├── LICENSE ├── LazyRecon.sh ├── README.md ├── get-go.sh ├── install.sh └── workflow.png /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2019 Capt. Meelo 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /LazyRecon.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | VERSION="1.3" 4 | 5 | TARGET=$1 6 | 7 | WORKING_DIR=$(cd -P -- "$(dirname -- "$0")" && pwd -P) 8 | TOOLS_PATH="$WORKING_DIR/tools" 9 | WORDLIST_PATH="$WORKING_DIR/wordlists" 10 | RESULTS_PATH="$WORKING_DIR/results/$TARGET" 11 | SUB_PATH="$RESULTS_PATH/subdomain" 12 | CORS_PATH="$RESULTS_PATH/cors" 13 | IP_PATH="$RESULTS_PATH/ip" 14 | PSCAN_PATH="$RESULTS_PATH/portscan" 15 | SSHOT_PATH="$RESULTS_PATH/screenshot" 16 | DIR_PATH="$RESULTS_PATH/directory" 17 | 18 | RED="\033[1;31m" 19 | GREEN="\033[1;32m" 20 | BLUE="\033[1;36m" 21 | YELLOW="\033[1;33m" 22 | RESET="\033[0m" 23 | 24 | displayLogo(){ 25 | echo -e " 26 | ██╗ █████╗ ███████╗██╗ ██╗██████╗ ███████╗ ██████╗ ██████╗ ███╗ ██╗ 27 | ██║ ██╔══██╗╚══███╔╝╚██╗ ██╔╝██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗ ██║ 28 | ██║ ███████║ ███╔╝ ╚████╔╝ ██████╔╝█████╗ ██║ ██║ ██║██╔██╗ ██║ 29 | ██║ ██╔══██║ ███╔╝ ╚██╔╝ ██╔══██╗██╔══╝ ██║ ██║ ██║██║╚██╗██║ 30 | ███████╗██║ ██║███████╗ ██║ ██║ ██║███████╗╚██████╗╚██████╔╝██║ ╚████║ 31 | ╚══════╝╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══ 32 | ${RED}v$VERSION${RESET} by ${YELLOW}@CaptMeelo${RESET} 33 | " 34 | } 35 | 36 | 37 | checkArgs(){ 38 | if [[ $# -eq 0 ]]; then 39 | echo -e "${RED}[+] Usage:${RESET} $0 \n" 40 | exit 1 41 | fi 42 | } 43 | 44 | 45 | runBanner(){ 46 | name=$1 47 | echo -e "${RED}\n[+] Running $name...${RESET}" 48 | } 49 | 50 | 51 | setupDir(){ 52 | echo -e "${GREEN}--==[ Setting things up ]==--${RESET}" 53 | echo -e "${RED}\n[+] Creating results directories...${RESET}" 54 | rm -rf $RESULTS_PATH 55 | mkdir -p $SUB_PATH $CORS_PATH $IP_PATH $PSCAN_PATH $SSHOT_PATH $DIR_PATH 56 | echo -e "${BLUE}[*] $SUB_PATH${RESET}" 57 | echo -e "${BLUE}[*] $CORS_PATH${RESET}" 58 | echo -e "${BLUE}[*] $IP_PATH${RESET}" 59 | echo -e "${BLUE}[*] $PSCAN_PATH${RESET}" 60 | echo -e "${BLUE}[*] $SSHOT_PATH${RESET}" 61 | echo -e "${BLUE}[*] $DIR_PATH${RESET}" 62 | } 63 | 64 | 65 | enumSubs(){ 66 | echo -e "${GREEN}\n--==[ Enumerating subdomains ]==--${RESET}" 67 | runBanner "Amass" 68 | ~/go/bin/amass -d $TARGET -o $SUB_PATH/amass.txt 69 | 70 | runBanner "subfinder" 71 | ~/go/bin/subfinder -d $TARGET -t 50 -b -w $WORDLIST_PATH/dns_all.txt $TARGET -nW --silent -o $SUB_PATH/subfinder.txt 72 | 73 | echo -e "${RED}\n[+] Combining subdomains...${RESET}" 74 | cat $SUB_PATH/*.txt | sort | awk '{print tolower($0)}' | uniq > $SUB_PATH/final-subdomains.txt 75 | echo -e "${BLUE}[*] Check the list of subdomains at $SUB_PATH/final-subdomains.txt${RESET}" 76 | 77 | echo -e "${GREEN}\n--==[ Checking for subdomain takeovers ]==--${RESET}" 78 | runBanner "subjack" 79 | ~/go/bin/subjack -a -ssl -t 50 -v -c ~/go/src/github.com/haccer/subjack/fingerprints.json -w $SUB_PATH/final-subdomains.txt -o $SUB_PATH/final-takeover.tmp 80 | cat $SUB_PATH/final-takeover.tmp | grep -v "Not Vulnerable" > $SUB_PATH/final-takeover.txt 81 | rm $SUB_PATH/final-takeover.tmp 82 | echo -e "${BLUE}[*] Check subjack's result at $SUB_PATH/final-takeover.txt${RESET}" 83 | } 84 | 85 | 86 | corsScan(){ 87 | echo -e "${GREEN}\n--==[ Checking CORS configuration ]==--${RESET}" 88 | runBanner "CORScanner" 89 | python $TOOLS_PATH/CORScanner/cors_scan.py -v -t 50 -i $SUB_PATH/final-subdomains.txt | tee $CORS_PATH/final-cors.txt 90 | echo -e "${BLUE}[*] Check the result at $CORS_PATH/final-cors.txt${RESET}" 91 | } 92 | 93 | 94 | enumIPs(){ 95 | echo -e "${GREEN}\n--==[ Resolving IP addresses ]==--${RESET}" 96 | runBanner "massdns" 97 | $TOOLS_PATH/massdns/bin/massdns -r $TOOLS_PATH/massdns/lists/resolvers.txt -q -t A -o S -w $IP_PATH/massdns.raw $SUB_PATH/final-subdomains.txt 98 | cat $IP_PATH/massdns.raw | grep -e ' A ' | cut -d 'A' -f 2 | tr -d ' ' > $IP_PATH/massdns.txt 99 | cat $IP_PATH/*.txt | sort -V | uniq > $IP_PATH/final-ips.txt 100 | echo -e "${BLUE}[*] Check the list of IP addresses at $IP_PATH/final-ips.txt${RESET}" 101 | } 102 | 103 | 104 | portScan(){ 105 | echo -e "${GREEN}\n--==[ Port-scanning targets ]==--${RESET}" 106 | runBanner "masscan" 107 | sudo $TOOLS_PATH/masscan/bin/masscan -p 1-65535 --rate 10000 --wait 0 --open -iL $IP_PATH/final-ips.txt -oX $PSCAN_PATH/masscan.xml 108 | xsltproc -o $PSCAN_PATH/final-masscan.html $TOOLS_PATH/nmap-bootstrap.xsl $PSCAN_PATH/masscan.xml 109 | open_ports=$(cat $PSCAN_PATH/masscan.xml | grep portid | cut -d "\"" -f 10 | sort -n | uniq | paste -sd,) 110 | echo -e "${BLUE}[*] Masscan Done! View the HTML report at $PSCAN_PATH/final-masscan.html${RESET}" 111 | 112 | runBanner "nmap" 113 | sudo nmap -sVC -p $open_ports --open -v -T4 -Pn -iL $SUB_PATH/final-subdomains.txt -oX $PSCAN_PATH/nmap.xml 114 | xsltproc -o $PSCAN_PATH/final-nmap.html $PSCAN_PATH/nmap.xml 115 | echo -e "${BLUE}[*] Nmap Done! View the HTML report at $PSCAN_PATH/final-nmap.html${RESET}" 116 | } 117 | 118 | 119 | visualRecon(){ 120 | echo -e "${GREEN}\n--==[ Taking screenshots ]==--${RESET}" 121 | runBanner "aquatone" 122 | cat $SUB_PATH/final-subdomains.txt | ~/go/bin/aquatone -http-timeout 10000 -scan-timeout 300 -ports xlarge -out $SSHOT_PATH/aquatone/ 123 | echo -e "${BLUE}[*] Check the result at $SSHOT_PATH/aquatone/aquatone_report.html${RESET}" 124 | } 125 | 126 | 127 | bruteDir(){ 128 | echo -e "${GREEN}\n--==[ Bruteforcing directories ]==--${RESET}" 129 | runBanner "dirsearch" 130 | echo -e "${BLUE}[*]Creating output directory...${RESET}" 131 | mkdir -p $DIR_PATH/dirsearch 132 | for url in $(cat $SSHOT_PATH/aquatone/aquatone_urls.txt); do 133 | fqdn=$(echo $url | sed -e 's;https\?://;;' | sed -e 's;/.*$;;') 134 | $TOOLS_PATH/dirsearch/dirsearch.py -b -t 100 -e php,asp,aspx,jsp,html,zip,jar,sql -x 500,503 -r -w $WORDLIST_PATH/raft-large-words.txt -u $url --plain-text-report=$DIR_PATH/dirsearch/$fqdn.tmp 135 | if [ ! -s $DIR_PATH/dirsearch/$fqdn.tmp ]; then 136 | rm $DIR_PATH/dirsearch/$fqdn.tmp 137 | else 138 | cat $DIR_PATH/dirsearch/$fqdn.tmp | sort -k 1 -n > $DIR_PATH/dirsearch/$fqdn.txt 139 | rm $DIR_PATH/dirsearch/$fqdn.tmp 140 | fi 141 | done 142 | echo -e "${BLUE}[*] Check the results at $DIR_PATH/dirsearch/${RESET}" 143 | } 144 | 145 | 146 | # Main function 147 | displayLogo 148 | checkArgs $TARGET 149 | setupDir 150 | enumSubs 151 | corsScan 152 | enumIPs 153 | portScan 154 | visualRecon 155 | bruteDir 156 | 157 | echo -e "${GREEN}\n--==[ DONE ]==--${RESET}" 158 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # LazyRecon 2 | [![release](https://img.shields.io/github/release/capt-meelo/LazyRecon.svg?label=version&style=flat)](https://github.com/capt-meelo/LazyRecon/releases) 3 | [![license](https://img.shields.io/github/license/capt-meelo/LazyRecon.svg?style=flat)](https://github.com/capt-meelo/LazyRecon/blob/master/LICENSE) 4 | [![open issues](https://img.shields.io/github/issues-raw/capt-meelo/LazyRecon.svg?style=flat)](https://github.com/capt-meelo/LazyRecon/issues?q=is:issue+is:open) 5 | [![closed issues](https://img.shields.io/github/issues-closed-raw/capt-meelo/LazyRecon.svg)](https://github.com/capt-meelo/LazyRecon/issues?q=is:issue+is:closed) 6 | 7 | LazyRecon is a wrapper of various scripts that automates the tedious and redundant process of reconnaissance of a target domain. 8 | 9 | LazyRecon utilizes the following tools: 10 | - Subdomain Enumeration: 11 | - [Amass](https://github.com/OWASP/Amass) 12 | - [Subfinder](https://github.com/subfinder/subfinder) 13 | - Subdomain Takeover: 14 | - [subjack](https://github.com/haccer/subjack) 15 | - CORS Configuration: 16 | - [CORScanner](https://github.com/chenjj/CORScanner) 17 | - IP Discovery: 18 | - [Massdns](https://github.com/blechschmidt/massdns) 19 | - Port Scanning: 20 | - [Masscan](https://github.com/robertdavidgraham/masscan) 21 | - [Nmap](https://nmap.org/) 22 | - [Nmap Bootstrap Stylesheet](https://github.com/honze-net/nmap-bootstrap-xsl/) 23 | - Visual Recon: 24 | - [Aquatone](https://github.com/michenriksen/aquatone) 25 | - Content Discovery: 26 | - [Dirsearch](https://github.com/maurosoria/dirsearch) 27 | - Wordlists: 28 | - [JHaddix's all.txt](https://gist.github.com/jhaddix/f64c97d0863a78454e44c2f7119c2a6a) 29 | - [SecLists' raft-large-words.txt](https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-large-words.txt) 30 | 31 | 32 | ## Workflow 33 | ![Flow](workflow.png) 34 | 35 | 36 | ## Installation 37 | First, run the following commands to install the latest version of **Go**. 38 | ``` 39 | git clone https://github.com/capt-meelo/LazyRecon.git 40 | cd LazyRecon 41 | source get-go.sh 42 | ``` 43 | 44 | Then, modify the `subEnumTools()` function of `install.sh` by placing your **Virustotal**, **Passivetotal**, **SecurityTrails**, **Censys**, **Riddler**, and **Shodan API keys**. This will give better results during the subdomain enumeration. 45 | ``` 46 | ~/go/bin/subfinder --set-config VirustotalAPIKey= 47 | ~/go/bin/subfinder --set-config PassivetotalUsername=,PassivetotalKey= 48 | ~/go/bin/subfinder --set-config SecurityTrailsKey= 49 | ~/go/bin/subfinder --set-config RiddlerEmail=,RiddlerPassword= 50 | ~/go/bin/subfinder --set-config CensysUsername=,CensysSecret= 51 | ~/go/bin/subfinder --set-config ShodanAPIKey= 52 | ``` 53 | Finally, run the following to install the required tools. 54 | ``` 55 | chmod +x install.sh 56 | ./install.sh 57 | ``` 58 | 59 | 60 | ## How to Use 61 | ``` 62 | cd LazyRecon 63 | chmod +x LazyRecon.sh 64 | ./LazyRecon.sh 65 | ``` 66 | 67 | 68 | ## Notes 69 | - It's suggested to run this tool in a VPS, such as [DigitalOcean](https://www.digitalocean.com/?refcode=f7f86614e1b3), for better speed & accuracy. 70 | - Running this tool takes time, thus it's recommended to run it under a **screen** or **tmux** session. 71 | - The tool runs **masscan** with the option `--rate 10000` for more accurate results. Based on experiments, **masscan** misses some open ports when scanning large port ranges. Depending on your environment, you could do the following to have a good balance between speed and accuracy: 72 | - Increase the rate, and/or reduce the number of ports. For example, use the options `--top-ports 1000` & `--rate 100000`. 73 | - If you feel **masscan** and **nmap** are slow, you can run them in the background by changing the command `portScan` to `portScan > /dev/null 2>&1 &`. 74 | 75 | 76 | 77 | ## Tested On 78 | - Ubuntu 18.10 (64-bit) 79 | - Debian 9.8 (64-bit) 80 | - Kali 2019.1 (64-bit) 81 | 82 | 83 | ## Contribute 84 | 85 | If you have any problem or new idea, feel free to create an issue, or pull a request. 86 | 87 | 88 | ## Credits 89 | 90 | All of the tools being used by LazyRecon are developed by others, so big thanks to them! 91 | 92 | 93 | ## Disclaimer 94 | 95 | This tool is written for educational purposes only. You are responsible for your own actions. If you mess something up or break any law while using this tool, it's your fault and your fault only. 96 | -------------------------------------------------------------------------------- /get-go.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RED="\033[1;31m" 4 | RESET="\033[0m" 5 | 6 | echo -e "${RED}[+] Installing the latest version of Go...${RESET}" 7 | LATEST_GO=$(wget -qO- https://golang.org/dl/ | grep -oP 'go([0-9\.]+)\.linux-amd64\.tar\.gz' | head -n 1 | grep -oP 'go[0-9\.]+' | grep -oP '[0-9\.]+' | head -c -2) 8 | wget https://dl.google.com/go/go$LATEST_GO.linux-amd64.tar.gz 9 | sudo tar -C /usr/local -xzf go$LATEST_GO.linux-amd64.tar.gz 10 | echo 'export PATH=$PATH:/usr/local/go/bin' >> ~/.profile 11 | source ~/.profile 12 | rm -rf go$LATEST_GO* 13 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | WORKING_DIR="$(cd "$(dirname "$0")" ; pwd -P)" 4 | TOOLS_PATH="$WORKING_DIR/tools" 5 | WORDLIST_PATH="$WORKING_DIR/wordlists" 6 | RED="\033[1;31m" 7 | GREEN="\033[1;32m" 8 | BLUE="\033[1;36m" 9 | RESET="\033[0m" 10 | 11 | 12 | installBanner(){ 13 | name=$1 14 | echo -e "${RED}[+] Installing $name...${RESET}" 15 | } 16 | 17 | 18 | update(){ 19 | echo -e "${GREEN}\n--==[ Setting things up ]==--${RESET}" 20 | echo -e "${RED}[+] Updating...${RESET}" 21 | sudo apt-get update -y 22 | sudo apt-get upgrade -y 23 | sudo apt-get autoremove -y 24 | sudo apt clean 25 | } 26 | 27 | 28 | createDir(){ 29 | echo -e "${RED}[+] Creating directories...${RESET}" 30 | mkdir -p $TOOLS_PATH $WORDLIST_PATH 31 | echo -e "${BLUE}[*] $TOOLS_PATH${RESET}" 32 | echo -e "${BLUE}[*] $WORDLIST_PATH\n${RESET}" 33 | } 34 | 35 | 36 | setupTools(){ 37 | installBanner "setup tools" 38 | INSTALL_PKGS="git python python-pip python3 python3-pip libldns-dev gcc g++ make libpcap-dev xsltproc curl" 39 | for i in $INSTALL_PKGS; do 40 | sudo apt-get install -y $i 41 | done 42 | 43 | if [ "ubuntu" == "$(cat /etc/os-release | grep ^ID= | cut -d '=' -f2)" ]; then 44 | sudo add-apt-repository ppa:canonical-chromium-builds/stage -y 45 | sudo apt update -y 46 | sudo apt install -y chromium-browser 47 | else 48 | sudo apt install -y chromium 49 | fi 50 | } 51 | 52 | 53 | subEnumTools(){ 54 | echo -e "${GREEN}\n--==[ Installing subdomain enum tools ]==--${RESET}" 55 | installBanner "Amass" 56 | if [ -e ~/go/bin/amass ]; then 57 | echo -e "${BLUE}[!] Amass already exists...\n${RESET}" 58 | else 59 | go get -u github.com/OWASP/Amass/... 60 | fi 61 | 62 | installBanner "subfinder" 63 | if [ -e ~/go/bin/subfinder ]; then 64 | echo -e "${BLUE}[!] Subfinder already exists...\n${RESET}" 65 | else 66 | go get -u github.com/subfinder/subfinder 67 | echo -e "${RED}[+] Setting up API keys for subfinder...${RESET}" 68 | # Set your API keys here 69 | ~/go/bin/subfinder --set-config VirustotalAPIKey= 70 | ~/go/bin/subfinder --set-config PassivetotalUsername=,PassivetotalKey= 71 | ~/go/bin/subfinder --set-config SecurityTrailsKey= 72 | ~/go/bin/subfinder --set-config RiddlerEmail=,RiddlerPassword= 73 | ~/go/bin/subfinder --set-config CensysUsername=,CensysSecret= 74 | ~/go/bin/subfinder --set-config ShodanAPIKey= 75 | fi 76 | 77 | installBanner "subjack" 78 | if [ -e ~/go/bin/subjack ]; then 79 | echo -e "${BLUE}[!] Subjack already exists...${RESET}" 80 | else 81 | go get -u github.com/haccer/subjack 82 | fi 83 | } 84 | 85 | 86 | corsTools(){ 87 | echo -e "${GREEN}\n--==[ Installing CORS config checker ]==--${RESET}" 88 | installBanner "CORScanner" 89 | if [ "$(ls -A $TOOLS_PATH/CORScanner 2>/dev/null)" ]; then 90 | echo -e "${BLUE}[!] CORScanner already exists...\n${RESET}" 91 | else 92 | cd $TOOLS_PATH 93 | git clone https://github.com/chenjj/CORScanner.git 94 | cd CORScanner 95 | sudo pip install -r requirements.txt 96 | cd $WORKING_DIR 97 | fi 98 | } 99 | 100 | 101 | ipEnumTools(){ 102 | echo -e "${GREEN}\n--==[ Installing IP enum tools ]==--${RESET}" 103 | installBanner "massdns" 104 | if [ -e $TOOLS_PATH/massdns/bin/massdns 2>/dev/null ]; then 105 | echo -e "${BLUE}[!] Massdns already installed...\n${RESET}" 106 | else 107 | cd $TOOLS_PATH 108 | git clone https://github.com/blechschmidt/massdns 109 | cd massdns 110 | make -j 111 | cd $WORKING_DIR 112 | fi 113 | } 114 | 115 | 116 | portScanTools(){ 117 | echo -e "${GREEN}\n--==[ Installing port scanners ]==--${RESET}" 118 | installBanner "masscan" 119 | if [ -e $TOOLS_PATH/masscan/bin/masscan 2>/dev/null ]; then 120 | echo -e "${BLUE}[!] Masscan already installed...\n${RESET}" 121 | else 122 | cd $TOOLS_PATH 123 | git clone https://github.com/robertdavidgraham/masscan 124 | cd masscan 125 | make -j 126 | cd $WORKING_DIR 127 | fi 128 | 129 | LATEST_NMAP="$(wget -qO- https://nmap.org/dist/ | grep -oP 'nmap-([0-9\.]+)\.tar\.bz2'| tail -n 1 | grep -oP 'nmap-[0-9\.]+' | grep -oP '[0-9\.]+' | head -c -2)" 130 | if [ ! -x "$(command -v nmap)" ]; then 131 | installBanner "nmap" 132 | wget https://nmap.org/dist/nmap-$LATEST_NMAP.tar.bz2 133 | bzip2 -cd nmap-$LATEST_NMAP.tar.bz2 | tar xvf - 134 | cd nmap-$LATEST_NMAP 135 | ./configure 136 | make -j 137 | sudo make -j install 138 | cd $WORKING_DIR 139 | rm -rf nmap-$LATEST_NMAP* 140 | else 141 | if [ "$LATEST_NMAP" == "$(nmap -V | grep version | cut -d " " -f 3)" ]; then 142 | echo -e "${BLUE}[!] Latest version of Nmap already installed...${RESET}" 143 | else 144 | echo -e "${BLUE}[!] Upgrading to the latest version of Nmap...${RESET}" 145 | wget https://nmap.org/dist/nmap-$LATEST_NMAP.tar.bz2 146 | bzip2 -cd nmap-$LATEST_NMAP.tar.bz2 | tar xvf - 147 | cd nmap-$LATEST_NMAP 148 | ./configure 149 | make -j 150 | sudo make -j install 151 | cd $WORKING_DIR 152 | rm -rf nmap-$LATEST_NMAP* 153 | fi 154 | fi 155 | } 156 | 157 | 158 | visualReconTools(){ 159 | echo -e "${GREEN}\n--==[ Installing visual recon tools ]==--${RESET}" 160 | installBanner "aquatone" 161 | if [ -e ~/go/bin/aquatone ]; then 162 | echo -e "${BLUE}[!] Aquatone already exists...\n${RESET}" 163 | else 164 | go get -u github.com/michenriksen/aquatone 165 | fi 166 | } 167 | 168 | 169 | dirBruteTools(){ 170 | echo -e "${GREEN}\n--==[ Installing content discovery tools ]==--${RESET}" 171 | installBanner "dirsearch" 172 | if [ "$(ls -A $TOOLS_PATH/dirsearch 2>/dev/null)" ]; then 173 | echo -e "${BLUE}[!] Dirsearch already exists...\n${RESET}" 174 | else 175 | cd $TOOLS_PATH 176 | git clone https://github.com/maurosoria/dirsearch 177 | cd $WORKING_DIR 178 | fi 179 | } 180 | 181 | 182 | otherTools(){ 183 | echo -e "${GREEN}\n--==[ Downloading wordlists & other tools]==--${RESET}" 184 | if [ -e $WORDLIST_PATH/dns_all.txt 2>/dev/null ] && [ -e $WORDLIST_PATH/raft-large-words.txt 2>/dev/null ]; then 185 | echo -e "${BLUE}[!] Wordlists already downloaded...\n${RESET}" 186 | else 187 | echo -e "${RED}[+] Downloading wordlists...${RESET}" 188 | wget -O $WORDLIST_PATH/dns_all.txt https://gist.githubusercontent.com/jhaddix/86a06c5dc309d08580a018c66354a056/raw/96f4e51d96b2203f19f6381c8c545b278eaa0837/all.txt 189 | wget -O $WORDLIST_PATH/raft-large-words.txt https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/raft-large-words.txt 190 | fi 191 | 192 | if [ -e $TOOLS_PATH/nmap-bootstrap.xsl 2>/dev/null ]; then 193 | echo -e "${BLUE}[!] Nmap-bootstrap.xsl already downloaded...\n${RESET}" 194 | else 195 | echo -e "${RED}[+] Downloading nmap-bootstrap-xsl...${RESET}" 196 | wget -O $TOOLS_PATH/nmap-bootstrap.xsl https://github.com/honze-net/nmap-bootstrap-xsl/raw/master/nmap-bootstrap.xsl 197 | fi 198 | } 199 | 200 | 201 | # Main function 202 | update 203 | createDir 204 | setupTools 205 | subEnumTools 206 | corsTools 207 | ipEnumTools 208 | portScanTools 209 | visualReconTools 210 | dirBruteTools 211 | otherTools 212 | 213 | echo -e "${GREEN}--==[ DONE ]==--${RESET}" 214 | -------------------------------------------------------------------------------- /workflow.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/capt-meelo/LazyRecon/5a7a3a0b8dbedd3273886ae3cf3e4035403aa4d3/workflow.png --------------------------------------------------------------------------------