Project Morya is just a collection of bash scripts that runs iteratively to carry out various tools and recon process & store output in an organized way. This Project was built to automate my recon process, and after working on this project for months, I thought to make Project Morya public.
Please feel free to improve it in any way you can. There is no secret involved, and it's just a set of commands and existing tools written in bash-scripts for simple Recon Automation.
Currently this tools supports performing recon for:
-
Subdomain Enumeration:
It just enumerate subdomain -
Medium Level Scan:
It scan's for [ subdomain Enumeration, subdomain Takeover, wayback_Urls, probing_Domains, nuclei_Scanning, port_Scanning ] -
Advance level Scan:
It scan's for [ subdomain Enumeration, subdomain Takeover, wayback_Urls, probing_Domains, nuclei_Scanning, port_Scanning, dirsearch, xss scan ]
Note : Run this commands as a root user
$ git clone https://github.com/anubhavsinghhacker/project-morya.git
$ cd project-morya
$ chmod +x install.sh project_Morya.sh
$ ./install.sh
./project_Morya -hThis will display help for the tool. Here are all the switches it supports.
👉 Project Morya help menu 👈
Usage of ./project_MOrya:
-s
for only subdomain enumeration
-m
for medium level scan [subdomain Enumeration, subdomain Takeover, wayback_Urls, probing_Domains, nuclei_Scanning, port_Scanning]
-a
for advance level scan [subdomain Enumeration, subdomain Takeover, wayback_Urls, probing_Domains, nuclei_Scanning, port_Scanning, dirsearch, xss scan]
To run the tool on a target, just use the following command.
- Subdomain Enumeration :
./project_Morya.sh -s - Medium Level Recon :
./project_Morya.sh -m - Advance Scope Recon :
./project_Morya.sh -a
👉 Configure your files 👈
I have written an article to setup Notify : https://anubhav-singh.medium.com/notification-system-for-your-bug-bounty-automation-7b13af1b7372
Note : Keep atleast 5 tokens in $HOME/.config/github-subdomains/tokens.txt
shodan init YOUR_API_KEY
- Signup on xsshunter.com
- Generate your custom domain
- example : https://helloanubhav.xss.ht
- Now Hard code this domain in
xss_hunter.lib
If you have properly configured files then you are all set to use this framework
👉 Using screen command 👈
screen command in Linux provides the ability to launch and use multiple shell sessions from a single ssh session. When a process is started with ‘screen’, the process can be detached from session & then can reattach the session at a later time. When the session is detached, the process that was originally started from the screen is still running and managed by the screen itself. The process can then re-attach the session at a later time, and the terminals are still there, the way it was left
-
To list active screens
screen -ls
-
Name this session
screen -S <name>
-
If you see detach then to this
screen -r <number/name>
-
If you see reattach then to this
screen -d <number/name>=> [ To detach your screen ]screen -r <number/name>=> [ To reattach your screen ]
Further Reference : https://www.geeksforgeeks.org/screen-command-in-linux-with-examples/
👉 Tools used in project 👈
1. subfinder
2. ctfr.py
3. Assestfinder
4. Findomain
5. sd-goo
5. shodan
6. anew
7. amass
8. gauplus
9. waybackurls
10. github-subdomains
11. Crobat
12. Puredns
13. DNSCewl
14. dnsvalidator
15. httpx
16. Gospider
17. Notify
18. Unfurl
19. Unimap
20. Subjack
21. Dirsearch
22. Parmaspider
23. kxss
24. Dnsx
25. jq
26. Naabu
27. Nmap
28. Dalfox
29. Nuclei
30. xsshunter
- Please create a PR for the Feature Request.
- If you want to add your method/tool to project than make PR for it.
- If there is any missing part in install.sh please create a PR for it.
- For specific tool related issue such as installation for X tool used by Project Morya is not successful, please do not create a PR for it. As this issue is required to be Raise to the specific Tool Owner.
Please feel free to contribute....
If you like Project Morya and it help you in work, money/bounty, pentesting, recon or just brings you happy feelings, please show your support ! ❤️
