├── README.md
├── reconasha-vps.sh
└── reconasha.sh


/README.md:
--------------------------------------------------------------------------------
 1 | ## reconasha
 2 | Let the reconasha do the automation for you.
 3 | 
 4 | ## Installation
 5 | ### Kali-Linux
 6 | Check /etc/apt/sources.list file for installation sources first.
 7 | 
 8 | ``sudo apt-get update``
 9 | 
10 | ``sudo apt-get install golang python3 -y``
11 | 
12 | ``sudo apt-get install amass httpx nuclei subfinder assetfinder -y``
13 | 
14 | ``Install subjack, gau from official repository``
15 | 
16 | ``export SHODANAPIKEY=<YOUR-API-KEY>``
17 | 
18 | ``git clone https://github.com/encodedguy/reconasha``
19 | 
20 | ``cd reconasha``
21 | 
22 | ## Usage
23 | ``chmod +x reconasha.sh``
24 | 
25 | ``./reconasha.sh domains.txt``
26 | 


--------------------------------------------------------------------------------
/reconasha-vps.sh:
--------------------------------------------------------------------------------
 1 | echo "[-] Starting reconasha-vps.sh"
 2 | echo "[-]" $1
 3 | echo ""
 4 | sleep 2
 5 | 
 6 | amass enum -noalts -nolocaldb -df $1 -min-for-recursive 7 -passive -o subdomains-amass-passive.txt > /dev/null &
 7 | echo "[+] Starting Amass" & wait;
 8 | subfinder -dL $1 -silent -nC -nW -o subdomains-subfinder.txt -t 200 > /dev/null 2> /dev/null &
 9 | echo "[+] Starting Subfinder" & wait;
10 | cat $1 | assetfinder --subs-only | tee subdomains-assetfinder.txt > /dev/null &
11 | echo "[+] Starting Assetfinder" &
12 | cat $1 | parallel -j 10 ~/go/bin/crobat -s {} 2> /dev/null | tee subdomains-crobat.txt > /dev/null &
13 | echo "[+] Starting Crobat" & wait;
14 | cat $1 | ~/go/bin/haktrails subdomains | tee subdomains-haktrails.txt > /dev/null &
15 | echo "[+] Starting Haktrails" &
16 | cat $1 | parallel -j 10 shosubgo -d {} -s $SHODANAPIKEY 2> /dev/null | tee subdomains-shosubgo.txt > /dev/null &
17 | echo "[+] Starting Shosubgo" & wait;
18 | 
19 | echo ""
20 | echo "[=] Finished Amass"
21 | echo "[=] Finished Subfinder"
22 | echo "[=] Finished Assetfinder"
23 | echo "[=] Finished Crobat"
24 | echo "[=] Finished Haktrails"
25 | echo "[=] Finished Shosubgo"
26 | echo""
27 | 
28 | cat subdomains-* | sort -u | tee subdomains.txt > /dev/null;
29 | subdomains=`wc -l subdomains.txt`;
30 | 
31 | cat subdomains.txt | httpx -sc -server -title -ip -cname -silent -threads 1000 -o httpx.txt > /dev/null &
32 | echo "[+] Starting Httpx" & wait;
33 | echo "[=] Finished Httpx"
34 | subjack -w subdomains.txt -t 500 -o subjack.txt > /dev/null &
35 | echo "[+] Starting Subjack" & wait;
36 | echo "[=] Finished Httpx";
37 | 
38 | echo ""
39 | 
40 | cat httpx.txt | cut -d' ' -f1 | tee live.txt > /dev/null;
41 | live=`wc -l live.txt`;
42 | subjack=`wc -l subjack.txt`;
43 | 
44 | echo "[+] Starting Nuclei-Engine"
45 | mkdir nuclei;
46 | nuclei -silent -l live.txt -t cves -o nuclei/cves.txt -rl 1000 -c 100 > /dev/null;
47 | nuclei -l live.txt -silent -t exposures -t exposed-panels -rl 1000 -c 100 -o nuclei/exposures_exposed-panels.txt > /dev/null;
48 | nuclei -l live.txt -silent -t misconfiguration -rl 1000 -c 100 -o nuclei/misconfiguration.txt > /dev/null;
49 | nuclei -l live.txt -silent -t takeovers -t default-logins -rl 1000 -c 100 -o nuclei/takeovers_default-logins.txt > /dev/null;
50 | 
51 | echo "[=] Finished Nuclei-Engine"
52 | 
53 | echo "[+] Starting Gau" &
54 | echo subdomains.txt | gau | tee gau-output.txt > /dev/null;
55 | echo "[=] Finished Gau"
56 | 
57 | 
58 | echo ""
59 | echo "[-] Collected $subdomains Subdomains";
60 | echo "[-] Collected $live Live Hosts";
61 | echo "[-] Collected $subjack Takeovers"
62 | echo "[-] Collected Nuclei Output"
63 | echo "[$] Finished reconasha.sh"
64 | 


--------------------------------------------------------------------------------
/reconasha.sh:
--------------------------------------------------------------------------------
 1 | echo "[-] Starting reconasha.sh"
 2 | echo "Author: @encodedguy"
 3 | echo "[-]" $1
 4 | echo ""
 5 | sleep 2
 6 | 
 7 | amass enum -noalts -nolocaldb -df $1 -min-for-recursive 7 -passive -o subdomains-amass-passive.txt > /dev/null &
 8 | echo "[+] Starting Amass" &
 9 | subfinder -dL $1 -silent -nC -nW -o subdomains-subfinder.txt -t 100 > /dev/null 2> /dev/null &
10 | echo "[+] Starting Subfinder" &
11 | cat $1 | assetfinder --subs-only | tee subdomains-assetfinder.txt > /dev/null &
12 | echo "[+] Starting Assetfinder" &
13 | cat $1 | ~/go/bin/haktrails subdomains | tee subdomains-haktrails.txt > /dev/null &
14 | echo "[+] Starting Haktrails" &
15 | cat $1 | parallel -j 10 shosubgo -d {} -s $SHODANAPIKEY 2> /dev/null | tee subdomains-shosubgo.txt > /dev/null &
16 | echo "[+] Starting Shosubgo" &
17 | wait;
18 | 
19 | echo ""
20 | echo "[=] Finished Amass"
21 | echo "[=] Finished Subfinder"
22 | echo "[=] Finished Assetfinder"
23 | echo "[=] Finished Crobat"
24 | echo "[=] Finished Haktrails"
25 | echo "[=] Finished Shosubgo"
26 | echo""
27 | 
28 | cat subdomains-* | sort -u | tee subdomains.txt > /dev/null;
29 | subdomains=`wc -l subdomains.txt`;
30 | 
31 | cat subdomains.txt | httpx -sc -server -title -ip -cname -silent -t 300 -o httpx.txt > /dev/null &
32 | echo "[+] Starting Httpx" &
33 | subjack -w subdomains.txt -t 100 -ssl -o subjack.txt > /dev/null &
34 | echo "[+] Starting Subjack" &
35 | wait;
36 | 
37 | echo ""
38 | echo "[=] Finished Httpx" &
39 | echo "[=] Finished Subjack"
40 | echo ""
41 | 
42 | cat httpx.txt | cut -d' ' -f1 | tee live.txt > /dev/null;
43 | live=`wc -l live.txt`;
44 | subjack=`wc -l subjack.txt`;
45 | 
46 | mkdir nuclei;
47 | nuclei -silent -l live.txt -t cves -c 50 -o nuclei/cves.txt -rl 500 > /dev/null &
48 | echo "Starting Nuclei-Engine" &
49 | nuclei -l live.txt -silent -t exposures -t exposed-panels -rl 500 -c 50 -o nuclei/exposures_exposed-panels.txt > /dev/null &
50 | wait;
51 | 
52 | nuclei -l live.txt -silent -t misconfiguration -rl 500 -c 50 -o nuclei/misconfiguration.txt > /dev/null &
53 | nuclei -l live.txt -silent -t takeovers -t default-logins -rl 500 -c 50 -o nuclei/takeovers_default-logins.txt > /dev/null &
54 | wait;
55 | 
56 | echo "[=] Finished Nuclei-Engine"
57 | 
58 | echo "[+] Starting Gau" &
59 | echo subdomains.txt | gau | tee gau-output.txt > /dev/null;
60 | echo "[=] Finished Gau"
61 | 
62 | 
63 | echo ""
64 | echo "[-] Collected $subdomains Subdomains";
65 | echo "[-] Collected $live Live Hosts";
66 | echo "[-] Collected $subjack Takeovers"
67 | echo "[-] Collected Nuclei Output"
68 | 
69 | echo ""
70 | echo "[-] Finished reconasha.sh"
71 | 


--------------------------------------------------------------------------------