Bash-scripting-recon
Power of .bashrc and .bash_aliases In last stream I have explained how to user .bashrc and .bash_aliases for easy and powerfull recon.
Tools:
- Subfinder
- Assestfinder
- Domained
- AltDns
- CTFR
- CSP
- Wayback
- Ffuf
- Notify
- Nuclei
- Virtual-host-discovery
- Httpx
- Tld-Scanner
- GitGrabber
USE:
Save both file .bashrc and .bash_aliases in your vps (linux based)
when you have only single target
subenum target.com
alive target.com_unique
slacknotify target.com_unqiue.alive
getdirs target.com_unique.alive
when you have list of target
sublist targetlist.txt
cat targetname* | sort -u | uniq | tee domains.txt
alive domains.txt
slacknotify domains.txt.alive
getdirs domains.txt.alive
virtual host discovery
vhost server-ip target.com
Github recon
gitauto target
tld enumeration and subdomain enumeration
tldenum target