Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/0xspade/Automated-Scanner

Trying to make automated recon for bug bounties
https://github.com/0xspade/Automated-Scanner

Last synced: 3 months ago
JSON representation

Trying to make automated recon for bug bounties

Host: GitHub
URL: https://github.com/0xspade/Automated-Scanner
Owner: 0xspade
Created: 2019-03-12T01:59:18.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2021-05-03T09:25:06.000Z (over 3 years ago)
Last Synced: 2024-05-31T09:37:41.108Z (5 months ago)
Language: Shell
Homepage:
Size: 1.21 MB
Stars: 250
Watchers: 15
Forks: 53
Open Issues: 6
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - 0xspade/Automated-Scanner - Trying to make automated recon for bug bounties (Shell)

README

        [![Follow on Twitter](https://img.shields.io/twitter/follow/0xspade.svg?logo=twitter)](https://twitter.com/0xpsade)

[![Follow on Twitter](https://img.shields.io/twitter/follow/sumgr0.svg?logo=twitter)](https://twitter.com/sumgr0)

# Installation 

For the installation of all the tools below. I linked all the github links, just make sure that its in the right directory PATH and your good to go. feel free to modify and feel free not to use it if you don't like it :)

**ALL CREDIT GOES TO AMAZING CREATORS OF THIS WONDERFUL TOOLS :)**

^{cannot make to mention y'all co'z i'm too lazy to do that though :D (i'm being honest here)}

## List of tools to be installed

golang

- amass

- subfinder

- assetfinder

- zcat

- goaltdns

- shuffledns

- dnsprobe

- ffuf

- httprobe

- tko-subs

- subjack

- zdns

- aquatone

- webanalyze

- gau

- getching

- kxss

- dalfox

APT-GET

- jq

- grepcidr

- nmap

- masscan

- brutespray

Download Only

- findomain

- github-endpoints

- github-secrets

- smuggler

GIT

- massdns

- S3Scanner

- LinkFinder

- defparam smuggler

PIP

- shodan

# How to use

Usage: `~$ bash scanner.sh example.com`

Running in background in VPS using nohup

Usage: `~$ nohup bash scanner.sh example.com &> example.out&`

### Need a Digitalocean?

Free $100 in DigitalOcean, just click the link below :D

[![DigitalOcean Referral Badge](https://web-platforms.sfo2.cdn.digitaloceanspaces.com/WWW/Badge%201.svg)](https://www.digitalocean.com/?refcode=9d633afb889b&utm_campaign=Referral_Invite&utm_medium=Referral_Program&utm_source=badge)

## Contributor

Big thanks to [@sumgr0](https://twitter.com/sumgr0) :)

## Links 

----

**Subdomain Enumeration**

* [Amass](https://github.com/OWASP/Amass) brute with [wordlist](https://github.com/ZephrFish/Wordlists/blob/master/HugeDNS.7z)

* [Findomain](https://github.com/Edu4rdSHL/findomain)

* [Subfinder](https://github.com/subfinder/subfinder)

* [Assetfinder](https://github.com/tomnomnom/assetfinder)

* [Rapid7's Project Sonar](https://opendata.rapid7.com/sonar.fdns_v2/)

>https://github.com/phspade/Project_Sonar_R7

* [goaltdns](https://github.com/subfinder/goaltdns) + [massdns](https://github.com/blechschmidt/massdns)

**Scan All Alive Hosts with [Httprobe](https://github.com/tomnomnom/httprobe)**

* Getting All IP from the subdomains collected with [DNSProbe](https://github.com/projectdiscovery/dnsprobe)

**Separating Cloudflare, Incapsula, Sucuri, and Akamai IPs from collected IPs**

>It's useless to scan Cloudflare, Incapsula, Sucuri, and Akamai IPs. *(Just like talking to a wall)*

>

>FYI, Install grepcidr first `apt-get install grepcidr`

* S3 Bucket scanner with [s3scanner](https://github.com/sa7mon/S3Scanner)

**Subdomain TakeOver**

* [tko-subs](https://github.com/anshumanbh/tko-subs)

* [Subjack](https://github.com/haccer/subjack)

**Collecting Endpoints thru [Linkfinder](https://github.com/GerbenJavado/LinkFinder/)**

**Collecting [Endpoints](https://github.com/gwen001/github-search/blob/master/github-endpoints.py) and [Secrets](https://github.com/gwen001/github-search/blob/master/github-secrets.py) in Github**

>make sure to create `.tokens` file *(containing your github token)* together with `github-endpoints.py` and `github-secrets.py` *(probably in ~/tools folder)*.

**[HTTP Request Smuggler](https://github.com/gwen001/pentest-tools/blob/master/smuggler.py)**

**[ZDNS](https://github.com/zmap/zdns)**

**[Shodan](https://cli.shodan.io/)**

**[Aquatone](https://github.com/michenriksen/aquatone)**

**Port Scanning**

* NMAP

* masscan

**[Webanalyze](https://github.com/rverton/webanalyze) for Fingerprinting assets**

**File/Dir Discovery**

* [gau](https://github.com/lc/gau) + [getching](https://github.com/phspade/getching)

**Potential XSS**

* [kxss](https://github.com/tomnomnom/hacks/tree/master/kxss)

* [dalfox](https://github.com/hahwul/dalfox)

**[Virtual Hosts](https://github.com/ffuf/ffuf) Scan**

* 401 Basic Authorization Bruteforce with FFUF

>Some subdomains has 401 authentication basic, so we need to bruteforce it with base64 credentials :)

* [FFUF](https://github.com/ffuf/ffuf)

>Added **X-Forwarded-For Header** *(you should [setup your own dns server](https://medium.com/@spade.com/a-noob-guide-to-setup-your-own-oob-dns-server-870d9e05b54a))* to check for IP Spoofing Attack.

Feel free to modify it on your own if you don't feel about on how it works :)