forked from Drushti214/Osint
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauto.py
116 lines (101 loc) · 5.82 KB
/
auto.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
#!/usr/bin/env python3
#
# OsInT Sc4N3r - Tool for automated recon process on bug bounty
# @author: Israel C. dos Reis [@z3xddd]
from os import popen, geteuid
import time
class OsInT_Sc4N3r(object):
def __init__(self, domain):
self.domain = domain
def validate_run_as_root(self):
if not geteuid() == 0:
print("[-] Please run this script as root... [-]")
exit()
else:
pass
def create_folder_results(self):
validate_folder_command = "ls -la"
validate_var = popen(validate_folder_command).read()
if "results" in validate_var:
pass
else:
results_command = 'mkdir results'
print('[+] Creating folder /results to archive logs... [+]')
popen(results_command)
print('[+] Folder created... [+]')
def enumerate_subdomains_assetfinder(self):
enumerate_command = 'assetfinder -subs-only '+self.domain + \
' > results/result_assetfinder_'+self.domain+'.txt'
print("[*] Assetfinder execute process starting... [*]")
print(popen(enumerate_command).read())
print('[+] Assetfinder scan finished... See details on results/result_assetfinder_' +
self.domain+'.txt [+]')
def enumerate_webservers(self):
enumerate_command = 'cat results/result_assetfinder_'+self.domain + \
'.txt | httpx --silent > results/result_httpx_'+self.domain+'.txt'
print("[*] Httpx execute process starting... [*]")
print(popen(enumerate_command).read())
print('[+] Httpx scan finished... See details on results/result_httpx_' +
self.domain+'.txt [+]')
def portscan(self):
portscan_command = 'nmap -sSV -n -f -Pn T 3 --script=/usr/share/nmap/scripts/firewall-bypass.nse --allports --randomize-hosts --data-length 127 -iL results/result_assetfinder_' + \
self.domain+'.txt > results/result_portscan_'+self.domain+'.txt'
print("[*] Portscan execute process starting... [*]")
popen(portscan_command).read()
print('[+] Portscan scan finished... See details on results/result_portscan_' +
self.domain+'.txt [+]')
def search_json(self):
search_json_command = 'cat results/result_assetfinder_'+self.domain + \
'.txt | waybackurls | grep -E "\.json(?:onp?)?$" | anew > results/result_search_json_' + \
self.domain+'.txt'
print("[*] Search .json files execute process starting... [*]")
popen(search_json_command).read()
print('[+] Scan finished... See details on results/result_search_json_' +
self.domain+'.txt [+]')
def search_js(self):
search_js_command = 'cat results/result_assetfinder_'+self.domain + \
'.txt | waybackurls | grep -E "\.js(?:onp?)?$" | anew > results/result_search_js_' + \
self.domain+'.txt'
print("[*] Search .js files execute process starting... [*]")
popen(search_js_command).read()
print('[+] Scan finished... See details on results/result_search_js_' +
self.domain+'.txt [+]')
def xss_scan(self):
xss_command = 'cat results/result_assetfinder_'+self.domain + \
'.txt | waybackurls | kxss > results/result_xss_scan_'+self.domain+'.txt'
print("[*] XSS Scan execute process starting... [*]")
popen(xss_command).read()
print('[+] XSS Scan finished... See details on results/result_xss_scan_' +
self.domain+'.txt [+]')
def nuclei_attack(self):
attack_command = 'nuclei -l results/result_httpx_'+self.domain + \
'.txt -t ../nuclei-templates/ > results/result_nuclei_'+self.domain+'.txt'
print("[*] Nuclei attack execute process starting... [*]")
print(popen(attack_command).read())
print('[+] Nuclei attack finished... See details on results/result_nuclei_' +
self.domain+'.txt [+]')
print("""\
:'#######:::'######::'####:'##::: ##:'########:::::'######:::'######::'##::::::::'##::: ##::'#######::'########::
'##.... ##:'##... ##:. ##:: ###:: ##:... ##..:::::'##... ##:'##... ##: ##:::'##:: ###:: ##:'##.... ##: ##.... ##:
##:::: ##: ##:::..::: ##:: ####: ##:::: ##::::::: ##:::..:: ##:::..:: ##::: ##:: ####: ##:..::::: ##: ##:::: ##:
##:::: ##:. ######::: ##:: ## ## ##:::: ##:::::::. ######:: ##::::::: ##::: ##:: ## ## ##::'#######:: ########::
##:::: ##::..... ##:: ##:: ##. ####:::: ##::::::::..... ##: ##::::::: #########: ##. ####::...... ##: ##.. ##:::
##:::: ##:'##::: ##:: ##:: ##:. ###:::: ##:::::::'##::: ##: ##::: ##:...... ##:: ##:. ###:'##:::: ##: ##::. ##::
. #######::. ######::'####: ##::. ##:::: ##:::::::. ######::. ######:::::::: ##:: ##::. ##:. #######:: ##:::. ##:
:.......::::......:::....::..::::..:::::..:::::::::......::::......:::::::::..:::..::::..:::.......:::..:::::..::
#################################################################################################################
Tool for automated recon process on Bug Bounty
by: Israel C. dos Reis [@z3xddd]
""")
user_domain_input = str(
input("[+] Enter domain to scan >> [ EX: domain.com.br ] "))
domain_to_scan = OsInT_Sc4N3r(user_domain_input)
domain_to_scan.validate_run_as_root()
domain_to_scan.create_folder_results()
domain_to_scan.enumerate_subdomains_assetfinder()
domain_to_scan.search_json()
domain_to_scan.search_js()
domain_to_scan.xss_scan()
domain_to_scan.portscan()
domain_to_scan.enumerate_webservers()
domain_to_scan.nuclei_attack()