Linux
&Mac
tested
python >= 3.7
pip3 >= 19.0
go >= 1.17
curl
wget
You can use stateful/stateless build agent (worker). There is no additional time is required for provisioning. It may look tricky cause masscan/nmap/naabu root user required.
- Fill in these required environment variables inside:
./lazyconfig
:
export HOMEUSER= # your normal, non root user: e.g.: kali
export HOMEDIR= # user's home dir e.g.: /home/kali
export STORAGEDIR= # where output saved, e.g.: ${HOMEDIR}/lazytargets
export GITHUBTOKEN=XXXXXXXXXXXXXXXXXX # a personal access token here
export DISCORDWEBHOOKURL= # https://discord.com/api/webhooks/{webhook.id}/{webhook.token}
export GOPATH=$HOMEDIR/go
export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$HOME/go/bin:$HOMEDIR/go/bin
export GO111MODULE=on
- Enable new environment
source ./lazyconfig
- Call
sudo -E ./install.sh
- Execute
sudo -E ./lazyrecon.sh "hackerone.com"
Customize .github/workflows/test-recon-action.yaml
using DISCORDWEBHOOKURL
and GITHUBTOKEN
secrets, enable --discord
to receive a report:
- name: Install & Recon
env:
GO111MODULE: on
DISCORDWEBHOOKURL: ${{ secrets.DISCORDWEBHOOKURL }}
GITHUBTOKEN: ${{ secrets.GITHUBTOKEN }}
run: |
export HOMEDIR=$HOME
export HOMEUSER=$RUNNER_USER
export STORAGEDIR="${HOMEDIR}"/lazytargets
sudo -E ./install.sh
sudo -E ./lazyrecon.sh "hackerone.com" --quiet --discord
You can configure environment variables and dependencies by hand without using the install.sh
script, but keep in mind the following:
- To start using lazyrecon script, please clone and setup the dependencies bellow
- Note that many dependencies are tuned for recon needs and differ from the original ones
- Make sure environment variables are filled in
./lazyconfig
- If you operate under VPS: first call
./helpers/linux-apt-install.sh
- Update your local
~/.gf
with./gfpatterns/*
- Use option
nuclei -update-templates
to use it properly under$HOMEDIR
, but for LFI update templates with storenth-lfi till the time projectdiscovery introduce feature for dynamic replacement of parameters. - Not forget to include LFI-Payload-List to the
./wordlist/lfi-payload.txt
- Make sure all tools correctly installed and enabled with execute permissions:
chmod +x
- Take care about appropriate tokens and API keys
- Don't forget that the script act as a root user
- subfinder
- interactsh
- assetfinder
- github-subdomains
- github-endpoints
- waybackurls
- gau
- altdns
- dnsgen
- puredns
- masscan
- massdns
- dnsx
- httpx
- nuclei
- nuclei-templates
- smuggler
- ffuf
- gf
- qsreplace
- unfurl
- sqlmap
- gospider
- ssrf-headers-tool
- storenth-lfi
- nmap
- chromium
- interlace
- page-fetch
- gowitness
- bypass-403
- linkfinder
- secretfinder
(You may copy each executable dependency to
/usr/local/bin/
, create symlinc like:ln -s $HOME/github-subdomains.py /usr/local/bin/github-subdomains
, or just export it to the PATHexport PATH=~/masscan/bin/masscan:$PATH
)