Skip to content

Latest commit

 

History

History
137 lines (95 loc) · 4.26 KB

README.md

File metadata and controls

137 lines (95 loc) · 4.26 KB

Follow on Twitter Follow on Twitter

Installation

For the installation of all the tools below. I linked all the github links, just make sure that its in the right directory PATH and your good to go. feel free to modify and feel free not to use it if you don't like it :)

ALL CREDIT GOES TO AMAZING CREATORS OF THIS WONDERFUL TOOLS :)

cannot make to mention y'all co'z i'm too lazy to do that though :D (i'm being honest here)

List of tools to be installed

golang

  • amass
  • subfinder
  • assetfinder
  • zcat
  • goaltdns
  • shuffledns
  • dnsprobe
  • ffuf
  • httprobe
  • tko-subs
  • subjack
  • zdns
  • aquatone
  • webanalyze
  • gau
  • getching
  • kxss
  • dalfox

APT-GET

  • jq
  • grepcidr
  • nmap
  • masscan
  • brutespray

Download Only

  • findomain
  • github-endpoints
  • github-secrets
  • smuggler

GIT

  • massdns
  • S3Scanner
  • LinkFinder
  • defparam smuggler

PIP

  • shodan

How to use

Usage: ~$ bash scanner.sh example.com

Running in background in VPS using nohup

Usage: ~$ nohup bash scanner.sh example.com &> example.out&

Need a Digitalocean?

Free $100 in DigitalOcean, just click the link below :D

DigitalOcean Referral Badge

Contributor

Big thanks to @sumgr0 :)

Links


Subdomain Enumeration

https://github.com/phspade/Project_Sonar_R7

Scan All Alive Hosts with Httprobe

  • Getting All IP from the subdomains collected with DNSProbe

Separating Cloudflare, Incapsula, Sucuri, and Akamai IPs from collected IPs

It's useless to scan Cloudflare, Incapsula, Sucuri, and Akamai IPs. (Just like talking to a wall)

FYI, Install grepcidr first apt-get install grepcidr

Subdomain TakeOver

Collecting Endpoints thru Linkfinder

Collecting Endpoints and Secrets in Github

make sure to create .tokens file (containing your github token) together with github-endpoints.py and github-secrets.py (probably in ~/tools folder).

HTTP Request Smuggler

ZDNS

Shodan

Aquatone

Port Scanning

  • NMAP
  • masscan

Webanalyze for Fingerprinting assets

File/Dir Discovery

Potential XSS

Virtual Hosts Scan

  • 401 Basic Authorization Bruteforce with FFUF

Some subdomains has 401 authentication basic, so we need to bruteforce it with base64 credentials :)

Added X-Forwarded-For Header (you should setup your own dns server) to check for IP Spoofing Attack.

Feel free to modify it on your own if you don't feel about on how it works :)