External Network Pentest Automation using Shodan API and other tools.
- Input a file containing CIDR ranges.
- Converts CIDR ranges to individual IP addresses.
- Adds all the IPs to Shodan's Monitor and enables all the triggers along with Notification over Slack Webhook.
- Extracts hostnames from Shodan query for the CIDR ranges
- Fetches domains and subdomains from SSL certificates
- Extracts domains and subdomains from Reverse DNS Lookup
- Combines all the extracted domains into a single file
- Port scan using masscan on all the hosts
- Output of masscan + domains/subdomains is fed into httpx to resolve.
- httpx output is sent to Nuclei.
- Nessus Scans using API