| 1 | + | #!/usr/bin/env bash |
| 2 | + | #-------------------\ |
| 3 | + | # - - - | 0 | - - - -\ |
| 4 | + | # - - | r | - - OO |
| 5 | + | # . | l | . ||----------------> 0rly? <--------------. |
| 6 | + | # ? | y | ? || * git.tcp.direct/kayos `` |
| 7 | + | # .------------. || * github.com/yunginnanet `` |
| 8 | + | # / 0rly? \ ||-----------------------------------------.`` |
| 9 | + | # |? ? ? ? ? ? ? | ?|| |
| 10 | + | # \__ __'\______/ || 👻 SPOOKY BASE64 IN MY COMPUTER? 👻 |
| 11 | + | # |/ \\ || 👻 ITS MORE LIKELY THAN YOU THINK! 👻 |
| 12 | + | # \ \\ . ? || |
| 13 | + | # |\\/| ||-----------------------------------------------.~ |
| 14 | + | # ? / " '\ || if the base64 blobs in this script spook you, .` |
| 15 | + | # . . . || i encourage you to double check their contents ~` |
| 16 | + | # / ) | || they are implemented for maximum portability .` |
| 17 | + | # ? ' _.' | ||-----------------------------------------------.~` |
| 18 | + | # '-'/ \ || |
| 19 | + | #--------------------|| |
| 20 | + | ### Script dirs ####### |
| 21 | + | _DATE=$(date +%b-%d-%Y) |
| 22 | + | _0RLYDIR="$HOME/0rly" |
| 23 | + | _RESULTS="$_0RLYDIR/$_DATE/$1" |
| 24 | + | _DNS="$_0RLYDIR/resolvers.txt" |
| 25 | + | ######################## |
| 26 | + | _BANNER="H4sIAAAAAAACA32STQ6CMBCF916BzVyAFmWnxouwIki0UQKBSQw36LYbD+hJJPxMZwradDFM33y8Tgcgyvan9FABfN6WNtAKv6UsypJqB8QYs27ZvJAl6GAOFpovktQpDQS3wgJBHI+cYIenP//BFZ5CsbwFF1CCbrXF97rAkugPBM1b4u2urHkQ0jhq8rhmwXY3iWdXr/fHG7AhcL5VzltgeTEh5G0kpcNUxpc7YtMdtcaXQSxbVdSVxqK5mrYs8BxzuRffDKpBpCaVfuR93emkffZzwRdOcXbG+AIAAA==" |
| 27 | + | # 0) findomain subdomain enumeration |
| 28 | + | # r) queries whois service for every resolvable sub found |
| 29 | + | # l) greps out cloudflare results |
| 30 | + | # y) runs rustscan on the remaining results |
| 31 | + | # ?) generates HTML reports |
| 32 | + | # -------------------------\ |
| 33 | + | # ----- dependencies -------\ |
| 34 | + | #----------------------------\ |
| 35 | + | # - nmap |
| 36 | + | # - xsltproc |
| 37 | + | # - whois |
| 38 | + | # |
| 39 | + | # - rustscan |
| 40 | + | # -- https://crates.io/crates/rustscan (cargo install rustscan) # |
| 41 | + | # or: https://github.com/RustScan/RustScan/releases/tag/2.0.1 # |
| 42 | + | # # |
| 43 | + | # - findomain # |
| 44 | + | # -- https://crates.io/crates/findomain (cargo install findomain) # |
| 45 | + | # or: https://github.com/Findomain/Findomain/releases/tag/3.1.0 # |
| 46 | + | #------------------------------------------------------------------- |
| 47 | + | _YLW="\e[93m" |
| 48 | + | _RST="\e[0m" |
| 49 | + | _RED="\e[1;31m" |
| 50 | + | _GRN="\e[1;32m" |
| 51 | + | _ARGS="$@" |
| 52 | + | ####### |
| 53 | + | if [ -z $1 ]; then |
| 54 | + | echo "yarly." |
| 55 | + | exit 1 |
| 56 | + | fi |
| 57 | + | set +e |
| 58 | + | echo $_BANNER | base64 -d | gzip -d |
| 59 | + | toilet -f fig.smbraille "$1" | colorize yellow |
| 60 | + | echo -e "Creating directory: $_YLW$_RESULTS$_RST"... |
| 61 | + | mkdir -p $_RESULTS |
| 62 | + | if [ ! -f $_DNS ]; then |
| 63 | + | echo -e "Saving a copy of your current nameservers to use as resolvers for $_YLWfindomain$_RST..." |
| 64 | + | grep -v search /etc/resolv.conf | grep -v ":" | awk '{print $2}' | tee "$_DNS" |
| 65 | + | else |
| 66 | + | _SIZE=$(wc -c "$_DNS" | awk '{print $1}') |
| 67 | + | if [ $_SIZE -eq 0 ]; then |
| 68 | + | echo -e "$_YLW $_DNS $_RST is $_RED empty $_RST..." |
| 69 | + | echo $_RSLV | tee "$_DNS" |
| 70 | + | fi |
| 71 | + | echo -e "Using the nameservers from $_YLW$_ORLYDIR/resolvers.txt$_RST..." |
| 72 | + | fi |
| 73 | + | echo -e "running $_YLWfindomain$_RST..." |
| 74 | + | findomain -q -i --resolvers "$_DNS" --target "$1" -u "$_RESULTS/findomain.txt"; |
| 75 | + | awk -F ',' '{print $NF}' "$_RESULTS/findomain.txt" | sort -u > "$_RESULTS/findomain.unique.ips.txt"; |
| 76 | + | |
| 77 | + | _ucount=$(wc -l $_RESULTS/findomain.unique.ips.txt) |
| 78 | + | echo -e "$_RSTFound $_YLW$_ucount$_RST unique resolvable subdomains." |
| 79 | + | echo -e "analyzing whois information and checking for $_REDcloudflare$_RST...." |
| 80 | + | |
| 81 | + | _cfips=0 |
| 82 | + | _realips=0 |
| 83 | + | |
| 84 | + | while read line; do |
| 85 | + | whois "$line" > $_RESULTS/$line.whois.txt |
| 86 | + | |
| 87 | + | if grep -i -q cloudflare "$_RESULTS/$line.whois.txt"; then |
| 88 | + | echo "$line" >> $_RESULTS/cloudflare.ips.txt; |
| 89 | + | ((_cfips=_cfips+1)) |
| 90 | + | else |
| 91 | + | echo "$line" >> $_RESULTS/noncloudflare.ips.txt; |
| 92 | + | echo -e "no cloudflare here $_GRN$line$_RST :^)" |
| 93 | + | ((_realips=_realips+1)) |
| 94 | + | fi |
| 95 | + | done < $_RESULTS/findomain.unique.ips.txt |
| 96 | + | |
| 97 | + | if [ $_realips -eq 0 ]; then |
| 98 | + | echo -e "$_REDno non-cloudflare ips found, gg$_RST" |
| 99 | + | exit |
| 100 | + | fi |
| 101 | + | |
| 102 | + | mkdir -p $_RESULTS/XML |
| 103 | + | mkdir -p $_RESULTS/HTML |
| 104 | + | |
| 105 | + | while read line; do |
| 106 | + | echo "Scanning $line..." |
| 107 | + | $HOME/.cargo/bin/rustscan -a $line -- -Pn -A -T Aggressive -oX "$_RESULTS/XML/$line.xml" >/dev/null |
| 108 | + | echo "done scanning $line" |
| 109 | + | done < $_RESULTS/noncloudflare.ips.txt |
| 110 | + | |
| 111 | + | echo "Generating HTML reports..." |
| 112 | + | |
| 113 | + | cd $_RESULTS |
| 114 | + | #find $_RESULTS -type f -iname "*.xml" -print | while read line; do _html "$line"; done |
| 115 | + | fdfind --glob "*.xml" --exec scan2html {} |
| 116 | + | mv *.html $_RESULTS/HTML/ |
| 117 | + | #scp -r $_RESULTS 0rly:/var/www/tcp.direct/0rly; |
| 118 | + | toilet -f fig.smkeyboard "done." | colorize green |
| 119 | + | #echo "results: -----> https://tcp.direct/0rly/$1 <-----" | colorize magenta |
| 120 | + | |