s "gf/ssti.txt" ]]; then start_func ${FUNCNAME[0]} "SSTI checks" if [[ -s "gf/ssti.txt" ]]; then @@ -2263,11 +2330,11 @@ function ssti() { fi else if [[ $SSTI == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/ssti.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to SSTI ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to SSTI ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2275,6 +2342,7 @@ function ssti() { function sqli() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SQLI == true ]] && [[ -s "gf/sqli.txt" ]]; then start_func ${FUNCNAME[0]} "SQLi checks" @@ -2292,11 +2360,11 @@ function sqli() { fi else if [[ $SQLI == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/sqli.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to SQLi ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to SQLi ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2304,15 +2372,17 @@ function sqli() { function test_ssl() { + mkdir -p {hosts,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $TEST_SSL == true ]]; then start_func ${FUNCNAME[0]} "SSL Test" + [[ -n $multi ]] && [ ! -f "$dir/hosts/ips.txt" ] && echo "$domain" > "$dir/hosts/ips.txt" ${tools}/testssl.sh/testssl.sh --quiet --color 0 -U -iL hosts/ips.txt 2>>"$LOGFILE" >vulns/testssl.txt end_func "Results are saved in vulns/testssl.txt" ${FUNCNAME[0]} else if [[ $TEST_SSL == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2320,6 +2390,7 @@ function test_ssl() { function spraying() { + mkdir -p vulns if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SPRAY == true ]]; then start_func ${FUNCNAME[0]} "Password spraying" @@ -2334,9 +2405,9 @@ function spraying() { end_func "Results are saved in vulns/brutespray folder" ${FUNCNAME[0]} else if [[ $SPRAY == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2344,6 +2415,7 @@ function spraying() { function command_injection() { + mkdir -p {.tmp,gf,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $COMM_INJ == true ]] && [[ -s "gf/rce.txt" ]]; then start_func ${FUNCNAME[0]} "Command Injection checks" [ -s "gf/rce.txt" ] && cat gf/rce.txt | qsreplace FUZZ | sed '/FUZZ/!d' | anew -q .tmp/tmp_rce.txt @@ -2355,11 +2427,11 @@ function command_injection() { fi else if [[ $COMM_INJ == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" elif [[ ! -s "gf/rce.txt" ]]; then - printf "\n${yellow} ${FUNCNAME[0]} No URLs potentially vulnerables to Command Injection ${reset}\n\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} No URLs potentially vulnerables to Command Injection ${reset}\n\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2367,6 +2439,7 @@ function command_injection() { function 4xxbypass() { + mkdir -p {.tmp,fuzzing,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $BYPASSER4XX == true ]]; then if [[ $(cat fuzzing/fuzzing_full.txt 2>/dev/null | grep -E '^4' | grep -Ev '^404' | cut -d ' ' -f3 | wc -l) -le 1000 ]] || [[ $DEEP == true ]]; then start_func "403 bypass" @@ -2387,9 +2460,9 @@ function 4xxbypass() { fi else if [[ $BYPASSER4XX == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2397,6 +2470,7 @@ function 4xxbypass() { function prototype_pollution() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $PROTO_POLLUTION == true ]]; then start_func ${FUNCNAME[0]} "Prototype Pollution checks" if [[ $DEEP == true ]] || [[ $(cat webs/url_extract.txt | wc -l) -le $DEEP_LIMIT ]]; then @@ -2408,9 +2482,9 @@ function prototype_pollution() { fi else if [[ $PROTO_POLLUTION == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2418,6 +2492,7 @@ function prototype_pollution() { function smuggling() { + mkdir -p {.tmp,webs,vulns/smuggling} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $SMUGGLING == true ]]; then start_func ${FUNCNAME[0]} "HTTP Request Smuggling checks" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -2426,7 +2501,6 @@ function smuggling() { echo "Failed to cd directory in ${FUNCNAME[0]} @ line ${LINENO}" } cat $dir/webs/webs_all.txt | python3 smuggler.py -q --no-color 2>/dev/null | anew -q $dir/.tmp/smuggling.txt - mkdir -p $dir/vulns/smuggling/ find payloads -type f ! -name "README*" -exec mv {} $dir/vulns/smuggling/ \; popd >/dev/null || { echo "Failed to popd in ${FUNCNAME[0]} @ line ${LINENO}" @@ -2438,9 +2512,9 @@ function smuggling() { fi else if [[ $SMUGGLING == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2448,6 +2522,7 @@ function smuggling() { function webcache() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $WEBCACHE == true ]]; then start_func ${FUNCNAME[0]} "Web Cache Poisoning checks" [ ! -s "webs/webs_all.txt" ] && cat webs/webs.txt webs/webs_uncommon_ports.txt 2>/dev/null | anew -q webs/webs_all.txt @@ -2467,9 +2542,9 @@ function webcache() { fi else if [[ $WEBCACHE == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2477,6 +2552,7 @@ function webcache() { function fuzzparams() { + mkdir -p {.tmp,webs,vulns} if { [[ ! -f "$called_fn_dir/.${FUNCNAME[0]}" ]] || [[ $DIFF == true ]]; } && [[ $FUZZPARAMS == true ]]; then start_func ${FUNCNAME[0]} "Fuzzing params values checks" if [[ $DEEP == true ]] || [[ $(cat webs/url_extract.txt | wc -l) -le $DEEP_LIMIT2 ]]; then @@ -2495,9 +2571,9 @@ function fuzzparams() { fi else if [[ $FUZZPARAMS == false ]]; then - printf "\n${yellow} ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} skipped in this mode or defined in reconftw.cfg ${reset}\n" else - printf "${yellow} ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" + printf "${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] ${FUNCNAME[0]} is already processed, to force executing ${FUNCNAME[0]} delete\n $called_fn_dir/.${FUNCNAME[0]} ${reset}\n\n" fi fi @@ -2572,21 +2648,32 @@ function remove_big_files() { function notification() { if [[ -n $1 ]] && [[ -n $2 ]]; then + + if [[ $NOTIFICATION == true ]]; then + NOTIFY="notify -silent" + else + NOTIFY="true" + fi + if [[ -z $3 ]]; then + current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') + else + current_date="$3" + fi case $2 in info) - text="\n${bblue} ${1} ${reset}" + text="\n${bblue}[$current_date] ${1} ${reset}" printf "${text}\n" && printf "${text} - ${domain}\n" | $NOTIFY ;; warn) - text="\n${yellow} ${1} ${reset}" + text="\n${yellow}[$current_date] ${1} ${reset}" printf "${text}\n" && printf "${text} - ${domain}\n" | $NOTIFY ;; error) - text="\n${bred} ${1} ${reset}" + text="\n${bred}[$current_date] ${1} ${reset}" printf "${text}\n" && printf "${text} - ${domain}\n" | $NOTIFY ;; good) - text="\n${bgreen} ${1} ${reset}" + text="\n${bgreen}[$current_date] ${1} ${reset}" printf "${text}\n" && printf "${text} - ${domain}\n" | $NOTIFY ;; esac @@ -2619,7 +2706,7 @@ function transfer { function sendToNotify { if [[ -z $1 ]]; then - printf "\n${yellow} no file provided to send ${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] No file provided to send ${reset}\n" else if [[ -z $NOTIFY_CONFIG ]]; then NOTIFY_CONFIG=~/.config/notify/provider-config.yaml @@ -2630,27 +2717,28 @@ function sendToNotify { return 0 fi if grep -q '^ telegram\|^telegram\|^ telegram' $NOTIFY_CONFIG; then - notification "Sending ${domain} data over Telegram" info + notification "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Sending ${domain} data over Telegram" info telegram_chat_id=$(cat ${NOTIFY_CONFIG} | grep '^ telegram_chat_id\|^telegram_chat_id\|^ telegram_chat_id' | xargs | cut -d' ' -f2) telegram_key=$(cat ${NOTIFY_CONFIG} | grep '^ telegram_api_key\|^telegram_api_key\|^ telegram_apikey' | xargs | cut -d' ' -f2) curl -F document=@${1} "https://api.telegram.org/bot${telegram_key}/sendDocument?chat_id=${telegram_chat_id}" 2>>"$LOGFILE" >/dev/null fi if grep -q '^ discord\|^discord\|^ discord' $NOTIFY_CONFIG; then - notification "Sending ${domain} data over Discord" info + notification "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Sending ${domain} data over Discord" info discord_url=$(cat ${NOTIFY_CONFIG} | grep '^ discord_webhook_url\|^discord_webhook_url\|^ discord_webhook_url' | xargs | cut -d' ' -f2) curl -v -i -H "Accept: application/json" -H "Content-Type: multipart/form-data" -X POST -F file1=@${1} $discord_url 2>>"$LOGFILE" >/dev/null fi if [[ -n $slack_channel ]] && [[ -n $slack_auth ]]; then - notification "Sending ${domain} data over Slack" info + notification "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Sending ${domain} data over Slack" info curl -F file=@${1} -F "initial_comment=reconftw zip file" -F channels=${slack_channel} -H "Authorization: Bearer ${slack_auth}" https://slack.com/api/files.upload 2>>"$LOGFILE" >/dev/null fi fi } function start_func() { + current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') printf "${bgreen}#######################################################################" - notification "${2}" info - echo "[ $(date +"%F %T") ] Start function : ${1} " >>"${LOGFILE}" + notification "${2}" info $current_date + echo "[$current_date] Start function: ${1} " >>"${LOGFILE}" start=$(date +%s) } @@ -2658,15 +2746,17 @@ function end_func() { touch $called_fn_dir/.${2} end=$(date +%s) getElapsedTime $start $end - notification "${2} Finished in ${runtime}" info - echo "[ $(date +"%F %T") ] End function : ${2} " >>"${LOGFILE}" - printf "${bblue} ${1} ${reset}\n" + current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') + notification "${2} Finished in ${runtime}" info $current_date + echo "[$current_date] End function: ${2} " >>"${LOGFILE}" + printf "${bblue}[$current_date] ${1} ${reset}\n" printf "${bgreen}#######################################################################${reset}\n" } function start_subfunc() { - notification "${2}" warn - echo "[ $(date +"%F %T") ] Start subfunction : ${1} " >>"${LOGFILE}" + current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') + notification " ${2}" info $current_date + echo "[$current_date] Start subfunction: ${1} " >>"${LOGFILE}" start_sub=$(date +%s) } @@ -2674,8 +2764,9 @@ function end_subfunc() { touch $called_fn_dir/.${2} end_sub=$(date +%s) getElapsedTime $start_sub $end_sub - notification "${1} in ${runtime}" good - echo "[ $(date +"%F %T") ] End subfunction : ${1} " >>"${LOGFILE}" + current_date=$(date +'%Y-%m-%dT%H:%M:%S%z') + notification " ${1} in ${runtime}" good $current_date + echo "[$current_date] End subfunction: ${1} " >>"${LOGFILE}" } function check_inscope() { @@ -2750,16 +2841,16 @@ function ipcidr_target() { fi } -function axiom_lauch() { +function axiom_launch() { # let's fire up a FLEET! if [[ $AXIOM_FLEET_LAUNCH == true ]] && [[ -n $AXIOM_FLEET_NAME ]] && [[ -n $AXIOM_FLEET_COUNT ]]; then start_func ${FUNCNAME[0]} "Launching our Axiom fleet" - python3 -m pip install --upgrade linode-cli 2>>"$LOGFILE" >/dev/null + #python3 -m pip install --upgrade linode-cli 2>>"$LOGFILE" >/dev/null # Check to see if we have a fleet already, if so, SKIP THIS! - NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME") + NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME" || true) if [[ $NUMOFNODES -ge $AXIOM_FLEET_COUNT ]]; then axiom-select "$AXIOM_FLEET_NAME*" - end_func "Axiom fleet $AXIOM_FLEET_NAME already has $NUMOFNODES instances" + end_func "Axiom fleet $AXIOM_FLEET_NAME already has $NUMOFNODES instances" info+ else if [[ $NUMOFNODES -eq 0 ]]; then startcount=$AXIOM_FLEET_COUNT @@ -2777,9 +2868,8 @@ function axiom_lauch() { eval "$AXIOM_POST_START" 2>>"$LOGFILE" >/dev/null fi - NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME") - echo "Axiom fleet $AXIOM_FLEET_NAME launched w/ $NUMOFNODES instances" | $NOTIFY - end_func "Axiom fleet $AXIOM_FLEET_NAME launched w/ $NUMOFNODES instances" + NUMOFNODES=$(timeout 30 axiom-ls | grep -c "$AXIOM_FLEET_NAME" || true) + end_func "Axiom fleet $AXIOM_FLEET_NAME launched $NUMOFNODES instances" info fi fi } @@ -2791,8 +2881,8 @@ function axiom_shutdown() { notification "Automatic Axiom fleet shutdown is not enabled in this mode" info return fi - eval axiom-rm -f "$AXIOM_FLEET_NAME*" - echo "Axiom fleet $AXIOM_FLEET_NAME shutdown" | $NOTIFY + eval axiom-rm -f "$AXIOM_FLEET_NAME*" || true + axiom-ls | grep "$AXIOM_FLEET_NAME" || true notification "Axiom fleet $AXIOM_FLEET_NAME shutdown" info fi } @@ -2800,12 +2890,12 @@ function axiom_shutdown() { function axiom_selected() { if [[ ! $(axiom-ls | tail -n +2 | sed '$ d' | wc -l) -gt 0 ]]; then - notification "\n\n${bred} No axiom instances running ${reset}\n\n" error + notification "No axiom instances running ${reset}\n\n" error exit fi if [[ ! $(cat ~/.axiom/selected.conf | sed '/^\s*$/d' | wc -l) -gt 0 ]]; then - notification "\n\n${bred} No axiom instances selected ${reset}\n\n" error + notification "No axiom instances selected ${reset}\n\n" error exit fi } @@ -2814,15 +2904,9 @@ function start() { global_start=$(date +%s) - if [[ $NOTIFICATION == true ]]; then - NOTIFY="notify -silent" - else - NOTIFY="" - fi - printf "\n${bgreen}#######################################################################${reset}" - notification "Recon succesfully started on ${domain}" good - [ "$SOFT_NOTIFICATION" = true ] && echo "Recon succesfully started on ${domain}" | notify -silent + notification "Recon succesfully started on ${domain}" good $(date +'%Y-%m-%dT%H:%M:%S%z') + [ "$SOFT_NOTIFICATION" = true ] && echo "$(date +'%Y-%m-%dT%H:%M:%S%z') Recon succesfully started on ${domain}" | notify -silent printf "${bgreen}#######################################################################${reset}\n" if [[ $upgrade_before_running == true ]]; then ${SCRIPTPATH}/install.sh --tools @@ -2850,7 +2934,7 @@ function start() { fi if [[ -z $domain ]]; then - notification "\n\n${bred} No domain or list provided ${reset}\n\n" error + notification "${bred} No domain or list provided ${reset}\n\n" error exit fi @@ -2868,16 +2952,16 @@ function start() { list="${dir}/target.txt" fi fi - mkdir -p .tmp .log osint subdomains webs hosts vulns + mkdir -p .log NOW=$(date +"%F") NOWT=$(date +"%T") LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" printf "\n" - printf "${bred} Target: ${domain}\n\n" + printf "${bred}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Target: ${domain}\n\n" } function end() { @@ -2885,7 +2969,7 @@ function end() { find $dir -type f -empty -print | grep -v '.called_fn' | grep -v '.log' | grep -v '.tmp' | xargs rm -f 2>>"$LOGFILE" >/dev/null find $dir -type d -empty -print -delete 2>>"$LOGFILE" >/dev/null - echo "End $(date +"%F") $(date +"%T")" >>"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] End" >>"${LOGFILE}" if [[ $PRESERVE != true ]]; then find $dir -type f -empty | grep -v "called_fn" | xargs rm -f 2>>"$LOGFILE" >/dev/null @@ -2913,11 +2997,11 @@ function end() { global_end=$(date +%s) getElapsedTime $global_start $global_end printf "${bgreen}#######################################################################${reset}\n" - notification "Finished Recon on: ${domain} under ${finaldir} in: ${runtime}" good - [ "$SOFT_NOTIFICATION" = true ] && echo "Finished Recon on: ${domain} under ${finaldir} in: ${runtime}" | notify -silent + notification "Finished Recon on: ${domain} under ${finaldir} in: ${runtime}" good $(date +'%Y-%m-%dT%H:%M:%S%z') + [ "$SOFT_NOTIFICATION" = true ] && echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Finished Recon on: ${domain} under ${finaldir} in: ${runtime}" | notify -silent printf "${bgreen}#######################################################################${reset}\n" - #Seperator for more clear messges in telegram_Bot - echo "****** Stay safe 🦠 and secure 🔐 ******" | $NOTIFY + #Separator for more clear messges in telegram_Bot + notification echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] ****** Stay safe 🦠 and secure 🔐 ******" info } @@ -2944,7 +3028,7 @@ function passive() { SUB_RECURSIVE_BRUTE=false WEBPROBESIMPLE=false if [[ $AXIOM == true ]]; then - axiom_lauch + axiom_launch axiom_selected fi @@ -3009,12 +3093,6 @@ function multi_osint() { global_start=$(date +%s) - if [[ $NOTIFICATION == true ]]; then - NOTIFY="notify -silent" - else - NOTIFY="" - fi - #[[ -n "$domain" ]] && ipcidr_target $domain if [[ -s $list ]]; then @@ -3034,13 +3112,13 @@ function multi_osint() { echo "Failed to cd directory '$workdir' in ${FUNCNAME[0]} @ line ${LINENO}" exit 1 } - mkdir -p .tmp .called_fn osint subdomains webs hosts vulns + mkdir -p {.called_fn,.log} NOW=$(date +"%F") NOWT=$(date +"%T") LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" for domain in $targets; do dir=$workdir/targets/$domain @@ -3050,12 +3128,12 @@ function multi_osint() { echo "Failed to cd directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" exit 1 } - mkdir -p .tmp .called_fn osint subdomains webs hosts vulns + mkdir -p {.called_fn,.log} NOW=$(date +"%F") NOWT=$(date +"%T") LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" domain_info ip_info emails @@ -3089,7 +3167,7 @@ function recon() { favicon if [[ $AXIOM == true ]]; then - axiom_lauch + axiom_launch axiom_selected fi @@ -3126,12 +3204,6 @@ function multi_recon() { global_start=$(date +%s) - if [[ $NOTIFICATION == true ]]; then - NOTIFY="notify -silent" - else - NOTIFY="" - fi - #[[ -n "$domain" ]] && ipcidr_target $domain if [[ -s $list ]]; then @@ -3152,12 +3224,12 @@ function multi_recon() { exit 1 } - mkdir -p .tmp .log .called_fn osint subdomains webs hosts vulns + mkdir -p {.called_fn,.log} NOW=$(date +"%F") NOWT=$(date +"%T") LOGFILE="${workdir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" [ -n "$flist" ] && LISTTOTAL=$(cat "$flist" | wc -l) @@ -3169,13 +3241,13 @@ function multi_recon() { echo "Failed to cd directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" exit 1 } - mkdir -p .tmp .log .called_fn osint subdomains webs hosts vulns + mkdir -p {.called_fn,.log} NOW=$(date +"%F") NOWT=$(date +"%T") LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" touch .log/${NOW}_${NOWT}.txt - echo "Start ${NOW} ${NOWT}" >"${LOGFILE}" + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" loopstart=$(date +%s) domain_info @@ -3192,10 +3264,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished 1st loop in ${runtime} $currently ${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain finished 1st loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3205,7 +3277,7 @@ function multi_recon() { } if [[ $AXIOM == true ]]; then - axiom_lauch + axiom_launch axiom_selected fi @@ -3230,10 +3302,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished 2nd loop in ${runtime} $currently ${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain finished 2nd loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3286,10 +3358,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished 3rd loop in ${runtime} $currently ${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain finished 3rd loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3316,10 +3388,10 @@ function multi_recon() { loopend=$(date +%s) getElapsedTime $loopstart $loopend printf "${bgreen}#######################################################################${reset}\n" - printf "${bgreen} $domain finished final loop in ${runtime} $currently ${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain finished final loop in ${runtime} $currently ${reset}\n" if [[ -n $flist ]]; then POSINLIST=$(eval grep -nrE "^$domain$" "$flist" | cut -f1 -d':') - printf "\n${yellow} $domain is $POSINLIST of $LISTTOTAL${reset}\n" + printf "\n${yellow}[$(date +'%Y-%m-%dT%H:%M:%S%z')] $domain is $POSINLIST of $LISTTOTAL${reset}\n" fi printf "${bgreen}#######################################################################${reset}\n" done @@ -3332,11 +3404,76 @@ function multi_recon() { end } +function multi_custom() { + + global_start=$(date +%s) + + if [[ -s $list ]]; then + sed -i 's/\r$//' $list + targets=$(cat $list) + else + notification "Target list not provided" error + exit + fi + + dir=${SCRIPTPATH}/Recon/$multi + rm -rf $dir + mkdir -p $dir || { + echo "Failed to create directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" + exit 1 + } + cd "$dir" || { + echo "Failed to cd directory '$dir' in ${FUNCNAME[0]} @ line ${LINENO}" + exit 1 + } + + mkdir -p {.called_fn,.log} + called_fn_dir=$dir/.called_fn + NOW=$(date +"%F") + NOWT=$(date +"%T") + LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" + touch .log/${NOW}_${NOWT}.txt + echo "[$(date +'%Y-%m-%dT%H:%M:%S%z')] Start ${NOW} ${NOWT}" >"${LOGFILE}" + + [ -n "$flist" ] && entries=$(cat "$flist" | wc -l) + + if [[ $AXIOM == true ]]; then + axiom_launch + axiom_selected + fi + + custom_function_list=$(echo $custom_function|tr ',' '\n') + func_total=$(echo "$custom_function_list" | wc -l) + + func_count=0 + domain=$(cat $flist) + for custom_f in $custom_function_list; do + ((func_count=func_count+1)) + + loopstart=$(date +%s) + + $custom_f + + currently=$(date +"%H:%M:%S") + loopend=$(date +%s) + getElapsedTime $loopstart $loopend + printf "${bgreen}#######################################################################${reset}\n" + printf "${bgreen}[$(date +'%Y-%m-%dT%H:%M:%S%z')] Finished $custom_f ($func_count/$func_total) for $entries entries in ${runtime} $currently ${reset}\n" + printf "${bgreen}#######################################################################${reset}\n" + done + + if [[ $AXIOM == true ]]; then + axiom_shutdown + fi + + end +} + function subs_menu() { start if [[ $AXIOM == true ]]; then - axiom_lauch + axiom_launch axiom_selected fi @@ -3561,6 +3698,20 @@ while true; do esac done +# Initialize some variables +opt_deep="${opt_deep:=false}" +rate_limit="${rate_limit:=0}" +outOfScope_file="${outOfScope_file:=}" +inScope_file="${inScope_file:=}" +domain="${domain:=}" +multi="${multi:=}" +list="${list:=}" +opt_mode="${opt_mode:=}" +custom_function="${custom_function:=}" +AXIOM="${AXIOM:=false}" +AXIOM_POST_START="${AXIOM_POST_START:=}" +CUSTOM_CONFIG="${CUSTOM_CONFIG:=}" + # This is the first thing to do to read in alternate config SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 || exit @@ -3735,19 +3886,26 @@ case $opt_mode in fi ;; 'c') - export DIFF=true - dir="${SCRIPTPATH}/Recon/$domain" - cd $dir || { - echo "Failed to cd directory '$dir'" - exit 1 - } - LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" - called_fn_dir=$dir/.called_fn - $custom_function - cd ${SCRIPTPATH} || { - echo "Failed to cd directory '$dir'" - exit 1 - } + if [[ -n $multi ]]; then + if [[ $AXIOM == true ]]; then + mode="multi_custom" + fi + multi_custom + else + export DIFF=true + dir="${SCRIPTPATH}/Recon/$domain" + cd $dir || { + echo "Failed to cd directory '$dir'" + exit 1 + } + LOGFILE="${dir}/.log/${NOW}_${NOWT}.txt" + called_fn_dir=$dir/.called_fn + $custom_function + cd ${SCRIPTPATH} || { + echo "Failed to cd directory '$dir'" + exit 1 + } + fi exit ;; # No mode selected. EXIT! From a568e268f5bb4645ed4b3f42c4d25632994832ad Mon Sep 17 00:00:00 2001 From: six2dez Date: Sat, 2 Mar 2024 21:11:23 +0100 Subject: [PATCH 28/28] brutespray fix --- reconftw.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/reconftw.sh b/reconftw.sh index 82168e3a..8701018e 100755 --- a/reconftw.sh +++ b/reconftw.sh @@ -88,7 +88,7 @@ function tools_installed() { printf "${bred} [*] dorks_hunter [NO]${reset}\n" allinstalled=false } - [ -f "${tools}/brutespray/brutespray" ] || { + [ -f "${tools}/brutespray/brutespray/main" ] || { printf "${bred} [*] brutespray [NO]${reset}\n" allinstalled=false }