For the installation of all the tools below. I linked all the github links, just make sure that its in the right directory PATH and your good to go. feel free to modify and feel free not to use it if you don't like it :)
ALL CREDIT GOES TO AMAZING CREATORS OF THIS WONDERFUL TOOLS :)
cannot make to mention y'all co'z i'm too lazy to do that though :D (i'm being honest here)
golang
- amass
- subfinder
- assetfinder
- zcat
- goaltdns
- shuffledns
- dnsprobe
- ffuf
- httprobe
- tko-subs
- subjack
- zdns
- aquatone
- webanalyze
- gau
- getching
- kxss
- dalfox
APT-GET
- jq
- grepcidr
- nmap
- masscan
- brutespray
Download Only
- findomain
- github-endpoints
- github-secrets
- smuggler
GIT
- massdns
- S3Scanner
- LinkFinder
- defparam smuggler
PIP
- shodan
Usage: ~$ bash scanner.sh example.com
Running in background in VPS using nohup
Usage: ~$ nohup bash scanner.sh example.com &> example.out&
You can help me (slash) support me in this project by registering an account here (with my referral code of course) .
Big thanks to @sumgr0 :)
Subdomain Enumeration
- Amass brute with wordlist
- Findomain
- Subfinder
- Assetfinder
- Rapid7's Project Sonar
Scan All Alive Hosts with Httprobe
- Getting All IP from the subdomains collected with DNSProbe
Separating Cloudflare, Incapsula, Sucuri, and Akamai IPs from collected IPs
It's useless to scan Cloudflare, Incapsula, Sucuri, and Akamai IPs. (Just like talking to a wall)
FYI, Install grepcidr first
apt-get install grepcidr
- S3 Bucket scanner with s3scanner
Subdomain TakeOver
Collecting Endpoints thru Linkfinder
Collecting Endpoints and Secrets in Github
make sure to create
.tokens
file (containing your github token) together withgithub-endpoints.py
andgithub-secrets.py
(probably in ~/tools folder).
Port Scanning
- NMAP
- masscan
Webanalyze for Fingerprinting assets
File/Dir Discovery
Potential XSS
Virtual Hosts Scan
- 401 Basic Authorization Bruteforce with FFUF
Some subdomains has 401 authentication basic, so we need to bruteforce it with base64 credentials :)
Added X-Forwarded-For Header (you should setup your own dns server) to check for IP Spoofing Attack.
Feel free to modify it on your own if you don't feel about on how it works :)