-
Notifications
You must be signed in to change notification settings - Fork 7
/
web-recon.sh
executable file
·120 lines (110 loc) · 2.59 KB
/
web-recon.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#! /bin/bash
#Author : Sarath G
#variables
dom=$2
red=`tput setaf 1`
green=`tput setaf 2`
blue=`tput setaf 4`
reset=`tput sgr0`
bold=`tput bold`
arrow=$(echo -e ${bold}"\u27F6")
space=$(echo -e ${bold}"\u0020")
time=$(echo -e ${bold}"\U23F3")
thumbs=$(echo -e ${bold}"\U1F44D")
bye=$(echo -e ${bold}"\U1F44B")
#Creating temporary file for saving data
maketmp(){
mkdir tmp_dom
touch tmp_dom/tmp_subdomains.txt
touch tmp_dom/tmp_cnames.txt
}
#collecting subdomains
collect_subs(){
assetfinder -subs-only $dom | tee tmp_dom/tmp_subdomains.txt
count=$(cat tmp_dom/tmp_subdomains.txt | wc -l)
echo "Total ${count} Subdomains found"
read -p "Do you want to save the subdomains[ENTER = NO] ? " sub_save
case $sub_save in
[yY][eE][sS]|[yY])
if [[ ! -d $dom ]]; then
mkdir "$dom"
cp -r tmp_dom/tmp_subdomains.txt $dom/subdomains.txt
fi
;;
*)
echo "Subdomains not Saved"
;;
esac
}
#collecting CNAME records of all subdomains
cname_check(){
echo "Collecting CNAME records ${time} ${reset}"
while read line
do
name=$line
cname=$(dig $line CNAME +short)
if [[ -z "$cname" ]]; then
echo -e CNAME of ${bold}${red}$line${reset} NOT FOUND
else
echo -e ${bold}${green}$line${reset} ${arrow} ${space} ${bold}${blue}$cname${reset}
echo -e "CNAME of ${line} : ${cname} \n" >> tmp_dom/tmp_cnames.txt
fi
done < tmp_dom/tmp_subdomains.txt
read -p "Do you want to save the list CNAMEs [ENTER = NO] ? " cname_save
case $cname_save in
[yY][eE][sS]|[yY])
if [[ ! -d $dom ]]; then
mkdir $dom
mv tmp_dom/tmp_cnames.txt $dom/cnamerecords.txt
else
mv tmp_dom/tmp_cnames.txt $dom/cnamerecords.txt
fi
;;
esac
}
#Cleaning Temporary files
clean_tmp(){
rm -r tmp_dom
echo "Script execution completed ${thumbs}"
}
#help Message
help_msg(){
echo -e "Usage of $0 : \n \n ${bold}${red}-d ${bold}${reset}: To find the subdomains of a domain and gather CNAME of those subdomains \n (example : $0 -d example.com)
\n ${bold}${red} "
#-f ${bold}${reset}: To find the CNAME record of subdomains from given subdomain file\n (example : $0 -f subdomains.txt) \n "
}
ctrlc(){
echo -e " \n ${red}${bold}Keyboard Interrupt detected${reset}"
echo "Deleting Temporary files"
clean_tmp
echo "Bye ${bye} ${reset}"
exit
}
#main_part
trap 'ctrlc' 2
if [[ $# == 0 ]]; then
echo "Invalid Syntax. $0 -h to show help"
else
case $1 in
-d )
start_time=$(date +%s)
maketmp
collect_subs
cname_check
clean_tmp
finish_time=$(date +%s)
echo "Time duration: $((finish_time - start_time)) secs."
;;
#-f )
# maketmp
# cname_check
# clean_tmp
# ;;
-h )
help_msg
;;
* )
echo "Invalid Syntax. $0 -h to show help"
exit
esac
fi