forked from m0chan/BugBounty
-
Notifications
You must be signed in to change notification settings - Fork 0
/
VPSBugBountyToolsSetup.sh
313 lines (267 loc) · 13.9 KB
/
VPSBugBountyToolsSetup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
#!/bin/bash
#
# Execute as wget -O - gist_url | bash
#
# Couldn't add gist url as, it changes after every update i.e. as soon as I save this, it's url will change :p
#
# It's debian based, so for centos and likewise you have to change apt to yum and similarly
#
InstallationStartTime=$(date +%s)
#### COLORS #### ( Taken from : https://misc.flogisoft.com/bash/tip_colors_and_formatting )
NORMAL='\e[0m'
RED='\e[31m'
LIGHT_GREEN='\e[92m'
LIGHT_YELLOW='\e[93m'
BLINK='\e[5m'
BOLD='\e[1m'
UNDERLINE='\e[4m'
###############
apt-add-repository -y ppa:rael-gc/rvm
apt update -yq # && apt upgrade -y # Do it manually, cause there are some whiptail menus that aren't automated yet and
# thus cause problems
apt-get install -yq python unzip curl git gcc make libpcap-dev python3 python-pip python3-pip clang nmap pzip-full python3.6-dev
pip install rdpy==1.3.2
timedatectl set-timezone Asia/Kolkata
echo -e "\n${LIGHT_YELLOW}Delete older go binary ${NORMAL}\n"
original_go=`which go`
rm $original_go
echo -e "\n${LIGHT_YELLOW}Download go from golang website to install v1.10.3, as subfinder requires v1.10+ ${NORMAL}\n"
wget https://dl.google.com/go/go1.10.3.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.10.3.linux-amd64.tar.gz
echo "export PATH=$PATH:/usr/local/go/bin" >> $HOME/.profile
rm go1.10.3.linux-amd64.tar.gz
echo -e "\n${LIGHT_YELLOW}Reload .bashrc and .profile ${NORMAL}\n"
source $HOME/.profile
source $HOME/.bashrc
mkdir tools && cd tools
echo -e "\n${LIGHT_YELLOW}Present Working Directory : "$PWD${NORMAL}
# git clone https://github.com/FortyNorthSecurity/EyeWitness.git && echo -e "\n${LIGHT_YELLOW}Running setup/setup.sh ${NORMAL}\n"
# Not using master repo cause, it has wrong options for extracting bzip2 archive type
# Also changed the download source to google drive so as to fasten the downloading process
# git clone https://github.com/LuD1161/EyeWitness.git && echo -e "\n${LIGHT_YELLOW}Running setup/setup.sh ${NORMAL}\n"
# cd EyeWitness/setup
# sh setup.sh
# cd ..
# Only download new phantomJS if the original EyeWitness failed
# Use the following commented code if using FortyNorthSecurity's repo, as the extracted phantomJS is wrong
# curl -L -o phantomjs-2.1.1-linux-x86_64.tar.bz2 "https://drive.google.com/uc?export=download&id=1xc14FtJ0M10PQp5Em1XsmcraOFDXHV_G" -O phantomjs-2.1.1-linux-x86_64.tar.bz2
# tar jxf phantomjs-2.1.1-linux-x86_64.tar.bz2
# cp phantomjs-2.1.1-linux-x86_64/bin/phantomjs bin
# rm -rf phantomjs-2.1.1-linux-x86_64
# rm phantomjs-2.1.1-linux-x86_64.tar.bz2
# curl -L -o geckodriver-v0.13.0-linux32.tar.gz "https://drive.google.com/uc?export=download&id=1oQ-e8vcCLo7LZJJkJ5RsibUThQd9vndE" -O geckodriver-v0.13.0-linux32.tar.gz
# tar jxf geckodriver-v0.13.0-linux32.tar.gz
# cp geckodriver-v0.13.0-linux32/bin/phantomjs bin
# rm geckodriver-v0.13.0-linux32.tar.gz
# rm -rf geckodriver-v0.13.0-linux32
cd ~/tools
git clone https://github.com/jordanpotti/CloudScraper.git && echo -e "\n${LIGHT_YELLOW}Installing CloudScraper's requirements.txt ${NORMAL}\n"
pip install -r CloudScraper/requirements.txt
go get github.com/subfinder/subfinder
if [ $? -eq 0 ]; then
mv ~/go/bin/subfinder /usr/bin/
echo -e "\n${LIGHT_YELLOW} Installed subfinder ${NORMAL}\n"
rm -rf subfinder
else
echo -e "\n${LIGHT_YELLOW}Try reinstalling subfinder manually ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}RUN : go get github.com/subfinder/subfinder ${NORMAL}\n"
fi
cd ~/tools
git clone https://github.com/blechschmidt/massdns.git && echo -e "\n${LIGHT_YELLOW}Making and copying massdns to /usr/bin/ ${NORMAL}\n"
cd massdns
make
if [ $? -eq 0 ]; then
mv /root/tools/massdns/bin/massdns /usr/bin/ && cd - # go back to main directory
mkdir /root/tools/massdns_lists
mv /root/tools/massdns/lists/* /root/tools/massdns_lists/massdns_lists/
rm -rf massdns
echo -e "\n${LIGHT_YELLOW}Installed massdns ${NORMAL}\n"
else
echo -e "\n${LIGHT_YELLOW}Try reinstalling massdns manually ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}RUN : git clone https://github.com/blechschmidt/massdns.git ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}And then cd into the directory and issue make command ${NORMAL}\n"
fi
echo -e "\n${LIGHT_YELLOW}Proceeding with installation of masscan ${NORMAL}\n"
git clone https://github.com/robertdavidgraham/masscan.git && echo -e "\n${LIGHT_YELLOW}Making masscan ${NORMAL}\n"
cd masscan
make -j
if [ $? -eq 0 ]; then
mv ./bin/masscan /usr/bin/ && cd - # go back to main directory
rm -rf masscan && echo -e "\n${LIGHT_YELLOW}Deleted masscan github local clone ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}Installed masscan ${NORMAL}\n"
else
echo -e "\n${LIGHT_YELLOW}Try reinstalling masscan manually ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}RUN : git clone https://github.com/robertdavidgraham/masscan.git ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}And then cd into the directory and issue make command ${NORMAL}\n"
fi
go get github.com/tomnomnom/waybackurls && echo -e "\n${LIGHT_YELLOW}Got waybackurls ;) ${NORMAL}\n"
mv ~/go/bin/waybackurls /usr/bin/
if [ $? -eq 0 ]; then
echo -e "\n${LIGHT_YELLOW}Installed waybackurls ${NORMAL}\n"
else
echo -e "\n${LIGHT_YELLOW}Try reinstalling waybackurls manually ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}RUN : go get github.com/tomnomnom/waybackurls && echo \"Got waybackurls ;)\" ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}Then move the binary from ~/go/bin/ to /usr/bin/ ${NORMAL}\n"
fi
git clone https://github.com/x90skysn3k/brutespray.git && echo -e "\n${LIGHT_YELLOW}Cloned Brutespray ${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}\n Downloading amass \n ${NORMAL}\n"
wget "https://drive.google.com/uc?export=download&id=1_cR9nKhoBcyZXkwifnucTTbe--qgJAUS" -O amass.zip
echo -e "\n${LIGHT_YELLOW}Extracting amass to /usr/bin/ ${NORMAL}\n"
unzip -o amass.zip -d /usr/bin/
if [ $? -eq 0 ]; then
echo -e "\n${LIGHT_YELLOW}Installed amass ${NORMAL}\n"
rm amass.zip
else
echo -e "\n${LIGHT_YELLOW}Try redownloading amass ${NORMAL}\n"
fi
apt-get install -yq python-virtualenv bc locate dnsutils apache2 tree
cd ~/tools & echo -e "\n${LIGHT_YELLOW}Cloning JS-scan ${NORMAL}\n"
git clone https://github.com/zseano/JS-Scan.git
chmod o+x JS-Scan
ln -s "/root/tools/JS-Scan" /var/www/html/JS-Scan
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning bucketkicker ${NORMAL}\n"
git clone https://github.com/craighays/bucketkicker.git
pip3 install -r ~/tools/bucketkicker/requirements.txt
echo -e "\n${LIGHT_YELLOW}Installing trufflehog ${NORMAL}\n"
pip install truffleHog
echo -e "\n${LIGHT_YELLOW}Installing wafw00f ${NORMAL}\n"
pip install wafw00f
echo -e "\n${LIGHT_YELLOW}Installing whatweb ${NORMAL}\n"
apt-get install -yq whatweb
echo -e "\n${LIGHT_YELLOW}Installing snallygaster ${NORMAL}\n"
pip3 install snallygaster
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing SubOver ${NORMAL}\n"
go get github.com/Ice3man543/SubOver
mkdir -p ~/tools/SubOver
mv ~/go/bin/SubOver ~/tools/SubOver
cp ~/go/src/github.com/Ice3man543/SubOver/providers.json ~/tools/SubOver
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning CloudFlare-Enum ${NORMAL}\n"
git clone https://github.com/mandatoryprogrammer/cloudflare_enum.git
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning AWS-Bruteforcer ${NORMAL}\n"
git clone https://github.com/Ucnt/aws-s3-bruteforce.git
cd aws-s3-bruteforce
pip install boto
cd ~/tools
# Although cloning Goohak and GoogD0rker but need to make a workaround for google's IP restriction on advanced search
# Cause these are not working for me
echo -e "\n${LIGHT_YELLOW}For Goohak and GoogD0rker pip install google ${NORMAL}\n"
pip install google
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning Goohak ${NORMAL}\n"
git clone https://github.com/1N3/Goohak.git
chmod +x Goohak/goohak
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Cloning GoogD0rker${NORMAL}\n"
# Using my own fork as the owner has still to merge my PR on his repo https://github.com/ZephrFish/GoogD0rker/pull/7/commits/89a3c1b1f76e4d562180cb4cbaaff03211e1264f
git clone https://github.com/LuD1161/GoogD0rker.git
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing brakeman : For RoR applications ${NORMAL}\n"
# Alternative : gem install brakeman
# Using git method so as to install the latest brakeman
git clone https://github.com/presidentbeef/brakeman.git
cd brakeman
gem build brakeman.gemspec
gem install brakeman-*.gem
mv ~/tools/brakeman/bin/brakeman /usr/local/bin/
mv ~/tools/brakeman/bin/codeclimate-brakeman /usr/local/bin/
rm -rf ~/tools/brakeman
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing gitleaks ${NORMAL}\n"
go get -u github.com/zricethezav/gitleaks
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing subjack${NORMAL}\n"
go get github.com/haccer/subjack
# cp ~/go/src/github.com/haccer/subjack/fingerprints.json
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Downloading aquatone binary${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}Check the latest binaries at : https://github.com/michenriksen/aquatone/releases${NORMAL}\n"
wget "https://github.com/michenriksen/aquatone/releases/download/v1.4.3/aquatone_linux_amd64_1.4.3.zip"
unzip aquatone_linux_amd64_1.4.3.zip
rm aquatone_linux_amd64_1.4.3.zip
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Installing chromium for aquatone${NORMAL}\n"
git clone https://github.com/scheib/chromium-latest-linux.git
cd chromium-latest-linux && sh update-and-run.sh
# for running chromium
apt-get install -yq --no-install-recommends libasound2 libatk1.0-0 libc6 libcairo2 libcups2 libdbus-1-3 libexpat1 libfontconfig1 libgcc1 libgconf-2-4 libgdk-pixbuf2.0-0 libglib2.0-0 libgtk-3-0 libnspr4 libpango-1.0-0 libpangocairo-1.0-0 libstdc++6 libx11-6 libx11-xcb1 libxcb1 libxcursor1 libxdamage1 libxext6 libxfixes3 libxi6 libxrandr2 libxrender1 libxss1 libxtst6 libnss3
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Getting all wordlists from gdrive, wordlists contain jhaddix's all.txt and massdns as well as subrute's names.txt ${NORMAL}\n"
mkdir wordlists
wget "https://drive.google.com/uc?export=download&id=1X1TTZhxfiLyqrI1Vrw0_DdhFfl3LzsbX" -O all_resolvers.zip
unzip -o all_resolvers.zip -d wordlists
rm all_resolvers.zip
cd ~/tools && echo -e "\n${LIGHT_YELLOW}Downloading dirbuster wordlists ${NORMAL}\n"
wget "https://drive.google.com/uc?export=download&id=1KbxiE_RFZCDpBDKAJbWeG6NXe7YNtCIc" -O all_wordlists.zip
unzip -o all_wordlists.zip -d wordlists
rm all_wordlists.zip
# Finally when all is set and folder's deleted
# Get the scripts, it's in a gist
echo -e "\n${LIGHT_YELLOW}Getting the scripts ;\) ${NORMAL}\n"
wget "https://codeload.github.com/gist/8182f825bd91344ce4c2bf5e2acdf2b3/zip/5605e06e160f1f4870b60ba98438a0aa580d1e26" -O scripts.zip
unzip -j scripts.zip -d scripts
chmod +x ~/tools/scripts/*
rm scripts.zip
# for i in $( ls scripts/*.sh ); do
# dir=$( echo $i | cut -d"/" -f2 | cut -d"." -f1)
# chmod +x $i
# if [ "$dir" != "brutespray" ]; then # Cause we need to move brutespray.sh into brutespray where the brutespray.py is originally
# mkdir $dir
# mv $i $dir
# fi
# done
# rm -rf scripts/
cd ~/tools/massdns/ && git clone https://github.com/TheRook/subbrute.git
mv subbrute/* .
rm -rf subbrute
pip install wfuzz
cd ~/tools
wget -O master_script.sh "https://gist.githubusercontent.com/LuD1161/0a85aef8e27e4a7644fd4b69efb62caa/raw/32b13233a5cbcd4c0bd4754d3e7906ca9d665c2d/master_script.sh"
chmod +x master_script.sh
wget -O nmap-input-file-creator.py "https://gist.githubusercontent.com/LuD1161/dbc44c6c028de2f0cbae9e737af5aa1e/raw/652a811492e89746a71da743e4735a08a74dcad5/nmap-input-file-creator.py"
chmod +x nmap-input-file-creator.py
apt autoremove -y
echo -e "\n${LIGHT_YELLOW}Building nmap from git ${NORMAL}\n"
cd ~/tools
git clone https://github.com/nmap/nmap.git
cd nmap && sh ./configure
make
make install
echo -e "\n${LIGHT_YELLOW}Installing wpscan requirements ${NORMAL}\n"
apt-get -yq install libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev gcc git ruby make software-properties-common
apt-add-repository -y ppa:rael-gc/rvm
apt-get update
apt-get install rvm
apt-get -yq install rvm
cd ~
source /etc/profile.d/rvm.sh
rvm install 2.5.1
rvm use 2.5.1 --default
echo -e "gem: --no-ri --no-rdoc" > ~/.gemrc
#echo -e "source /usr/local/rvm/scripts/rvm" >> ~/.bashrc
cd ~/tools
echo -e "${LIGHT_YELLOW}Cloning wpscan ${NORMAL}"
git clone https://github.com/wpscanteam/wpscan.git
cd wpscan
gem install bundler
bundle install --without test
### Install gobuster ####
echo -e "\n${LIGHT_YELLOW}Installing gobuster ${NORMAL}\n"
cd ~/tools && wget https://github.com/OJ/gobuster/releases/download/v2.0.1/gobuster-linux-amd64.7z
7z x gobuster-linux-amd64.7z
mv gobuster-linux-amd64/gobuster .
rm -rf gobuster-linux-amd64/
chmod +x ~/tools/gobuster
# cat targets.txt | while read line; do gobuster -f -k -e -to 5s -t 40 -w ~/tools/wordlists/starter.txt -u "$line" | tee out.txt ; done
#########################
echo -e "${LIGHT_YELLOW}Setting ulimit to 100000 ${LIGHT_GREEN}( so as to make gobuster work fine with 100 threads ) ${NORMAL}"
echo "ulimit -n 100000" >> ~/.bashrc
### Install searchsploit ####
echo -e "\n${LIGHT_YELLOW}Installing searchsploit${NORMAL}\n"
mkdir /opt
git clone https://github.com/offensive-security/exploitdb.git /opt/exploitdb
sed 's|path_array+=(.*)|path_array+=("/opt/exploitdb")|g' /opt/exploitdb/.searchsploit_rc > ~/.searchsploit_rc
ln -sf /opt/exploitdb/searchsploit /usr/local/bin/searchsploit
InstallationCompletionTime=$(date +%s)
echo -e "\n${LIGHT_YELLOW}Setting up GOPATH and GO bin in path ${NORMAL}\n"
echo "export GOPATH=$HOME/go" >> ~/.bashrc
echo "PATH=$PATH:/root/tools/chromium-latest-linux/latest/chrome-linux:/root/tools:$GOPATH/bin" >> ~/.bashrc
echo -e "${LIGHT_GREEN}Setup Complete Bug Bounty tools :) :) ${NORMAL}\n"
echo -e "${BOLD}Usage : ./master_script.sh domain basic|advanced${NORMAL}\n"
echo -e "Total Time taken : ${LIGHT_GREEN}$(( $InstallationCompletionTime-$InstallationStartTime )) ${NORMAL}seconds"
echo -e "\n${LIGHT_YELLOW}e.g. ./master_script.sh example.com basic|advanced ${NORMAL}\n"
echo -e "\n"
echo -e "${RED}Don't forget to add subfinder's config.json at ~/.config/subfinder/config.json${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}Also check for aquatone's latest binaries at : https://github.com/michenriksen/aquatone/releases${NORMAL}\n"
echo -e "\n${LIGHT_YELLOW}Enjoy :) ${NORMAL}\n"