Skip to content

Instantly share code, notes, and snippets.

@GenRockeR

GenRockeR/noobrecon.sh

Forked from KathanP19/noobrecon.sh
Created June 8, 2020 07:41
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save GenRockeR/6fe78ee928e507f23ece5ef9eb397bd0 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save GenRockeR/6fe78ee928e507f23ece5ef9eb397bd0 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @noobh4x noobh4x created this gist Oct 11, 2019.
    88 changes: 88 additions & 0 deletions noobrecon.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,88 @@
    #!/bin/bash

    ####################################
    # Config
    ##################

    HTTPROBE_CONCURRENCY=100
    HTTPROBE_TIMEOUT=3000

    DIRSEARCH_THREADS=50
    DIRSEARCH_EXTENSIONS=\*

    ATTENTION_PATTERN='(api|dev|stag|stg|test|tst|corp|int|inter|infra|priv|demo|promo|config|docker|s3|vip|jira|jenkins|splunk|archive|backup|secure|dash|vip|vpn|auth)'

    ##################
    # End Config
    ####################################

    cd `pwd`
    TARGET=$1
    OUTPATH=recon-$(date +%F)

    mkdir -p $OUTPATH
    cd $OUTPATH

    echo
    echo "/==========================================="
    echo "|"
    echo "| Recon started on $TARGET"
    echo "| Saving results in ./$OUTPATH"
    echo "|"
    echo "\==========================================="
    echo

    echo "Starting asset discovery"

    echo " Running assetfinder"
    assetfinder --subs-only $TARGET >> assetfinder.tmp
    echo " - Found: $(cat assetfinder.tmp | wc -l)"

    echo " Running knockpy"
    knockpy $TARGET --json 1>/dev/null 2>knockpy.tmp
    KNOCKPY_REPORT=$(cat knockpy.tmp | grep : | awk -F': ' '{print $2}')
    cat $KNOCKPY_REPORT | jq '.found.subdomain[]' | sed 's/"//g' >> knockpy.tmp
    echo " - Found: $(cat knockpy.tmp | wc -l)"
    mkdir -p reports/knockpy
    mv $KNOCKPY_REPORT reports/knockpy

    echo " Checking certspotter"
    certspotter $TARGET >> certspotter.tmp
    echo " - Found: $(cat certspotter.tmp | wc -l)"

    echo " Sorting and removing duplicate assets"
    cat assetfinder.tmp knockpy.tmp certspotter.tmp | sort -u | grep "$TARGET$" > all.txt
    echo " - Discovered $(cat all.txt | wc -l) unique assets"

    echo " Running massdns"
    massdns -q -r ~/tools/massdns/lists/resolvers.txt -t A -o S -w reports/massdns.out all.txt

    echo " Running httprobe"
    cat all.txt | httprobe -c $HTTPROBE_CONCURRENCY -t $HTTPROBE_TIMEOUT >> alive.txt
    echo " - $(cat alive.txt | wc -l) assets are responding"

    echo " Looking for interesting assets"
    cat all.txt | sed "s/.$TARGET$//" | grep -E $ATTENTION_PATTERN | sed "s/$/.$TARGET/" > attention-all.txt
    cat alive.txt | sed "s/.$TARGET$//" | grep -E $ATTENTION_PATTERN | sed "s/$/.$TARGET/" > attention-alive.txt
    echo " - Found $(cat attention-all.txt | wc -l) interesting assets, of which $(cat attention-alive.txt | wc -l) are responding"

    echo " Asset discovery complete"

    echo
    echo "Starting content gathering"
    echo " Running dirsearch"
    mkdir -p reports/dirsearch
    for host in `cat alive.txt`; do
    DIRSEARCH_FILE=$(echo $host | sed -E 's/[\.|\/|:]+/_/g').txt
    dirsearch -e $DIRSEARCH_EXTENSIONS -r -b -u -t $DIRSEARCH_THREADS --plain-text reports/dirsearch/$DIRSEARCH_FILE -u $host
    done

    echo " Running webscreenshot"
    webscreenshot -i alive.txt -r chromium -o reports/screenshots
    echo " - Total $(ls -l reports/screenshots/*.txt | wc -l) screenshots stored in $OUTPATH/reports/screenshots"

    echo "Cleaning up temporary files"
    rm -f *.tmp

    echo
    echo "All done. Happy hunting!"