forked from nahamsec/lazyrecon
-
Notifications
You must be signed in to change notification settings - Fork 13
/
lazyrecon.sh
executable file
·148 lines (121 loc) · 6.17 KB
/
lazyrecon.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
#!/bin/bash
discovery(){
hostalive $1
screenshot $1
cleanup $1
cat ./$1/$foldername/responsive-$(date +"%Y-%m-%d").txt | sort -u | while read line; do
sleep 1
dirsearcher $line
report $1 $line
echo "$line report genareted"
sleep 1
done
}
cleanup(){
cd ./$1/$foldername/screenshots/
rename 's/_/-/g' -- *
cd $path
}
hostalive(){
cat ./$1/$foldername/$1.txt | sort -u | while read line; do
if [ $(curl --write-out %{http_code} --silent --output /dev/null -m 5 $line) = 000 ]
then
echo "$line was unreachable"
touch ./$1/$foldername/unreachable.html
echo "<b>$line</b> was unreachable<br>" >> ./$1/$foldername/unreachable.html
else
echo "$line is up"
echo $line >> ./$1/$foldername/responsive-$(date +"%Y-%m-%d").txt
fi
done
}
screenshot(){
echo "taking a screenshot of $line"
python ~/tools/webscreenshot/webscreenshot.py -o ./$1/$foldername/screenshots/ -i ./$1/$foldername/responsive-$(date +"%Y-%m-%d").txt --timeout=10 -m
}
recon(){
python ~/tools/Sublist3r/sublist3r.py -d $1 -t 10 -v -o ./$1/$foldername/$1.txt
curl -s https://certspotter.com/api/v0/certs\?domain\=$1 | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u | grep $1 >> ./$1/$foldername/$1.txt
discovery $1
cat ./$1/$foldername/$1.txt | sort -u > ./$1/$foldername/$1.txt
}
dirsearcher(){
python3 ~/tools/dirsearch/dirsearch.py -e php,asp,aspx,jsp,html,zip,jar,sql -u $line
}
report(){
touch ./$1/$foldername/reports/$line.html
echo "<title> report for $line </title>" >> ./$1/$foldername/reports/$line.html
echo "<html>" >> ./$1/$foldername/reports/$line.html
echo "<head>" >> ./$1/$foldername/reports/$line.html
echo "<link rel=\"stylesheet\" href=\"https://fonts.googleapis.com/css?family=Mina\" rel=\"stylesheet\">" >> ./$1/$foldername/reports/$line.html
echo "</head>" >> ./$1/$foldername/reports/$line.html
echo "<body><meta charset=\"utf-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css\"> <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js\"></script> <script src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js\"></script></body>" >> ./$1/$foldername/reports/$line.html
echo "<div class=\"jumbotron text-center\"><h1> Recon Report for <a/href=\"http://$line.com\">$line</a></h1>" >> ./$1/$foldername/reports/$line.html
echo "<p> Generated by <a/href=\"https://github.com/nahamsec/lazyrecon\"> LazyRecon</a> on $(date) </p></div>" >> ./$1/$foldername/reports/$line.html
echo " <div clsas=\"row\">" >> ./$1/$foldername/reports/$line.html
echo " <div class=\"col-sm-6\">" >> ./$1/$foldername/reports/$line.html
echo " <div style=\"font-family: 'Mina', serif;\"><h2>Dirsearch</h2></div>" >> ./$1/$foldername/reports/$line.html
echo "<pre>" >> ./$1/$foldername/reports/$line.html
cat ~/tools/dirsearch/reports/$line/* | while read rline; do echo "$rline" >> ./$1/$foldername/reports/$line.html
done
echo "</pre> </div>" >> ./$1/$foldername/reports/$line.html
echo " <div class=\"col-sm-6\">" >> ./$1/$foldername/reports/$line.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2>Screeshot</h2></div>" >> ./$1/$foldername/reports/$line.html
echo "<pre>" >> ./$1/$foldername/reports/$line.html
echo "Port 80 Port 443" >> ./$1/$foldername/reports/$line.html
echo "<img/src=\"../screenshots/http-$line-80.png\" style=\"max-width: 500px;\"> <img/src=\"../screenshots/https-$line-443.png\" style=\"max-width: 500px;\"> <br>" >> ./$1/$foldername/reports/$line.html
echo "</pre>" >> ./$1/$foldername/reports/$line.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2>Dig Info</h2></div>" >> ./$1/$foldername/reports/$line.html
echo "<pre>" >> ./$1/$foldername/reports/$line.html
dig $line >> ./$1/$foldername/reports/$line.html
echo "</pre>" >> ./$1/$foldername/reports/$line.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2>Host Info</h1></div>" >> ./$1/$foldername/reports/$line.html
echo "<pre>" >> ./$1/$foldername/reports/$line.html
host $line >> ./$1/$foldername/reports/$line.html
echo "</pre>" >> ./$1/$foldername/reports/$line.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2>Response Header</h1></div>" >> ./$1/$foldername/reports/$line.html
echo "<pre>" >> ./$1/$foldername/reports/$line.html
curl -sSL -D - $line -o /dev/null >> ./$1/$foldername/reports/$line.html
echo "</pre>" >> ./$1/$foldername/reports/$line.html
echo "<div style=\"font-family: 'Mina', serif;\"><h1>Nmap Results</h1></div>" >> ./$1/$foldername/reports/$line.html
echo "<pre>" >> ./$1/$foldername/reports/$line.html
echo "nmap -sV -T3 -Pn -p3868,3366,8443,8080,9443,9091,3000,8000,5900,8081,6000,10000,8181,3306,5000,4000,8888,5432,15672,9999,161,4044,7077,4040,9000,8089,443,7447,7080,8880,8983,5673,7443" >> ./$1/$foldername/reports/$line.html
nmap -sV -T3 -Pn -p3868,3366,8443,8080,9443,9091,3000,8000,5900,8081,6000,10000,8181,3306,5000,4000,8888,5432,15672,9999,161,4044,7077,4040,9000,8089,443,7447,7080,8880,8983,5673,7443 $line >> ./$1/$foldername/reports/$line.html
echo "</pre></div>" >> ./$1/$foldername/reports/$line.html
echo "</html>" >> ./$1/$foldername/reports/$line.html
}
logo(){
#can't have a bash script without a cool logo :D
echo "
_ ____ ____ ___ _ ____ _____ ____ ____ _
/ \ / _ \/_ \\ \/// __\/ __// _Y _ \/ \ /|
| | | / \| / / \ / | \/|| \ | / | / \|| |\ ||
| |_/\| |-||/ /_ / / | /| /_ | \_| \_/|| | \||
\____/\_/ \|\____//_/ \_/\_\\____\\____|____/\_/ \|
"
}
main(){
clear
logo
if [ -d "./$1" ]
then
echo "This is a known target."
else
mkdir ./$1
fi
mkdir ./$1/$foldername
mkdir ./$1/$foldername/reports/
mkdir ./$1/$foldername/screenshots/
touch ./$1/$foldername/unreachable.html
touch ./$1/$foldername/responsive-$(date +"%Y-%m-%d").txt
recon $1
}
logo
if [[ -z $@ ]]; then
echo "Error: no targets specified."
echo "Usage: ./lazyrecon.sh <target>"
exit 1
fi
path=$(pwd)
foldername=recon-$(date +"%Y-%m-%d")
main $1