Automation Script
#!/bin/bash
figlet -f slant -c "Start Hacking" | lolcat && figlet -f digital -c "Hack to Learn" | lolcat && figlet -f mini -c "Sub Fear" | lolcat
# Step 1: Accept the domain name from the user
figlet -f small -c "Enter Domain" | lolcat
echo -e "\033[1;34mEnter the domain name:\033[0m"
read domain
# Step 2: Prepare directories
figlet -f small -c "Setting Up Output Dir" | lolcat
rm -r "subdomains_output"
output_dir="subdomains_output"
mkdir -p "$output_dir"
# Step 3: Start Passive Enum
figlet -f small -c "Passive: Subfinder" | lolcat && subfinder -d $domain -all -recursive -t 200 -o subfinder.txt
figlet -f small -c "Passive: Assetfinder" | lolcat
assetfinder --subs-only $domain | tee assetfinder.txt
figlet -f small -c "Passive: Findomain" | lolcat
findomain --quiet -t $domain -u findomain.txt
figlet -f small -c "Passive: Web Archive" | lolcat
curl -s "http://web.archive.org/cdx/search/cdx?url=*.$domain/*&output=text&fl=original&collapse=urlkey" |sort| sed -e 's_https*://__' -e "s/\/.*//" -e 's/:.*//' -e 's/^www\.//' | sort -u | tee wayback.txt
figlet -f small -c "Passive: crt.sh" | lolcat
curl -s "https://crt.sh/?q=%25.$domain&output=json" | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u | tee crt.txt
figlet -f small -c "Passive: Virustotal" | lolcat
curl -s "https://www.virustotal.com/vtapi/v2/domain/report?apikey=e4726b21a95fb9db348aaa70bbe44121aa5054ada6171a61e680fc2b398bdbe1&domain=$domain" | grep -oE '[a-zA-Z0-9.-]+\.[a-z]{2,}' | sort -u | tee virustotal.txt
figlet -f small -c "Passive: GitHub" | lolcat
export GITHUB_TOKEN=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
github-subdomains -d $domain -o github-subdomains.txt
# Step 4: Sorting Passive Subdomains
figlet -f small -c "Sorting Passive Subdomains" | lolcat
cat github-subdomains.txt crt.txt wayback.txt virustotal.txt assetfinder.txt subfinder.txt findomain.txt | sort -u | sed -E 's#https?://##; s/:([0-9]+)//' | tee "$output_dir/passive-subs.txt"
# Step 5: Start Active/Brute Enum
figlet -f small -c "Active: Knockpy" | lolcat
knockpy -d $domain --recon --bruteforce | grep -oP 'https?://[a-zA-Z0-9.-]+(:[0-9]+)?' | tee knockpy.txt
figlet -f small -c "Active: Alterx + DNSX with Multiple Variations" | lolcat
cat subfinder.txt | alterx | tee dnsx-subs.txt
echo "$domain" | alterx | tee -a dnsx-subs.txt
echo "$domain" | alterx -enrich | tee -a dnsx-subs.txt
echo "$domain" | alterx -pp word=/usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt | tee -a dnsx-subs.txt && cat dnsx-subs.txt | wc -l
figlet -f small -c "Active: dnsx-subs Resolve" | lolcat
puredns resolve dnsx-subs.txt --threads 250 --resolvers resolvers.txt --resolvers-trusted trusted.txt --rate-limit 1000 | tee alterx.txt
figlet -f small -c "Active: Puredns Services-Names-Wordlist" | lolcat
puredns bruteforce services-names.txt $domain | grep -oE '[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' | tee services-puredns.txt
# Step 6: Sorting Active Subdomains
figlet -f small -c "Sorting Active Subdomains" | lolcat
cat services-puredns.txt knockpy.txt alterx.txt | sort -u | sed -E 's#https?://##; s/:([0-9]+)//' | tee "$output_dir/active-subs.txt"
# Step 7: Start IP Enum
figlet -f small -c "Sorting Active Subdomains" | lolcat
shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search hostname:"$domain" 200 --fields ip_str --limit 1000 | tee -a all-ip.txt
shodan init qR2Cu00BTenPnQANNB7lB85Nd4GesofA && shodan search ssl.cert.subject.CN:"$domain" --fields ip_str --limit 1000 | tee -a all-ip.txt
cat all-ip.txt | sort -u | tee "$output_dir/ip.txt"
cat "$output_dir/ip.txt" | wc -l
# Step 8: Merging Active Passive Subdomains
figlet -f small -c "Merging Active Passive Subdomains" | lolcat
cat "$output_dir/active-subs.txt" "$output_dir/passive-subs.txt" "$output_dir/ip.txt" | sort -u | tee "$output_dir/subdomains.txt"
# Step 9: checking open ports
figlet -f small -c "checking open ports" | lolcat
cat "$output_dir/subdomains.txt" | naabu -p - -silent | tee -a "$output_dir/subdomains.txt"
# Step 10: Probing Live Subs
figlet -f small -c "Probing Live Subs" | lolcat
cat "$output_dir/subdomains.txt" | httpx -threads 200 | grep $domain | tee "$output_dir/livesubdomains.txt"
cat "$output_dir/livesubdomains.txt" | wc -l
# Step 11: Status 200
figlet -f small -c "Status 200 Subs" | lolcat
cat "$output_dir/livesubdomains.txt" | httpx -mc 200 | tee "$output_dir/200_livesubdomains.txt"
cat "$output_dir/200_livesubdomains.txt" | wc -l
# Step 12: Clean Intermediate Files
figlet -f small -c "Cleanup" | lolcat
rm all-ip.txt alterx.txt services-puredns.txt knockpy.txt dnsx-subs.txt wayback.txt virustotal.txt github-subdomains.txt puredns.txt crt.txt assetfinder.txt subfinder.txt findomain.txt amass.txt raw-amass.txt domains-amass.txt subdomains.txt
figlet -f slant -c "Subdomains Gathering All Tasks Done!" | lolcat
# ------------------------------------------------------------
# Step 13: Start Endpoints Gathering
figlet -f slant -c "Start Endpoints Gathering" | lolcat
figlet -f small -c "Run Waybackurls" | lolcat
wget -O data.txt "https://web.archive.org/cdx/search/cdx?url=*.$domain/*&output=text&fl=original&collapse=urlkey&from=" && cat data.txt | grep -Evi '\.(css|js|jpe?g|png|gif|webm|avi|dll|pl|c|py|sh|deb|exe|zip|mp4|mp3|mpeg|mpg|flv|wmv|wma|aac|m4a|ogg|bat|dat|cfg|bin|tiff?|csv|ttf|pptx?|ppsx|docx?|xlsx?|eot|xml|mpp|mdb|json|woff2?|svg|txt|jar|pdf|ico|0|1|2|3|4|m4r|kml|pro|yao|cur|gcn3|egy|par|lin|yht)([/?#\.].*|$)' | sed -E 's/:80([/?#]|$)/\1/g; s/:443([/?#]|$)/\1/g; s/:8443([/?#]|$)/\1/g; s/:8080([/?#]|$)/\1/g' | tee "$output_dir/wayback.txt"
figlet -f small -c "Run Gau" | lolcat
cat "$output_dir/livesubdomains.txt" | gau --threads 100 | tee "$output_dir/gau.txt"
figlet -f small -c "Run Katana" | lolcat
katana -u "$output_dir/livesubdomains.txt" -d 3 -jc -fx -aff -ef woff,js,css,png,svg,jpg,woff2,jpeg,gif,svg -o "$output_dir/katana.txt"
figlet -f small -c "Merge All URLS" | lolcat
cat "$output_dir/wayback.txt" "$output_dir/gau.txt" "$output_dir/katana.txt" | grep $domain | sort -u | uro | tee "$output_dir/endpoints.txt"
cat "$output_dir/endpoints.txt" | grep '=' | sort -u > param.txt
urless -i param.txt -o "$output_dir/xss-ready.txt"
figlet -f slant -c "Endpoints Gathering All Tasks Done!" | lolcat
# ------------------------------------------------------------
# Step 14: Start information Gathering
figlet -f slant -c "Start information Gathering" | lolcat
nuclei -l "$output_dir/livesubdomains.txt" --tags panel,tech,osint --s info,low,high,critical,medium -es unknown -c 30 -o "$output_dir/info-targets.txt"
figlet -f slant -c "information Gathering All Tasks Done!" | lolcat
# ------------------------------------------------------------
# Step 15: Start Scaning Generic Vulnerabilities via Xray
figlet -f slant -c "Scaning Generic Vulnerabilities via Xray" | lolcat
for i in $(cat $output_dir/livesubdomains.txt); do ./xray_linux_amd64 ws --basic-crawler $i --plugins xss,sqldet,cmd-injection,redirect,path-traversal --html-output "$(date +%T).html"; done | tee "$output_dir/xray-scan.txt"
# ------------------------------------------------------------
# Step 16: Scaning CVEs and Misconfigurations via Community nuclei templates
figlet -f slant -c "Start Scaning CVEs and Misconfigurations via Community nuclei templates" | lolcat
nuclei -l "$output_dir/livesubdomains.txt" -t /home/kali/cent-nuclei-templates/ -o "$output_dir/info-targets.txt"
# ------------------------------------------------------------
# Step 17: Run Nuclei on all Hosts
figlet -f slant -c "Run Nuclei on all Hosts" | lolcat
cat "$output_dir/livesubdomains.txt" | nuclei -t cves/ -o "$output_dir/cves_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t vulnerabilities/ -o "$output_dir/vulnerabilities_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t exposures/ -o "$output_dir/exposures_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t misconfiguration/ -o "$output_dir/misconfiguration_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t exposed-panels/ -o "$output_dir/exposed-panels_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t default-logins/ -o "$output_dir/default_logins_nuclei.txt"
cat "$output_dir/livesubdomains.txt" | nuclei -t takeovers/ -o "$output_dir/takeovers_nuclei.txt"
# ------------------------------------------------------------
figlet -f slant -c "All Tasks Done!" | lolcatLast updated