{"id":13454617,"url":"https://github.com/leebaird/discover","last_synced_at":"2025-05-13T21:08:25.649Z","repository":{"id":40682170,"uuid":"13932470","full_name":"leebaird/discover","owner":"leebaird","description":"Custom bash scripts used to automate various penetration testing tasks including recon, scanning,  enumeration, and malicious payload creation using Metasploit. For use with Kali Linux.","archived":false,"fork":false,"pushed_at":"2025-04-21T00:02:02.000Z","size":3571,"stargazers_count":3621,"open_issues_count":0,"forks_count":858,"subscribers_count":202,"default_branch":"main","last_synced_at":"2025-04-28T12:16:11.169Z","etag":null,"topics":["bash","enumeration","information-gathering","kali-linux","metasploit","nmap","osint","payload-generator","pentesting","recon","reconnaissance","red-team","scanning"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/leebaird.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2013-10-28T17:05:04.000Z","updated_at":"2025-04-28T00:59:09.000Z","dependencies_parsed_at":"2023-02-09T05:19:05.612Z","dependency_job_id":"eb83cf2e-5389-4df7-92da-9e1650a95d2e","html_url":"https://github.com/leebaird/discover","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leebaird%2Fdiscover","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leebaird%2Fdiscover/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leebaird%2Fdiscover/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leebaird%2Fdiscover/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/leebaird","download_url":"https://codeload.github.com/leebaird/discover/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251311337,"owners_count":21569010,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","enumeration","information-gathering","kali-linux","metasploit","nmap","osint","payload-generator","pentesting","recon","reconnaissance","red-team","scanning"],"created_at":"2024-07-31T08:00:55.950Z","updated_at":"2025-04-28T12:16:19.278Z","avatar_url":"https://github.com/leebaird.png","language":"Shell","readme":"```\nCustom bash scripts used to automate various penetration testing tasks including recon, scanning, \nenumeration, and malicious payload creation using Metasploit. For use with Kali Linux.\n```\n\n[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://github.com/leebaird/discover/blob/master/LICENSE)\n\n* [![Twitter Follow](https://img.shields.io/twitter/follow/discoverscripts.svg?style=social\u0026label=Follow)](https://twitter.com/discoverscripts) Lee Baird @discoverscripts\n* [![Twitter Follow](https://img.shields.io/twitter/follow/jay_townsend1.svg?style=social\u0026label=Follow)](https://twitter.com/jay_townsend1) Jay \"L1ghtn1ng\" Townsend @jay_townsend1\n* [![Twitter Follow](https://img.shields.io/twitter/follow/ninewires.svg?style=social\u0026label=Follow)](https://twitter.com/ninewires) Jason Ashton @ninewires\n\n### Download, setup, and usage\n* Download with a normal user account to your home directory.\n* cd ~\n* git clone https://github.com/leebaird/discover\n* cd discover/\n* ./discover.sh\n* Select option 15 to update the operating system and install various tools before using the framework.\n* Some options will require root credentials to run.\n\n\n```\nRECON\n1.  Domain\n2.  Person\n\nSCANNING\n3.  Generate target list\n4.  CIDR\n5.  List\n6.  IP, range, or URL\n7.  Rerun Nmap scripts and MSF aux\n\nWEB\n8.  Insecure direct object reference\n9.  Open multiple tabs in Firefox\n10. Nikto\n11. SSL\n\nMISC\n12. Parse XML\n13. Generate a malicious payload\n14. Start a Metasploit listener\n15. Update\n16. Exit\n```\n## RECON\n### Domain\n```\nRECON\n\n1.  Passive\n2.  Find registered domains\n3.  Previous menu\n```\n\nNote: Passive cannot be ran as root.\n\nUses ARIN, DNSRecon, dnstwist, subfinder, sublist3r,\ntheHarvester, Metasploit, Whois, and multiple websites.\n\n* Acquire all free API keys for maximum results with theHarvester.\n* Add API keys to /home/kali/.theHarvester/api-keys.yaml\n\n### Person\n```\nRECON\n\nFirst name:\nLast name:\n```\n\n* Combines info from multiple websites.\n\n## SCANNING\n### Generate target list\n```\nSCANNING\n\n1.  ARP scan\n2.  Ping sweep\n3.  Previous menu\n```\n\n* Use different tools to create a target list including Angry IP Scanner, arp-scan, netdiscover, and Nmap pingsweep.\n\n### CIDR, List, IP, Range, or URL\n```\nType of scan:\n\n1.  External\n2.  Internal\n3.  Previous menu\n```\n\n* External scan will set the Nmap source port to 53 and the max-rrt-timeout to 1500ms.\n* Internal scan will set the Nmap source port to 88 and the max-rrt-timeout to 500ms.\n* Nmap is used to perform host discovery, port scanning, service enumeration, and OS identification.\n* Nmap scripts and Metasploit auxiliary modules are used for additional enumeration.\n* Addition tools: enum4linux, smbclient, and ike-scan.\n\n## WEB\n### Insecure direct object reference\n````\nUsing Burp, authenticate to a site, map \u0026 Spider, then log out.\nTarget \u003e Site map \u003e select the URL \u003e right click \u003e Copy URLs in\nthis host. Paste the results into a new file.\n\nEnter the location of your file:\n````\n\n### Open multiple tabs in Firefox\n```\nOpen multiple tabs in Firefox with:\n\n1.  List\n2.  Files in a directory\n3.  Directories in robots.txt\n4.  Previous menu\n```\n\nExamples:\n* A list containing multiple IPs and/or URLs.\n* You finished scanning multiple web sites with Nikto and want to open every htm report located in a directory.\n* Use wget to download a domain's robot.txt file, then open all of the directories.\n\n### Nikto\n```\nThis option cannot be ran as root.\n\nRun multiple instances of Nikto in parallel.\n\n1.  List of IPs\n2.  List of IP:port\n3.  Previous menu\n```\n### SSL\n```\nCheck for SSL certificate issues.\n\nList of IP:port.\n\n\nEnter the location of your file:\n```\n\n* Uses sslscan, sslyze, and Nmap to check for SSL/TLS certificate issues.\n\n\n## MISC\n### Parse XML\n```\nParse XML to CSV.\n\n1.  Burp (Base64)\n2.  Nessus (.nessus)\n3.  Nexpose (XML 2.0)\n4.  Nmap\n5.  Qualys\n6.  Previous menu\n```\n\n### Generate a malicious payload\n```\nMalicious Payloads\n\n1.   android/meterpreter/reverse_tcp         (.apk)\n2.   cmd/windows/reverse_powershell          (.bat)\n3.   java/jsp_shell_reverse_tcp (Linux)      (.jsp)\n4.   java/jsp_shell_reverse_tcp (Windows)    (.jsp)\n5.   java/shell_reverse_tcp                  (.war)\n6.   linux/x64/meterpreter_reverse_https     (.elf)\n7.   linux/x64/meterpreter_reverse_tcp       (.elf)\n8.   linux/x64/shell/reverse_tcp             (.elf)\n9.   osx/x64/meterpreter_reverse_https       (.macho)\n10.  osx/x64/meterpreter_reverse_tcp         (.macho)\n11.  php/meterpreter_reverse_tcp             (.php)\n12.  python/meterpreter_reverse_https        (.py)\n13.  python/meterpreter_reverse_tcp          (.py)\n14.  windows/x64/meterpreter_reverse_https   (multi)\n15.  windows/x64/meterpreter_reverse_tcp     (multi)\n16.  Previous menu\n```\n\n### Start a Metasploit listener\n```\nMetasploit Listeners\n\n1.   android/meterpreter/reverse_tcp\n2.   cmd/windows/reverse_powershell\n3.   java/jsp_shell_reverse_tcp\n4.   linux/x64/meterpreter_reverse_https\n5.   linux/x64/meterpreter_reverse_tcp\n6.   linux/x64/shell/reverse_tcp\n7.   osx/x64/meterpreter_reverse_https\n8.   osx/x64/meterpreter_reverse_tcp\n9.   php/meterpreter/reverse_tcp\n10.  python/meterpreter_reverse_https\n11.  python/meterpreter_reverse_tcp\n12.  windows/x64/meterpreter_reverse_https\n13.  windows/x64/meterpreter_reverse_tcp\n14.  Previous menu\n```\n\n### Update\n\n* Update Kali Linux, Discover scripts, various tools, and the locate database.\n\n# Troubleshooting\n\nSome users have reported being unable to use any options except for 3, 4, and 5. \nNothing happens when choosing other options (1, 2, 6, etc.).\n\n## Verify the download hash\n\nHash-based verification ensures that a file has not been corrupted by comparing the file's hash \nvalue to a previously calculated value. If these values match, the file is presumed to be unmodified.\n\n### macOS\n\n1. Open Terminal\n2. shasum -a 256 /path/to/file\n3. Compare the value to the checksum on the website.\n\n### Windows\n\n1. Open PowerShell\n2. Get-FileHash C:\\path\\to\\file\n3. Compare the value to the checksum on the website.\n\n## Running Kali on VirtualBox or Windows Subsystem for Linux (WSL)\n\nSome users have reported the fix is to use the VMware image instead of WSL. \n\nOther users have noticed issues when running a pre-made VirtualBox Kali image, instead of running the \nbare metal Kali ISO through VirtualBox. \n(https://www.kali.org/get-kali/#kali-bare-metal)\n\nIf you are unwilling or unable to use VMware Workstation to run Kali, we encourage you to try running \na Kali ISO as a Guest VM in VirtualBox.\n\n1. Download the bare metal ISO provided by Kali.\n2. Verify the ISO hash (see above).\n3. Start a new Kali VM within VirtualBox with the bare metal Kali ISO.\n\nThere will be some [basic installation instructions](https://www.kali.org/docs/installation/hard-disk-install/) \nyou will be required to fill out during the installation.\n\nNote: If you have problems accessing root after setting up a bare metal ISO, please refer to: \nhttps://linuxconfig.org/how-to-reset-kali-linux-root-password\n","funding_links":[],"categories":["Frameworks","PowerShell","Shell","[](#table-of-contents) Table of contents","bash","\u003ca id=\"783f861b9f822127dba99acb55687cbb\"\u003e\u003c/a\u003e工具","\u003ca id=\"a76463feb91d09b3d024fae798b92be6\"\u003e\u003c/a\u003e侦察\u0026\u0026信息收集\u0026\u0026子域名发现与枚举\u0026\u0026OSINT","pentesting","Pentesting","Programming/Comp Sci/SE Things"],"sub_categories":["Open Redirect","[](#netflix)Netflix","\u003ca id=\"ad92f6b801a18934f1971e2512f5ae4f\"\u003e\u003c/a\u003ePayload生成","\u003ca id=\"05ab1b75266fddafc7195f5b395e4d99\"\u003e\u003c/a\u003e未分类-OSINT","Enumeration","XSS","Subdomain/DNS Stuff"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleebaird%2Fdiscover","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fleebaird%2Fdiscover","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleebaird%2Fdiscover/lists"}