Advertisement
opexxx

Recon.sh

Aug 1st, 2024 (edited)
18
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.63 KB | None | 0 0
  1. securitycipher.com
  2. #!/bin/bash
  3. if [ $# -ne 1 ]; then echo "Usage: $0 ‹domain>" exit 1
  4. fi
  5. DOMAIN=$1
  6. # Create a directory to store results mkdir -p recon_results cd recon_results
  7. # Step 1: Domain and Subdomain Enumeration echo "[*] Starting subdomain enumeration for $DOMAIN" amass enum -passive -d $DOMAIN -o amass_passive.txt sublist3r -d $DOMAIN -o sublist3r.txt subfinder -d $DOMAIN -o subfinder.txt cat amass_passive.txt sublist3r.txt subfinder.txt | sort -u › all_subdomains.txt echo "[*] Subdomain enumeration completed. Results saved to all_subdomains.txt"
  8. # Step 2: WHOIS Information Gathering echo "[*] Gathering WHOIS information for $DOMAIN" whois $DOMAIN › whois_info. txt echo "[*] WHOIS information saved to whois_info.txt"
  9. # Step 3: Checking for Live Subdomains echo "[*] Checking for live subdomains using httpx" httpx -1 all_subdomains.txt -o live_subdomains.txt echo "[*] Live subdomains check completed. Results saved to live_subdomains.txt"
  10. # Step 4: Port Scanning echo "[*] Starting port scanning" while IFS= read -r subdomain; do
  11. echo "[*] Scanning $subdomain with Masscan" masscan -p1-65535 subdomain --rate=1000 -oG masscan_output_$subdomain.txt echo "[*] Scanning $subdomain with Naabu" naabu -host $subdomain -o naabu_output_$subdomain.txt
  12. done ‹ live_subdomains. txt echo "[*] Port scanning completed. Results saved to masscan_output_*.txt and naabu_output_*.txt"
  13. # Step 5: Service Enumeration echo "[*] Starting service enumeration" while IFS= read -r subdomain; do
  14. echo "[*] Enumerating services on $subdomain" whatweb $subdomain -o whatweb_$subdomain.txt wappalyzer subdomain -o wappalyzer_$subdomain. json
  15. done ‹ live_subdomains.txt echo "[*] Service enumeration completed. Results saved to whatweb_*. txt and wappalyzer_* json"
  16. # Step 6: Vulnerability Scanning echo "[*] Starting vulnerability scanning" while IFS= read -r subdomain; do
  17. echo "[*] Scanning $subdomain with Nikto" nikto -h $subdomain -o nikto_$subdomain.txt echo "[*] Scanning $subdomain with OWASP ZAP" zap-baseline.py -t http://$subdomain -r zap_report_$subdomain.html echo "[*] Scanning $subdomain with Nuclei" nuclei -u http: //$subdomain -o nuclei_$subdomain.txt
  18. done ‹ live subdomains.txt echo "[*] Vulnerability scanning completed. Results saved to nikto_*.txt, zap_report_*.html, and nuclei_*.txt"
  19. # Step 7: Taking Screenshots of Live Domains echo "[*] Taking screenshots of live domains" eyewitness --web -f live_subdomains.txt --no-prompt --results eyewitness_results echo "[*] Screenshots taken and saved in the eyewitness_results directory"
  20. echo "[*] Recon workflow completed. All results are saved in the recon_results directory."
  21.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement