About
- This is my personal recon script that I use to find P4-P5 bugs.
- This script is meant to be run on a VPS rather than a personal computer.
Usage
./install.shto fresh install the tools../install.sh uto update the installed tools../morty.sh <targetfile>to run the script on the scope defined in target file../morty.sh <targetfile> <outofscopefile>to exclude subdomains in the outofscope file
Scope file
- Should contain domain names in a list (without any regex) to enumerate on.
- Same goes for out of scope file
Recon
- Brute force subdomain scan
- Subdomain enumeration from passive sources
- Third leve subdomain scan
- Subdomain to IP conversion
- Nmap vuln scan on open ports
- Nmap connect scan on open ports
- Aquatone to capture screenshots of active hosts
- Httpx to find active urls
- Waybackurls, gau to find archived links
- Favicon scan
- Template scan
- Automated xss finder (kxss + dalfox)
- Pattern Search (gf)
- Secret finder
- S3 bucket scan
- Directory fuzzing
- Cors misconfig
- Subdomain takeover
To be added
- Shodan api
- Censys api
- Vhost enum