Nix was designed to perform a fast recon in a host. The things that it does are listed below:
1. Banner Grabbing;
2. Port Scanner (1-8088 range);
3. Directory Finder; and
4. Search for possible email addresses using Hunter API. Set the API token as an env. variable in a .env file, like:
HUNTER_API = your_generated_api_token_here
Usage:
- Cloning the repo:
git clone https://www.github.com/nix/nix.git
- Example:
Banner Grabbing:
Hunter's Hunt (don't forget to create your own .env file and set the "HUNTER_API" variable there:
Basically, metasearch.sh is able to perform a specific query on Google to look for different types of files within a host.
Usage:
./metasearch host filetype
./metasearch target.com pdf
subtakeover.sh is able to perform subdomain bruteforce and bring us possible subdomains to test a Subdomain Takeover.
Usage:
./subtakeover.sh host wordlist
./subtakeover.sh target.com endpoints.txt