1 | | - | #!/usr/bin/env bash |
2 | | - | _BNR="ICAbWzE7MzJtICDilojilojilojiloggICAgICAgICAg4paI4paIICAgICAgICAgICDilojilojilojiloggG1swbQogIBtbMTszMm0g4paI4paR4paR4paR4paI4paIICAgICAgICDilpHilojiloggIOKWiOKWiCAgIOKWiOKWiCDilojilojilpHilpHilojilogbWzBtCiAgG1sxOzMybeKWkeKWiCAg4paI4paR4paIIOKWiOKWiOKWiOKWiOKWiOKWiCDilpHilojilogg4paR4paR4paI4paIIOKWiOKWiCDilpHilojilogg4paR4paI4paIG1swbQogIBtbMTszMm3ilpHilogg4paIIOKWkeKWiOKWkeKWkeKWiOKWiOKWkeKWkeKWiCDilpHilojiloggIOKWkeKWkeKWiOKWiOKWiCAg4paR4paRICDilojiloggG1swbQogIBtbMTszMm3ilpHilojiloggIOKWkeKWiCDilpHilojilogg4paRICDilpHilojiloggICDilpHilojiloggICAgICDilojiloggIBtbMG0KICAbWzE7MzJt4paR4paIICAg4paR4paIIOKWkeKWiOKWiCAgICDilpHilojiloggICDilojiloggICAgICDilpHilpEgICAbWzBtCiAgG1sxOzMybeKWkSDilojilojilojilogg4paR4paI4paI4paIICAgIOKWiOKWiOKWiCAg4paI4paIICAgICAgICDilojiloggIBtbMG0KICAbWzE7MzJtIOKWkeKWkeKWkeKWkSAg4paR4paR4paRICAgIOKWkeKWkeKWkSAg4paR4paRICAgICAgICDilpHilpEgICAbWzBtChtbMTszM20gIC0+aHR0cHM6Ly90d2l0dGVyLmNvbS90Y3BkaXJlY3Q8LRtbMG0KG1sxOzMzbS0+aHR0cHM6Ly9naXQudGNwLmRpcmVjdC9rYXlvcy8wcmx5PC0bWzBtCg==" |
3 | | - | ############################ |
4 | | - | # -------> kayos <-------- # |
5 | | - | # git.tcp.direct/kayos # |
6 | | - | # twitter.com/yunginnanet # |
7 | | - | # github.com/yunginnanet # |
8 | | - | ############################ |
9 | | - | |
10 | | - | # ________ |
11 | | - | #/ \ |
12 | | - | #| 0rly? | |
13 | | - | #\__ __'\ |
14 | | - | # |/ \\ |
15 | | - | # \ \\ . |
16 | | - | # |\\/| |
17 | | - | # / " '\ |
18 | | - | # . . . |
19 | | - | # / ) | |
20 | | - | # ' _.' | |
21 | | - | # '-'/ \ |
22 | | - | |
23 | | - | # usage: ./0rly.sh website.com |
24 | | - | |
25 | | - | # uses findomain, runs whois on all the resolvable subs found |
26 | | - | # sorts out cloudflare IPs, run rustscan on all non-cloudflare IPs |
27 | | - | # generate HTML reports |
28 | | - | |
29 | | - | ###### known dependencies ###### |
30 | | - | |
31 | | - | #### most package managers: |
32 | | - | # - nmap |
33 | | - | # - xsltproc |
34 | | - | # - whois |
35 | | - | |
36 | | - | #### fancy shit: |
37 | | - | # - rustscan |
38 | | - | # --- with rust: https://crates.io/crates/rustscan (cargo install rustscan) |
39 | | - | # --- without: https://github.com/RustScan/RustScan/releases/tag/2.0.1 |
40 | | - | # - findomain |
41 | | - | # --- with rust: https://crates.io/crates/findomain (cargo install findomain) |
42 | | - | # --- without: https://github.com/Findomain/Findomain/releases/tag/3.1.0 |
43 | | - | |
44 | | - | ############################################################################### |
45 | | - | ####################### https://github.com/tlatsas/bash-spinner |
46 | | - | function _spinner() { |
47 | | - | local on_success="DONE" |
48 | | - | local on_fail="FAIL" |
49 | | - | local white="\e[1;37m" |
50 | | - | local green="\e[1;32m" |
51 | | - | local red="\e[1;31m" |
52 | | - | local nc="\e[0m" |
53 | | - | |
54 | | - | case $1 in |
55 | | - | start) |
56 | | - | # calculate the column where spinner and status msg will be displayed |
57 | | - | let column=$(tput cols)-${#2}-8 |
58 | | - | # display message and position the cursor in $column column |
59 | | - | echo -ne ${2} |
60 | | - | printf "%${column}s" |
61 | | - | # start spinner |
62 | | - | i=1 |
63 | | - | sp='0rly?' |
64 | | - | delay=${SPINNER_DELAY:-0.10} |
65 | | - | |
66 | | - | while : |
67 | | - | do |
68 | | - | printf "\b${sp:i++%${#sp}:1}" |
69 | | - | sleep $delay |
70 | | - | done |
71 | | - | ;; |
72 | | - | stop) |
73 | | - | if [[ -z ${3} ]]; then |
74 | | - | echo "spinner is not running.." |
75 | | - | exit 1 |
76 | | - | fi |
77 | | - | |
78 | | - | kill $3 > /dev/null 2>&1 |
79 | | - | |
80 | | - | # inform the user uppon success or failure |
81 | | - | echo -en "\b[" |
82 | | - | if [[ $2 -eq 0 ]]; then |
83 | | - | echo -en "${green}${on_success}${nc}" |
84 | | - | else |
85 | | - | echo -en "${red}${on_fail}${nc}" |
86 | | - | fi |
87 | | - | echo -en "]" |
88 | | - | ;; |
89 | | - | *) |
90 | | - | echo "invalid argument, try {start/stop}" |
91 | | - | exit 1 |
92 | | - | ;; |
93 | | - | esac |
94 | | - | } |
95 | | - | function start_spinner { |
96 | | - | # $1 : msg to display |
97 | | - | _spinner "start" "${1}" & |
98 | | - | # set global spinner pid |
99 | | - | _sp_pid=$! |
100 | | - | disown |
101 | | - | } |
102 | | - | function stop_spinner { |
103 | | - | # $1 : command exit status |
104 | | - | _spinner "stop" $1 $_sp_pid |
105 | | - | unset _sp_pid |
106 | | - | } |
107 | | - | ################################################ |
108 | | - | function _html { |
109 | | - | xsltproc $1 -o "$RESULTS/HTML/$1.html" |
110 | | - | } |
111 | | - | ####### |
112 | | - | |
113 | | - | function _interactive { |
114 | | - | if [ -z "$1" ]; then |
115 | | - | echo -n "Target Domain: "; |
116 | | - | read _target; |
117 | | - | else |
118 | | - | _target=$1; |
119 | | - | fi |
120 | | - | |
121 | | - | if echo $_target | grep -v -q '\.'; then |
122 | | - | echo "that's not a domain....." |
123 | | - | echo "do better." |
124 | | - | exit 2 |
125 | | - | fi |
126 | | - | } |
127 | | - | |
128 | | - | |
129 | | - | |
130 | | - | clear |
131 | | - | |
132 | | - | echo $_BNR | base64 -d |
133 | | - | echo -e "\e[0m" |
134 | | - | |
135 | | - | _interactive |
136 | | - | |
137 | | - | set -e |
138 | | - | RESULTS="$HOME/0rly/$_target" |
139 | | - | echo -e "Creating directory: \e[93m$RESULTS\e[0m" |
140 | | - | mkdir -p $RESULTS |
141 | | - | echo "" |
142 | | - | if [ ! -f $HOME/0rly/resolvers.txt ]; then |
143 | | - | echo -e "\e[31m$HOME/0rly/resolvers.txt not found!\e[0m" |
144 | | - | echo -e -n "would you like to use your system's resolvers? " |
145 | | - | read -r -p " [y/N] " response |
146 | | - | case "$response" in |
147 | | - | [yY][eE][sS]|[yY]) |
148 | | - | ;; |
149 | | - | *) |
150 | | - | echo "re-run after you populate resolvers.txt, exiting" |
151 | | - | exit |
152 | | - | ;; |
153 | | - | esac |
154 | | - | |
155 | | - | echo "using nameservers:" |
156 | | - | cat /etc/resolv.conf | grep 'nameserver' | grep '\.' | sed 's/nameserver //g' | tee $HOME/0rly/resolvers.txt |
157 | | - | fi |
158 | | - | start_spinner "running findomain..." |
159 | | - | findomain -q -i --resolvers "$HOME/0rly/resolvers.txt" --target "$_target" -u "$RESULTS/findomain.txt">/dev/null; |
160 | | - | awk -F ',' '{print $NF}' "$RESULTS/findomain.txt" | sort -u > "$RESULTS/findomain.unique.ips.txt"; stop_spinner $? |
161 | | - | |
162 | | - | |
163 | | - | echo -n "Found " |
164 | | - | cat $RESULTS/findomain.unique.ips.txt | wc -l; |
165 | | - | echo "unique domains:" |
166 | | - | |
167 | | - | |
168 | | - | |
169 | | - | start_spinner "" |
170 | | - | _cfips=0 |
171 | | - | _realips=0 |
172 | | - | _cfpref="cloudflare: " |
173 | | - | _stdpref="other: " |
174 | | - | while read line; do |
175 | | - | echo $line |
176 | | - | tput cup 20 $l |
177 | | - | echo -n -e "\e[39m$_cfpref \e[2m$_cfips\e[0m"; |
178 | | - | tput cup 21 $l |
179 | | - | echo -n -e "\e[32m$_stdpref \e[95m$_realips\e[0m"; |
180 | | - | |
181 | | - | echo "" |
182 | | - | |
183 | | - | whois "$line" > $RESULTS/$line.whois.txt |
184 | | - | if cat "$RESULTS/$line.whois.txt" | grep -i -q cloudflare; then |
185 | | - | echo "$line" >> $RESULTS/cloudflare.ips.txt; |
186 | | - | ((_cfips=_cfips+1)) |
187 | | - | else |
188 | | - | echo "$line" >> $RESULTS/noncloudflare.ips.txt; |
189 | | - | ((_realips=_realips+1)) |
190 | | - | fi |
191 | | - | done < $RESULTS/findomain.unique.ips.txt |
192 | | - | |
193 | | - | stop_spinner $? |
194 | | - | |
195 | | - | echo "" |
196 | | - | |
197 | | - | if [ $_realips -eq 0 ]; then |
198 | | - | echo "no non-cloudflare ip's found, gg" |
199 | | - | exit |
200 | | - | fi |
201 | | - | |
202 | | - | echo -n "port scan all non-cloudflare IPs?" |
203 | | - | read -r -p " [y/N] " response |
204 | | - | case "$response" in |
205 | | - | [yY][eE][sS]|[yY]) |
206 | | - | ;; |
207 | | - | *) |
208 | | - | echo "Well then, I suppose we're done!" |
209 | | - | echo "Here's what we've got:" |
210 | | - | ls $RESULTS; |
211 | | - | exit |
212 | | - | ;; |
213 | | - | esac |
214 | | - | |
215 | | - | mkdir -p $RESULTS/XML |
216 | | - | mkdir -p $RESULTS/HTML |
217 | | - | |
218 | | - | set +e |
219 | | - | |
220 | | - | sudo echo "" |
221 | | - | |
222 | | - | while read line; do |
223 | | - | start_spinner "Scanning $line...\n" |
224 | | - | sudo $HOME/.cargo/bin/rustscan --ulimit 10000 -a $line -- -Pn -A -T Aggressive -oX "$RESULTS/XML/$line.xml" >/dev/null |
225 | | - | stop_spinner $? |
226 | | - | echo "" |
227 | | - | done < $RESULTS/noncloudflare.ips.txt |
228 | | - | |
229 | | - | start_spinner "Generating HTML reports...\n" |
230 | | - | |
231 | | - | cd $RESULTS |
232 | | - | find . -iname "*.xml" -print -exec _html {} \; |
233 | | - | stop_spinnder $? |
234 | | - | |
235 | | - | echo "fin. results in $HOME/0rly" |
236 | | - | |
237 | | - | |
238 | | - | |
239 | | - | |
240 | | - | |