| skipped 25 lines |
26 | 26 | | _FINDOMAIN="$HOME/.cargo/bin/findomain" |
27 | 27 | | ######################## |
28 | 28 | | _BANNER="H4sIAAAAAAACA32STQ6CMBCF916BzVyAFmWnxouwIki0UQKBSQw36LYbD+hJJPxMZwradDFM33y8Tgcgyvan9FABfN6WNtAKv6UsypJqB8QYs27ZvJAl6GAOFpovktQpDQS3wgJBHI+cYIenP//BFZ5CsbwFF1CCbrXF97rAkugPBM1b4u2urHkQ0jhq8rhmwXY3iWdXr/fHG7AhcL5VzltgeTEh5G0kpcNUxpc7YtMdtcaXQSxbVdSVxqK5mrYs8BxzuRffDKpBpCaVfuR93emkffZzwRdOcXbG+AIAAA==" |
29 | | - | # 0) findomain subdomain enumeration |
30 | | - | # r) queries whois service for every resolvable sub found |
31 | | - | # l) greps out cloudflare results |
32 | | - | # y) runs rustscan on the remaining results |
33 | | - | # ?) generates HTML reports |
34 | | - | # -------------------------\ |
35 | | - | # ----- dependencies -------\ |
36 | | - | #----------------------------\ |
37 | | - | # - nmap |
38 | | - | # - xsltproc |
39 | | - | # - whois |
| 29 | + | _YLW="\e[93m" |
| 30 | + | _RST="\e[0m" |
| 31 | + | _RED="\e[1;31m" |
| 32 | + | _GRN="\e[1;32m" |
| 33 | + | # _ARGS="$@" |
| 34 | + | #------------------------------------ |
| 35 | + | # 0) findomain subdomain enumeration \ |
| 36 | + | # r) queries whois for resolved IPs \ |
| 37 | + | # l) greps out cloudflare results \ |
| 38 | + | # y) runs rustscan on remaining results \ |
| 39 | + | # ?) generates HTML reports______________\ |
| 40 | + | # -------------------------\*~*~*~*~*~*~*/ |
| 41 | + | # ----- dependencies -------\??- - - -??/ |
| 42 | + | #----------------------------\ ? - - ? / |
| 43 | + | # - nmap \ ? 0 ? / |
| 44 | + | # - xsltproc \ -r- / |
| 45 | + | # - whois \-l-/ |
| 46 | + | # - GNU Parallel \y/ |
40 | 47 | | # |
41 | 48 | | # - rustscan |
42 | 49 | | # -- https://crates.io/crates/rustscan (cargo install rustscan) # |
| skipped 3 lines |
46 | 53 | | # -- https://crates.io/crates/findomain (cargo install findomain) # |
47 | 54 | | # or: https://github.com/Findomain/Findomain/releases/tag/3.1.0 # |
48 | 55 | | #------------------------------------------------------------------- |
49 | | - | _YLW="\e[93m" |
50 | | - | _RST="\e[0m" |
51 | | - | _RED="\e[1;31m" |
52 | | - | _GRN="\e[1;32m" |
53 | | - | _ARGS="$@" |
54 | | - | ####### |
55 | | - | if [ -z $1 ]; then |
| 56 | + | if [ -z "$1" ]; then |
56 | 57 | | echo "yarly." |
57 | 58 | | exit 1 |
58 | 59 | | fi |
59 | | - | set +e |
60 | | - | echo $_BANNER | base64 -d | gzip -d |
| 60 | + | #------------------------ |
| 61 | + | echo "$_BANNER" | base64 -d | gzip -d |
61 | 62 | | echo -n -e "$_YLW"; figlet -f fig.smbraille "$1"; echo -n -e "$_RST"; |
62 | | - | echo -e "Creating directory: $_YLW$_RESULTS$_RST"... |
63 | | - | mkdir -p $_RESULTS |
64 | | - | if [ ! -f $_DNS ]; then |
65 | | - | echo -e "Saving a copy of your current nameservers to use as resolvers for $_YLWfindomain$_RST..." |
| 63 | + | #------------------------ |
| 64 | + | #-----\ |
| 65 | + | set +e #+==== Must Execute ===== |
| 66 | + | #-----/ |
| 67 | + | if [ ! -f "$_DNS" ]; then |
| 68 | + | echo -e "Saving a copy of your current nameservers to use as resolvers for $_YLW findomain $_RST..." |
66 | 69 | | grep -v search /etc/resolv.conf | grep -v ":" | awk '{print $2}' | tee "$_DNS" |
67 | 70 | | else |
68 | 71 | | _SIZE=$(wc -c "$_DNS" | awk '{print $1}') |
69 | | - | if [ $_SIZE -eq 0 ]; then |
| 72 | + | if [ "$_SIZE" -eq 0 ]; then |
70 | 73 | | echo -e "$_YLW $_DNS $_RST is $_RED empty $_RST..." |
71 | | - | echo $_RSLV | tee "$_DNS" |
| 74 | + | echo "$_RSLV" | tee "$_DNS" |
72 | 75 | | fi |
73 | | - | echo -e "Using the nameservers from $_YLW$_ORLYDIR/resolvers.txt$_RST..." |
| 76 | + | echo -e "Using the nameservers from $_YLW $_0RLYDIR/resolvers.txt $_RST..." |
74 | 77 | | fi |
75 | | - | echo -e "running $_YLWfindomain$_RST..." |
76 | | - | $_FINDOMAIN -q -i --resolvers "$_DNS" --target "$1" -u "$_RESULTS/findomain.txt"; |
77 | | - | awk -F ',' '{print $NF}' "$_RESULTS/findomain.txt" | sort -u > "$_RESULTS/findomain.unique.ips.txt"; |
| 78 | + | #------------------------ |
| 79 | + | echo -e "Creating directory structure under: $_YLW $_RESULTS $_RST ..." |
| 80 | + | _TMP="$_RESULTS/tmp/" |
| 81 | + | _XML="$_RESULTS/XML/" |
| 82 | + | _HTML="$_RESULTS/HTML/" |
| 83 | + | echo -e "$_TMP\n$_XML\n$_HTML" | while read -r line; do |
| 84 | + | mkdir -p "$line"; |
| 85 | + | done |
| 86 | + | #------------------------ |
| 87 | + | _FIFO="$_RESULTS/findomain.fifo" |
| 88 | + | _DONE="$_RESULTS/tmp/done"; touch "$_DONE" |
| 89 | + | rm -f "$_FIFO"; mkfifo -m 0600 "$_FIFO"; |
| 90 | + | #-----\ |
| 91 | + | set -e #-======================= |
| 92 | + | #-----/ |
78 | 93 | | |
79 | | - | _ucount=$(wc -l $_RESULTS/findomain.unique.ips.txt) |
80 | | - | echo -e "$_RST Found $_YLW $_ucount $_RST unique resolvable subdomains." |
81 | | - | echo -e "analyzing whois information and checking for $_RED cloudflare $_RST...." |
82 | | - | |
| 94 | + | #------------------------------- |
83 | 95 | | _cfips=0 |
84 | 96 | | _realips=0 |
85 | | - | |
86 | | - | while read line; do |
87 | | - | if echo "$line" | grep -E '^(192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)'; then |
88 | | - | echo -e "private address $_YLW skipped $_RST: $line" |
89 | | - | continue |
| 97 | + | ######## |
| 98 | + | _PROCESS() { |
| 99 | + | _ADDR="$1" |
| 100 | + | if grep -x -i -q "$_ADDR" "$_DONE"; then |
| 101 | + | echo -e "duplicate address $_YLW skipped $_RST: $_ADDR" |
| 102 | + | return |
90 | 103 | | fi |
91 | | - | whois "$line" > $_RESULTS/$line.whois.txt |
92 | | - | |
93 | | - | if grep -i -q cloudflare "$_RESULTS/$line.whois.txt"; then |
94 | | - | echo "$line" >> $_RESULTS/cloudflare.ips.txt; |
| 104 | + | if echo "$_ADDR" | grep -E '^(192\.168|10\.|172\.1[6789]\.|172\.2[0-9]\.|172\.3[01]\.)'; then |
| 105 | + | echo -e "private address $_YLW skipped $_RST: $_ADDR" |
| 106 | + | return |
| 107 | + | fi |
| 108 | + | echo "$_ADDR" >> "$_DONE" |
| 109 | + | echo -e "analyzing whois of $_YLW $_ADDR cloudflare $_RST...." |
| 110 | + | _WHOIS="$_RESULTS/$_ADDR.whois.txt" |
| 111 | + | whois "$_ADDR" >> "$_WHOIS" |
| 112 | + | if grep -i -q "cloudflare" "$_RESULTS/$_ADDR.whois.txt"; then |
| 113 | + | echo "$_ADDR" >> "$_RESULTS/cloudflare.ips.txt"; |
95 | 114 | | ((_cfips=_cfips+1)) |
96 | | - | else |
97 | | - | echo "$line" >> $_RESULTS/noncloudflare.ips.txt; |
98 | | - | echo -e "no cloudflare here $_GRN$line$_RST :^)" |
99 | | - | ((_realips=_realips+1)) |
| 115 | + | return |
100 | 116 | | fi |
101 | | - | done < $_RESULTS/findomain.unique.ips.txt |
| 117 | + | _realips=$_realips+1 |
| 118 | + | echo "$_ADDR" >> "$_RESULTS/noncloudflare.ips.txt"; |
| 119 | + | threadScan() { |
| 120 | + | _htmlReport() { |
| 121 | + | find "$_XML" -iname "$1*.xml" -print | while read -r line; do \ |
| 122 | + | xsltproc "$1" -o "$_HTML/$1.html"; |
| 123 | + | done |
| 124 | + | } |
| 125 | + | echo -e "Scanning$_YLW $1...$_RST"; |
| 126 | + | "$_RUSTSCAN" -a "$1" -- "-Pn -A -T Aggressive -oX $_RESULTS/XML/$1.xml" >/dev/null; |
| 127 | + | echo "$_GRN done scanning $_YLW $1 $_RST. Generating HTML report..."; |
| 128 | + | _htmlReport "$1"; |
| 129 | + | } |
| 130 | + | export -f scan |
| 131 | + | echo -e "no cloudflare here $_GRN $_ADDR $_RST :^)" |
| 132 | + | SHELL=$(type -p bash) sem -j10 threadSscan |
| 133 | + | } |
| 134 | + | tail -f "$_FIFO" | while read -r line; do _PROCESS "$line" & done |
| 135 | + | $_FINDOMAIN -q -i --resolvers "$_DNS" --target "$1" -u "$_FIFO" |
102 | 136 | | |
103 | 137 | | if [ $_realips -eq 0 ]; then |
104 | | - | echo -e "$_REDno non-cloudflare ips found, gg$_RST" |
| 138 | + | echo -e "$_RED no non-cloudflare ips found, gg $_RST" |
105 | 139 | | exit 2 |
106 | 140 | | fi |
107 | 141 | | |
108 | | - | mkdir -p $_RESULTS/XML |
109 | | - | mkdir -p $_RESULTS/HTML |
110 | | - | |
111 | | - | while read line; do |
112 | | - | echo "Scanning $line..." |
113 | | - | $_RUSTSCAN -a "$line" -- -Pn -A -T Aggressive -oX "$_RESULTS/XML/$line.xml" >/dev/null |
114 | | - | echo "done scanning $line" |
115 | | - | done < $_RESULTS/noncloudflare.ips.txt |
116 | | - | |
117 | | - | echo "Generating HTML reports..." |
118 | | - | |
119 | | - | _SCAN2HTML() { |
120 | | - | _short=$(echo "$1" | awk -F '/' '{print $NF}') |
121 | | - | xsltproc $1 -o $_RESULTS/$_short.html |
122 | | - | } |
123 | | - | |
124 | | - | find "$_RESULTS" -iname "*.xml" -print | while read line; do |
125 | | - | _SCAN2HTML "$line"; |
126 | | - | done |
127 | | - | mv $_RESULTS/*.html $_RESULTS/HTML/ |
128 | | - | echo -e $_GRN |
| 142 | + | echo -e "$_GRN" |
129 | 143 | | toilet -f fig.smkeyboard "done." ; |
130 | | - | echo -e $_RST |
| 144 | + | echo -e "$_RST" |
| 145 | + | rm -rf "$_TMP" |
131 | 146 | | exit 0 |
132 | 147 | | |