/subdomain-monitoring

This repository used for subdomain monitoring using my automate-with-actions

Primary LanguageShellGNU General Public License v3.0GPL-3.0

This repo is created by DK9510 for monitoring diffrent web assets of any organizations

this can be support both Active and passive enumeration for subdomain discovery

this is part of one of my projet https://github.com/dk9510/Automate-With-Actions

what is Github actions

  • github actions is one feature of the github that provide us the 2000 minute vm for testing our project in different os
  • they provide vm for windows, mac and linux(ubuntu)
  • this is vm is run based on the workflow that we have created in the repository
  • see here official documentation
  • so based on this i have created a workflow and scripts that process most of recon process for BugBounty Hunting automatic in this cloud vm provided by the github

how the workflow run

  1. installing necessary tools and packages and dependencies
  2. enumeration of subdomains using amass, assetfinder, subfinder, crt.sh, subdomain bruteforcing
  3. dns resolution: getting CNAME, A,AAAA,PTR records using massdns
  4. finding virtual hosting for domains if there by bruteforce virtual host using gobuster
  5. checking subdomain or vhost is alive or not by httpx which test for all http methods and give result
  6. port scanning using naabu, for fast output we only use nmap's top-1000 port you can specify all port but it will take time
  7. fuzz the domains after probing through httprobe for the critical directory, you customize the wordlist in the fuzzing directory
  8. final we scan the live domains using project discovery's nuclei for scanning cves, vulnerabilities etc, you can change the configuration file nuclei.yaml in configs/
  9. For notification purpose i have used notify but this didn't work in github vm if you running this script in local machine or in vps then it will work. change config for notify in configs/notify.yaml and also see notify's official documentation for how to config it for your own.
  10. For taking screen shots i have used Aquatone

how to use

setup workflow

  1. download this repo in your pc and remove all .git fils and make new private repository and initialize repository make sure you make private repository and since the output is commited in this repo & you didn't want to make your work public...
  2. In 2nd new created repo make add new file .github/workflows/github-actions.yaml
  3. create personal Access token for github see documentation be sure to check this other don't need for this project, this will allow read and write actions to private repository img0
  4. copy the personal access token and add secret in 2nd private repo that we have created documentation img1 img2 img3 img4
  5. now copy content from workflow/github-actions.yaml file and paste in second private repo that we have created i.e .github/workflows/github-actions.yaml
  6. only change this in workflow but ![assets/work-flow.png]
  7. now you workflow file is complete just commit the changes and go to actions page img5 img6
  8. if your workflow runs successfully and exit than you see this img7 otherwise you see like this img8
  • if your workflow is run successfully we go to next step

setup notification to get on Discord

  • here you can see how to create discord webhook
  • after creating webhook copy webhook url configure your github repo, but take not that you configure automate-with-actions repo no need to add webhook in another repo because the result will commited in this forked repository, where we added workflow file,
  • you see how to configure github repo in above documentation
  • if you configure properly just do commit in any file and you see notification in discord channel

For project discovery's notify

  • see documentation here
  • for currently this doesn't work for github vm, but if you clone repo and run scripts in local vm or in vps then it will work
  • config file for notity is configs/notify.yaml

give domain name

  • if all the above setup is complete that we can proceed with next step is give domain
  • take any bounty program
  • if it has wild card domain in scope than you put domain name in domains.txt

eg:

if *.google.com , *.youtube.com etc

then put

google.com
youtube.com

in domains.txt

  • if any outofscope domains are given then put it in outofscope.txt eg

For out of scope then we put it in outofscope.txt as

acc.google.com
ads.youtube.com

  • dont put all domains in single line in any of the file

  • now you are ready to test your workflow

run workflow

  • go to .github/workflows/automate-with-actions.yaml file in your 2nd private repository and edit workflow file like comment or uncomment echo hello DK or or any echo file but don't script file, if you do that script will not run but if you want to not run that script file than you comment it
  • commit the change and it will start your workflow, you can see it in actions tab in that repository,

NOTE:

the vm instance is created on the basis of workflow file, and this workflow only runs if any push event happened in that repository , where the .github/workflows/your-workflow-file.yaml is present

Note:

if you are using. VPS then no need to commit in github just comment all commands in all scripts that used to work with github repository and no need to generate and add personal access token. But only for VPS

  • you can customize the scripts written by me to your own preference and add feature you want

tools i have used in this project

Author : DK9510

Twitter: DK_9510