Some useful shell scripts to automate web recon
- autonuce - just automate nuclei against list of subs
- urlfiles - grep files from allurls
- quredir - get open-redirect endpoints from all urls
git clone --depth=1 https://github.com/xerohackcom/webrecon.git && mv webrecon XHW && rm -rf webrecon && cd XHW && rm -rf github-assets && ll
-
Copy the scripts to your recon directory. You can use 'cp' command to copy these scripts to your recon folder.
-
You reqire the basics of settings up the tools these scripts automate. Copy the tool name & google. Goto their github repos and set them up propoerly. These scripts automate usage. Sit down and relax. Better to run on cloud for heavy tests / full scope recons.
Filenames in bold don't work if the name is changed. Pls change the scripts to accomodate your names
assetfinder xyz.com | httpx --silent | grep -i "https://" | anew subs && bash autonuce.sh
assetfinder xyz.com | httpx --silent | grep -i "https://" | anew subs && cat subs | gauplus -b ttf,woff,svg,png,jpeg,jpg,css,bmp,tiff,woff2,ico,icon,PNG,JPG,BMP,CSS,gif,GIF | grep -i "https://" | anew allurls && bash urlfiles.sh && bash quredir.sh
assetfinder + httpx + https-only + gauplus + urlfiles.sh + + quredir.sh + autonuce.sh (Very-Heavy - All In One)
assetfinder xyz.com | httpx --silent | grep -i "https://" | anew subs && cat subs | gauplus -b ttf,woff,svg,png,jpeg,jpg,css,bmp,tiff,woff2,ico,icon,PNG,JPG,BMP,CSS,gif,GIF | grep -i "https://" | anew allurls && bash urlfiles.sh && bash quredir.sh && bash autonuce.sh