├── LICENSE ├── README.md ├── casperEye-installation.sh ├── casperEye.sh └── set-api-keys.sh /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Abhishek kanaujia 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CasperEye 2 | Advance Recon Tool 3 | --- 4 | version: 1.0 5 | ▄▄ ▗▄▄▄▖ 6 | █▀▀▌ ▐▛▀▀▘ 7 | ▐▛ ▟██▖▗▟██▖▐▙█▙ ▟█▙ █▟█▌▐▌ ▝█ █▌ ▟█▙ 8 | ▐▌ ▘▄▟▌▐▙▄▖▘▐▛ ▜▌▐▙▄▟▌ █▘ ▐███ █▖█ ▐▙▄▟▌ 9 | ▐▙ ▗█▀▜▌ ▀▀█▖▐▌ ▐▌▐▛▀▀▘ █ ▐▌ ▐█▛ ▐▛▀▀▘ 10 | █▄▄▌▐▙▄█▌▐▄▄▟▌▐█▄█▘▝█▄▄▌ █ ▐▙▄▄▖ █▌ ▝█▄▄▌ 11 | ▀▀ ▀▀▝▘ ▀▀▀ ▐▌▀▘ ▝▀▀ ▀ ▝▀▀▀▘ █ ▝▀▀ 12 | ▐▌ █▌ 13 | *** 14 | 15 | # Usage 16 | 17 | ### **``` ./casperEye.sh target-Website OR casperEye.sh target-Website ```** 18 | 19 | To Enable Nmap use: 20 | casperEye.sh target-Website -nmap 21 | 22 | # Demonstration of CasperEye Advance recon tool 23 | 24 | **https://www.youtube.com/watch?v=yGKnhkrmtx8&feature=youtu.be** 25 | 26 | 27 | # About 28 | CasperEye is a script written in Bash, it is intended to automate some tedious tasks of reconnaissance and information gathering. This tool allows you to gather as much information about the target and helps to uncover huge numbers of subdomains and other juicy information. 29 | 30 | # Main Features 31 | - Create a dated folder with scan results 32 | - Grab subdomains using: 33 | 1. certdata-api 34 | 2. crt.sh API 35 | 3. certspotter API 36 | 4. assetfinder 37 | 5. Subfinder 38 | 6. Aquatone 39 | 7. Sublist3r 40 | 8. Knockpy 41 | 9. Hackertarget API 42 | 10. Subbrute 43 | 11. Dig Linux tool [ For Ip Digging ] 44 | 12. Rustscan [ Scan All Open Ports ] 45 | 13. Nmap [ Scan All Running Services on Port ] 46 | 14. Httprobe [ Provide all Live Url's] 47 | 48 | - Wayback URL Machine 49 | - SSRF Juicy Link Finder 50 | - Creating target specific wordlist 51 | - Generating separate HTTP Response Code 52 | - Supports ProtonVPN 53 | - **Sending Telegram Alert with Complete Final Recon File** 54 | - **Fetch All Target IPs** 55 | - User can enable **Nmap with Rustcan**, which will return all the open ports on the target along with all active/running services 56 | - **Ease of use. Just enter the target domain and Sit back & relax.** 57 | 58 | 59 | # Installation & Requirements 60 | - Download the script from **https://github.com/hacker50120/CasperEye** 61 | **Open terminal in relevant directory (where script is downloaded) -> write ```./casperEye-installation.sh``` and hit Enter** 62 | 63 | **Go v.1.10 or above required** 64 | 65 | # Setting up Telegram Alert Notifier 66 | ## Steps: 67 | 1. Search BotFatherin telegram App 68 | 2. Start your Bot with ``` /start``` 69 | 3. Select ```/newbot``` 70 | 4. Enter name for your bot 71 | 5. Generate your telegram bot token ``` /token ``` 72 | 6. Then enter your Bot_API and chatID in ```set-api-keys.sh``` 73 | ``` Bot_api="$$" ``` 74 | ``` chatID="$$" ``` 75 | 76 | ### How to Getting ChatId: 77 | Add that Bot in a group with you. 78 | Then send "Hi" in the group 79 | After Than go to terminal and type 80 | ```curl https://api.telegram.org/$$YOUR_API_TOKEN/getUpdates ``` 81 | You will Get ChatID of your Telegram Account. 82 | 83 | ## System Requirements 84 | Recommended running on VPS with 1VCPU and 2GB ram. 85 | 86 | # Authors and Thanks 87 | - https://github.com/tomnomnom 88 | - https://github.com/nahamsec 89 | - https://github.com/projectdiscovery/subfinder 90 | - https://github.com/michenriksen/aquatone 91 | - https://github.com/aboul3la/Sublist3r 92 | - https://github.com/guelfoweb/knock 93 | - https://github.com/TheRook/subbrute 94 | - https://github.com/RustScan/RustScan 95 | - https://protonvpn.com/ 96 | 97 | # TO DO 98 | New features in the queue 😇 99 | 100 | ## Warning: 101 | This code was originally created for personal use, it generates a substantial amount of traffic, please use with caution. 102 | -------------------------------------------------------------------------------- /casperEye-installation.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | file_dir="$(pwd)" 3 | BLINK='\e[5m' 4 | BOLD='\e[1m' 5 | GREEN='\e[92m' 6 | YELLOW='\e[93m' 7 | CYAN='\e[96m' 8 | RESET='\e[0m' 9 | RED='\e[31m' 10 | UNDERLINE='\e[4m' 11 | PURPLE='\e[95m' 12 | 13 | logo(){ 14 | echo -e """ ${BOLD}${YELLOW} 15 | version: 1.0 ${RESET} ${BOLD}${RED} 16 | ▄▄ ▗▄▄▄▖ 17 | █▀▀▌ ▐▛▀▀▘ 18 | ▐▛ ▟██▖▗▟██▖▐▙█▙ ▟█▙ █▟█▌▐▌ ▝█ █▌ ▟█▙ 19 | ▐▌ ▘▄▟▌▐▙▄▖▘▐▛ ▜▌▐▙▄▟▌ █▘ ▐███ █▖█ ▐▙▄▟▌ 20 | ▐▙ ▗█▀▜▌ ▀▀█▖▐▌ ▐▌▐▛▀▀▘ █ ▐▌ ▐█▛ ▐▛▀▀▘ 21 | █▄▄▌▐▙▄█▌▐▄▄▟▌▐█▄█▘▝█▄▄▌ █ ▐▙▄▄▖ █▌ ▝█▄▄▌ 22 | ▀▀ ▀▀▝▘ ▀▀▀ ▐▌▀▘ ▝▀▀ ▀ ▝▀▀▀▘ █ ▝▀▀ 23 | ▐▌ █▌ 24 | ${RESET}${PURPLE}${UNDERLINE}Devloped By -AbhisheK${RESET} 25 | """ 26 | } 27 | logo 28 | 29 | system-update(){ 30 | sudo apt-get -y update 31 | sudo apt-get -y upgrade 32 | } 33 | #Tools_dir. 34 | tools-location(){ 35 | mkdir $HOME/CasperEye 36 | mkdir $HOME/CasperEye/tools 37 | } 38 | 39 | tools-location 40 | TOOLS_DIR="$HOME/CasperEye/tools" 41 | 42 | #Checking is tool already Installed or Not..!! 43 | check_command () { 44 | command -v "$1" >/dev/null 45 | } 46 | 47 | #no-1 Docker 48 | installDocker() { 49 | sudo apt-get update 50 | sudo apt-get install -y apt-transport-https ca-certificates curl gnupg-agent software-properties-common vim git python-pip build-essential libbz2-dev zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev ntp 51 | sudo systemctl enable ntp 52 | curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - 53 | sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" 54 | sudo add-apt-repository -y ppa:deadsnakes/ppa 55 | sudo apt-get update 56 | sudo pip install --upgrade pip 57 | sudo pip install docker-compose 58 | sudo apt-get -y install docker-ce docker-ce-cli containerd.io 59 | } 60 | 61 | installPython(){ 62 | PYTHON_VERSION="3.7.6" 63 | PYTHON_FILE="Python-$PYTHON_VERSION.tgz" 64 | wget https://www.python.org/ftp/python/$PYTHON_VERSION/$PYTHON_FILE 65 | tar -xvf $PYTHON_FILE 66 | rm -rf $PYTHON_FILE 67 | cd Python-$PYTHON_VERSION 68 | ./configure 69 | make -j 1 70 | sudo make altinstall 71 | cd .. 72 | sudo rm -rf Python-$PYTHON_VERSION 73 | } 74 | 75 | installRuby(){ 76 | wget https://cache.ruby-lang.org/pub/ruby/2.7/ruby-2.7.0.tar.gz 77 | gunzip -d ruby-2.7.0.tar.gz 78 | tar -xvf ruby-2.7.0.tar 79 | cd ruby-2.7.0/ 80 | ./configure 81 | make 82 | sudo make install 83 | cd .. 84 | rm -rf ruby-2.7.0 85 | } 86 | 87 | ProtonVPN(){ 88 | #You Can Signup : https://account.protonvpn.com/signup/account 89 | echo -e "${BOLD}${GREEN}[+] Installing ProtonVPN...${RESET}" 90 | sudo apt install -y openvpn dialog python3-pip python3-setuptools 91 | sudo pip3 install protonvpn-cli 92 | echo -e "${BOLD}${GREEN}[*] Setting Up ProtonVPN...${RESET}" 93 | sudo protonvpn init 94 | } 95 | 96 | install-go(){ 97 | #install go 98 | if [[ -z "$GOPATH" ]];then 99 | echo "It looks like go is not installed In Your Machine, Would you like to install it?" 100 | PS3="Please select an option : " 101 | choices=("yes" "no") 102 | select choice in "${choices[@]}"; do 103 | case $choice in 104 | yes) 105 | 106 | echo "Installing Golang" 107 | wget https://dl.google.com/go/go1.13.4.linux-amd64.tar.gz 108 | sudo tar -xvf go1.13.4.linux-amd64.tar.gz 109 | sudo mv go /usr/local 110 | export GOROOT=/usr/local/go 111 | export GOPATH=$HOME/go 112 | export PATH=$GOPATH/bin:$GOROOT/bin:$PATH 113 | echo 'export GOROOT=/usr/local/go' >> ~/.bash_profile 114 | echo 'export GOPATH=$HOME/go' >> ~/.bash_profile 115 | echo 'export PATH=$GOPATH/bin:$GOROOT/bin:$PATH' >> ~/.bash_profile 116 | source ~/.bash_profile 117 | sleep 1 118 | break 119 | ;; 120 | no) 121 | echo "Please install go and rerun this script" 122 | echo "Aborting installation..." 123 | exit 1 124 | ;; 125 | esac 126 | done 127 | fi 128 | } 129 | 130 | otherlib() { 131 | sudo apt-get install -y libcurl4-openssl-dev 132 | sudo apt-get install -y libssl-dev 133 | sudo apt-get install -y jq 134 | sudo apt-get install -y ruby-full 135 | sudo apt-get install -y libcurl4-openssl-dev libxml2 libxml2-dev libxslt1-dev ruby-dev build-essential libgmp-dev zlib1g-dev 136 | sudo apt-get install -y build-essential libssl-dev libffi-dev python-dev 137 | sudo apt-get install -y python-setuptools 138 | sudo apt-get install -y libldns-dev 139 | sudo apt-get install -y python3-pip 140 | sudo apt-get install -y python-pip 141 | sudo apt-get install -y python-dnspython 142 | sudo apt-get install -y git 143 | sudo apt-get install -y rename 144 | sudo apt-get install -y xargs 145 | 146 | } 147 | 148 | my-alias(){ 149 | #create copy of bashrc 150 | sudo cp ~/.bashrc ~/.bashrc_copy 151 | mkdir $TOOLS_DIR/my-own-shortcut 152 | touch $TOOLS_DIR/my-own-shortcut/shortcut.sh 153 | sudo echo "source $TOOLS_DIR/my-own-shortcut/shortcut.sh" >> ~/.bashrc 154 | source ~/.bashrc 155 | } 156 | my-alias 157 | 158 | 159 | recon-tool(){ 160 | echo "Don't forget to set up AWS credentials!" 161 | apt install -y awscli 162 | 163 | #--------GoLang Recon tool---------# 164 | 165 | echo -e "${BOLD}${YELLOW}[~] Installing GoLang Recon tool${RESET}" 166 | 167 | if ! check_command amass; then 168 | export GO111MODULE=on 169 | echo -e "${BOLD}${GREEN}[+] Installing amass...${RESET}" 170 | go get -u github.com/OWASP/Amass/v3/... 171 | else 172 | echo -e "${BOLD}${GREEN}[+] Installing amass...${YELLOW}[ALREADY INSTALLED]${RESET}" 173 | fi 174 | 175 | if ! check_command subfinder; then 176 | echo -e "${BOLD}${GREEN}[+] Installing subfinder...${RESET}" 177 | go get github.com/projectdiscovery/subfinder/cmd/subfinder 178 | else 179 | echo -e "${BOLD}${GREEN}[+] Installing subfinder...${YELLOW}[ALREADY INSTALLED]${RESET}" 180 | fi 181 | 182 | if ! check_command gobuster; then 183 | echo -e "${BOLD}${GREEN}[+] Installing gobuster...${RESET}" 184 | go get github.com/OJ/gobuster 185 | else 186 | echo -e "${BOLD}${GREEN}[+] Installing gobuster...${YELLOW}[ALREADY INSTALLED]${RESET}" 187 | fi 188 | 189 | 190 | if ! check_command dig; then 191 | echo -e "${BOLD}${GREEN}[+] Installing dig Command...${RESET}" 192 | sudo apt install dnsutils 193 | else 194 | echo -e "${BOLD}${GREEN}[+] Installing Dig...${YELLOW}[ALREADY INSTALLED]${RESET}" 195 | fi 196 | 197 | 198 | #TOMNOMNOM TOOLS-- 199 | 200 | if ! check_command httprobe; then 201 | echo -e "${BOLD}${GREEN}[+] Installing httprobe...${RESET}" 202 | go get -u github.com/tomnomnom/httprobe 203 | else 204 | echo -e "${BOLD}${GREEN}[+] Installing httprobe...${YELLOW}[ALREADY INSTALLED]${RESET}" 205 | fi 206 | 207 | if ! check_command anti-burl; then 208 | echo -e "${BOLD}${GREEN}[+] Installing anti-burl...${RESET}" 209 | #Broken Url Finder 210 | go get -u github.com/tomnomnom/hacks/anti-burl 211 | else 212 | echo -e "${BOLD}${GREEN}[+] Installing anti-burl...${YELLOW}[ALREADY INSTALLED]${RESET}" 213 | fi 214 | 215 | if ! check_command burl; then 216 | echo -e "${BOLD}${GREEN}[+] Installing burl...${RESET}" 217 | #Broken Url Finder 218 | go get github.com/tomnomnom/burl 219 | else 220 | echo -e "${BOLD}${GREEN}[+] Installing burl...${YELLOW}[ALREADY INSTALLED]${RESET}" 221 | fi 222 | 223 | if ! check_command waybackurls; then 224 | echo -e "${BOLD}${GREEN}[+] Installing waybackurls...${RESET}" 225 | go get -u github.com/tomnomnom/waybackurls 226 | else 227 | echo -e "${BOLD}${GREEN}[+] Installing waybackurls...${YELLOW}[ALREADY INSTALLED]${RESET}" 228 | fi 229 | 230 | if ! check_command assetfinder; then 231 | echo -e "${BOLD}${GREEN}[+] Installing assetfinder...${RESET}" 232 | go get -u github.com/tomnomnom/assetfinder 233 | else 234 | echo -e "${BOLD}${GREEN}[+] Installing assetfinder...${YELLOW}[ALREADY INSTALLED]${RESET}" 235 | fi 236 | 237 | #install aquatone 238 | if ! check_command aquatone; then 239 | echo -e "${BOLD}${GREEN}[+] Installing aquatone...${RESET}" 240 | echo "Installing Aquatone" 241 | go get github.com/michenriksen/aquatone 242 | gem install aquatone 243 | echo "done" 244 | fi 245 | 246 | #install Subbrute 247 | if [ ! -d "$TOOLS_DIR/subbrute" ]; then 248 | echo -e "${BOLD}${GREEN}[+] Installing subbrute to $TOOLS_DIR/subbrute...${RESET}" 249 | git clone https://github.com/TheRook/subbrute $TOOLS_DIR/subbrute 250 | else 251 | echo -e "${BOLD}${GREEN}[+] Installing subbrute to $TOOLS_DIR/subbrute...${YELLOW}[ALREADY INSTALLED]${RESET}" 252 | fi 253 | 254 | 255 | #------------------------ Others tools -------------------------# 256 | 257 | 258 | #install chromium 259 | if ! check_command chromium; then 260 | echo -e "${BOLD}${GREEN}[+] Installing Chromium...${RESET}" 261 | echo "Installing chromium" 262 | sudo snap install chromium 263 | echo "done" 264 | fi 265 | 266 | if [ ! -d "$TOOLS_DIR/JSParser" ]; then 267 | echo -e "${BOLD}${GREEN}[+] Installing JSParser to $TOOLS_DIR/JSParser...${RESET}" 268 | git clone https://github.com/nahamsec/JSParser $TOOLS_DIR/JSParser 269 | sudo python setup.py install 270 | else 271 | echo -e "${BOLD}${GREEN}[+] Installing JSParser to $TOOLS_DIR/JSParser...${YELLOW}[ALREADY INSTALLED]${RESET}" 272 | fi 273 | 274 | if [ ! -d "$TOOLS_DIR/Sublist3r" ]; then 275 | echo -e "${BOLD}${GREEN}[+] Installing Sublist3r to $TOOLS_DIR/Sublist3r...${RESET}" 276 | git clone https://github.com/aboul3la/Sublist3r $TOOLS_DIR/Sublist3r 277 | pip install -r requirements.txt 278 | else 279 | echo -e "${BOLD}${GREEN}[+] Installing Sublist3r to $TOOLS_DIR/Sublist3r...${YELLOW}[ALREADY INSTALLED]${RESET}" 280 | fi 281 | 282 | 283 | if [ ! -d "$TOOLS_DIR/knock.py" ]; then 284 | echo -e "${BOLD}${GREEN}[+] Installing knock.py to $TOOLS_DIR/knock.py...${RESET}" 285 | git clone https://github.com/guelfoweb/knock $TOOLS_DIR/knock 286 | python $TOOLS_DIR/knock/setup.py install 287 | pip install -r $TOOLS_DIR/knock/equirements.txt 288 | else 289 | echo -e "${BOLD}${GREEN}[+] Installing knock.py to $TOOLS_DIR/knock.py...${YELLOW}[ALREADY INSTALLED]${RESET}" 290 | fi 291 | 292 | #Install rustScan for Fast Port Scanning 293 | 294 | if ! check_command rustscan; then 295 | echo -e "${BOLD}${GREEN}[+] Installing rustscan...${RESET}" 296 | docker run -it --rm --name rustscan cmnatic/rustscan:debian-buster rustscan 297 | echo "alias rustscan='sudo docker run -it --rm --name rustscan cmnatic/rustscan:debian-buster rustscan $1'" >> ~/.bashrc 298 | else 299 | echo -e "${BOLD}${GREEN}[+] Installing rustscan...${YELLOW}[ALREADY INSTALLED]${RESET}" 300 | fi 301 | 302 | #---------------Nmap Installation If Apt is not found then using make command-------------# 303 | 304 | if ! check_command nmap; then 305 | echo -e "${BOLD}${GREEN}[+] Installing nmap...${RESET}" 306 | sudo apt-get install -y nmap 307 | else 308 | echo -e "${BOLD}${GREEN}[+] Installing nmap...${YELLOW}[ALREADY INSTALLED]${RESET}" 309 | fi 310 | 311 | if ! check_command nmap; then 312 | 313 | echo -e "${BOLD}${GREEN}[+] Installing nmap...${RESET}" 314 | git clone https://github.com/nmap/nmap.git 315 | cd nmap 316 | echo -e "${CYAN}[!] Configuring nmap...${RESET}" 317 | sh ./configure 318 | echo -e "${CYAN}[!] Running make nmap...${RESET}" 319 | make 320 | echo -e "${CYAN}[!] Runing make install nmap...${RESET}" 321 | sudo make install 322 | cd .. 323 | rm -rf nmap 324 | else 325 | echo -e "${BOLD}${GREEN}[+] Installing nmap...${YELLOW}[ALREADY INSTALLED]${RESET}" 326 | fi 327 | 328 | #---------------------------------------------------------------------------# 329 | 330 | if [ ! -d "$TOOLS_DIR/asnlookup" ]; then 331 | echo -e "${BOLD}${GREEN}[+] Installing asnlookup to $TOOLS_DIR/asnlookup...${RESET}" 332 | git clone https://github.com/yassineaboukir/asnlookup $TOOLS_DIR/asnlookup 333 | cd $TOOLS_DIR/asnlooku* 334 | pip install -r requirements.txt 335 | else 336 | echo -e "${BOLD}${GREEN}[+] Installing asnlookup to $TOOLS_DIR/asnlookup...${YELLOW}[ALREADY INSTALLED]${RESET}" 337 | fi 338 | 339 | if [ ! -d "$TOOLS_DIR/crtndstry" ]; then 340 | echo -e "${BOLD}${GREEN}[+] Installing crtndstry to $TOOLS_DIR/crtndstry...${RESET}" 341 | git clone https://github.com/nahamsec/crtndstry $TOOLS_DIR/crtndstry 342 | else 343 | echo -e "${BOLD}${GREEN}[+] Installing crtndstry to $TOOLS_DIR/crtndstry...${YELLOW}[ALREADY INSTALLED]${RESET}" 344 | fi 345 | 346 | if [ ! -d "$TOOLS_DIR/dirsearch" ]; then 347 | echo -e "${BOLD}${GREEN}[+] Installing dirsearch...${RESET}" 348 | git clone https://github.com/maurosoria/dirsearch.git $TOOLS_DIR/dirsearch 349 | else 350 | echo -e "${BOLD}${GREEN}[+] Installing dirsearch...${YELLOW}[ALREADY INSTALLED]${RESET}" 351 | fi 352 | } 353 | 354 | Symbolic_link(){ 355 | declare -a link=("amass" ,"subfinder" ,"gobuster" ,"waybackurls" ,"httprobe" ,"anti-burl" ,"burl" ,"assetfinder" ,"aquatone") 356 | for i in "${link[@]}" 357 | do 358 | sudo ln -s $HOME/go/bin/$i /usr/bin/$i 359 | done 360 | 361 | #Create run.sh bash script for subbrute 362 | echo """#!/bin/bash 363 | sudo python3 $HOME/CasperEye/tools/subbrute/subbrute.py -p $1 364 | $1 """ > $HOME/CasperEye/tools/subbrute/subbrute.sh 365 | chmod +x $HOME/CasperEye/tools/subbrute/subbrute.sh 366 | sudo ln -s $HOME/CasperEye/tools/subbrute/./subbrute.sh /usr/bin/subbrute 367 | 368 | #Create run.sh bash script for Sublist3r 369 | echo """#!/bin/bash 370 | python3 $HOME/CasperEye/tools/Sublist3r/sublist3r.py -d $1 -r $HOME/CasperEye/tools/subbrute/resolvers.txt 371 | $1 """ > $HOME/CasperEye/tools/Sublist3r/sublist3r.sh 372 | chmod +x $HOME/CasperEye/tools/Sublist3r/sublist3r.sh 373 | sudo ln -s $HOME/CasperEye/tools/Sublist3r/./sublist3r.sh /usr/bin/sublist3r 374 | 375 | } 376 | 377 | RapUp(){ 378 | #Creating Shortcut for CasperEye 379 | sudo ln -s $file_dir/./casperEye.sh /usr/bin/casperEye 380 | } 381 | 382 | #Installing All recon tools.. 383 | system-update 384 | recon-tool 385 | installDocker 386 | installPython 387 | installRuby 388 | ProtonVPN 389 | otherlib 390 | install-go 391 | Symbolic_link 392 | RapUp 393 | 394 | echo -e "${BOLD}${GREEN} Do You Wanna Set-Up your Api Keys.?${RESET}\n" 395 | read -p "yes / no" choice 396 | if [[ "$choice" == "yes" || "$choice" == "y" ]] 397 | then 398 | nano set-api-keys.sh 399 | echo -e "${BOLD}${YELLOW}--[ All Bug Bounty tools installation complete ]-- ${RESET}" 400 | else 401 | echo -e "${BOLD}${YELLOW}--[ All Bug Bounty tools installation complete ]-- ${RESET}" 402 | fi 403 | -------------------------------------------------------------------------------- /casperEye.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | telegram_dir="$(pwd)" 3 | VERSION="1.0" 4 | DIR="$HOME/CasperEye-Output" 5 | target=$1 6 | rust_nmap=$2 7 | special_feature="$2" 8 | date=$(date +'%Y-%m-%d_%H-%M-%S') 9 | sudo service docker start 10 | 11 | BLINK='\e[5m' 12 | BOLD='\e[1m' 13 | GREEN='\e[92m' 14 | YELLOW='\e[93m' 15 | CYAN='\e[96m' 16 | RESET='\e[0m' 17 | RED='\e[31m' 18 | UNDERLINE='\e[4m' 19 | PURPLE='\e[95m' 20 | BLUE="\e[94m" 21 | 22 | #Changement For batch size and time 23 | batch_size="700" 24 | time="1500" 25 | 26 | logo(){ 27 | echo -e """ ${BOLD}${YELLOW} 28 | version: 1.0 ${RESET} ${BOLD}${RED} 29 | ▄▄ ▗▄▄▄▖ 30 | █▀▀▌ ▐▛▀▀▘ 31 | ▐▛ ▟██▖▗▟██▖▐▙█▙ ▟█▙ █▟█▌▐▌ ▝█ █▌ ▟█▙ 32 | ▐▌ ▘▄▟▌▐▙▄▖▘▐▛ ▜▌▐▙▄▟▌ █▘ ▐███ █▖█ ▐▙▄▟▌ 33 | ▐▙ ▗█▀▜▌ ▀▀█▖▐▌ ▐▌▐▛▀▀▘ █ ▐▌ ▐█▛ ▐▛▀▀▘ 34 | █▄▄▌▐▙▄█▌▐▄▄▟▌▐█▄█▘▝█▄▄▌ █ ▐▙▄▄▖ █▌ ▝█▄▄▌ 35 | ▀▀ ▀▀▝▘ ▀▀▀ ▐▌▀▘ ▝▀▀ ▀ ▝▀▀▀▘ █ ▝▀▀ 36 | ▐▌ █▌ 37 | ${RESET}${PURPLE}${UNDERLINE}Devloped By -AbhisheK${RESET} 38 | """ 39 | } 40 | 41 | 42 | input="$1" 43 | if [[ "$input" == "--help" || "$input" == "-h" ]] 44 | then 45 | #Help Area 46 | #For logo Print 47 | logo 48 | printf "\n\n" 49 | echo -e "${BOLD}${BLUE}[*] For using Nmap use: -nmap \n${RESET}" 50 | echo -e """${BLUE}${BOLD}[*] Rustscan use: ${RESET}${BLUE} 51 | Default batch size is : 700 52 | Default time is : 1500 (1.5 seconds) 53 | ${YELLOW} 54 | bathc size: Means no of Port Scan in 1 sec 55 | Default time : take sleep for 1.5 sec 56 | ${RESET}""" 57 | 58 | echo -e "${YELLOW}[*]You can Connect with Vpn Also Just remove # before 59 | ProtonVPN_Connect 60 | ${RESET}" 61 | 62 | echo -e "${BOLD}${PURPLE}\t\t-----------[ Supported Tools ]-----------\n${RESET}" 63 | 64 | echo -e "${BOLD}${BLUE}[*]certdata-api 65 | ${CYAN}1. crt.sh API 66 | 2. certspotter API 67 | 3. assetfinder [Tomnonon Tool] 68 | ${RESET}" 69 | 70 | echo -e "${BOLD}${BLUE}[*]Subfinder ${CYAN}[projectdiscovery]${RESET}" 71 | echo -e "${BOLD}${BLUE}[*]Aquatone ${CYAN}[michenriksen]${RESET}" 72 | echo -e "${BOLD}${BLUE}[*]Sublist3r ${CYAN}[aboul3la OSINT]${RESET}" 73 | echo -e "${BOLD}${BLUE}[*]Knockpy ${CYAN}[guelfoweb]${RESET}" 74 | echo -e "${BOLD}${BLUE}[*]Hackertarget API ${RESET}" 75 | echo -e "${BOLD}${BLUE}[*]Subbrute ${CYAN}[TheRook${RESET}" 76 | echo -e "${BOLD}${BLUE}[*]DIg Linux tool ${RESET}" 77 | echo -e "${BOLD}${BLUE}[*]Rustscan ${RESET}" 78 | echo -e "${BOLD}${BLUE}[*]Nmap ${RESET}" 79 | echo -e "${BOLD}${BLUE}[*]WayBack URL Machine ${RESET}" 80 | echo -e "${BOLD}${BLUE}[*]SSRF Link Finder ${RESET}" 81 | echo -e "${BOLD}${BLUE}[*]Creating Target Wordlist ${RESET}" 82 | echo -e "${BOLD}${BLUE}[*]Httprobe 'Live Url Scan' [Tomnomnom] ${RESET}" 83 | echo -e "${BOLD}${BLUE}[*]Genrating HTTP Response Code ${RESET}" 84 | echo -e "${BOLD}${BLUE}[*]ProtonVPN Free Version ${RESET}" 85 | echo -e "${BOLD}${BLUE}[*]Sending Telegram Alert with Complete Final Recon File ${RESET}" 86 | 87 | elif [[ -z "${input}" ]] 88 | then 89 | #Correct Syntax 90 | logo 91 | echo -e """${BOLD}${GREEN} 92 | [Right Syntax is: ${PURPLE} ./casperEye.sh target-Website${GREEN}] 93 | ${RESET}""" 94 | echo -e "${YELLOW} 95 | For More Help use [--help] or [-h] 96 | ${RESET}" 97 | else 98 | #logo Printing 99 | logo 100 | 101 | #Execution Of Whole Code 102 | dir-check(){ 103 | mkdir -p $DIR/${target}_${date} 104 | cd $DIR/${target}_${date} 105 | output_dir=$(pwd) 106 | echo -e "${BOLD}${GREEN}[+] Directory Created...${RESET}\n" 107 | } 108 | dir-check $1 109 | 110 | runBanner(){ 111 | name=$1 112 | echo -e "${GREEN}\n[+] Running $name...${RESET}" 113 | } 114 | 115 | 116 | ProtonVPN_Connect() { 117 | #Username: hodif46657 118 | sudo protonvpn c -r 119 | } 120 | 121 | ProtonVPN_disconnect() { 122 | protonvpn d 123 | } 124 | 125 | 126 | certdata-abhi(){ 127 | if [ ! -x "$(command -v jq)" ]; then 128 | echo "[-] This script requires jq. Exiting." 129 | exit 1 130 | fi 131 | 132 | 133 | 134 | certdata(){ 135 | #give it patterns to look for within crt.sh for example %api%.site.com 136 | declare -a arr=("api" "corp" "dev" "devops" "uat" "test" "stag" "stage" "sandbox" "prod" "priv" "private" "internal" "db" "qa" "staff" "jenkins") 137 | for i in "${arr[@]}" 138 | do 139 | #get a list of domains based on our patterns in the array 140 | crtsh=$(curl -s https://crt.sh/\?q\=%25.$i.$1\&output\=json | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u | tee -a $output_dir/$1-crtsh.txt ) 141 | done 142 | #get a list of domains from certspotter 143 | certspotter=$(curl -s https://certspotter.com/api/v0/certs\?domain\=$1 | jq '.[].dns_names[]' | sed 's/\"//g' | sed 's/\*\.//g' | sort -u | grep -w $1\$ | tee -a $output_dir/$1-certspotter.txt) 144 | #get a list of domains from digicert 145 | digicert=$(curl -s https://ssltools.digicert.com/chainTester/webservice/ctsearch/search?keyword=$1 -o $output_dir/$1-digicert.json) 146 | } 147 | 148 | assetdata() { 149 | assetfinder $1 | sort -u | grep -w "$1" | tee -a $output_dir/$1-assetfinder.txt 150 | } 151 | 152 | rootdomains() { #this creates a list of all unique root sub domains 153 | cat $output_dir/$1-crtsh.txt | rev | cut -d "." -f 1,2,3 | sort -u | rev > $1-temp.txt 154 | cat $output_dir/$1-certspotter.txt | rev | cut -d "." -f 1,2,3 | sort -u | rev >> $1-temp.txt 155 | cat $output_dir/$1-assetfinder.txt | rev | cut -d "." -f 1,2,3 | sort -u | rev >> $1-temp.txt 156 | 157 | jq -r '.data.certificateDetail[].commonName,.data.certificateDetail[].subjectAlternativeNames[]' $output_dir/$1-digicert.json | sed 's/"//g' | grep -w "$domain$" | grep -v '^*.' | rev | cut -d "." -f 1,2,3 | sort -u | rev >> $output_dir/$1-temp.txt 158 | cat $output_dir/$1-temp.txt | tr '[:upper:]' '[:lower:]' | sort -u | tee $1_certdata_mainFile.txt; 159 | rm $output_dir/$1-temp.txt 160 | } 161 | 162 | certdata $1 163 | assetdata $1 164 | rootdomains $1 165 | 166 | } 167 | 168 | 169 | Subfinder(){ 170 | echo -e "${GREEN} Running subfinder on targets ${RESET}" 171 | runBanner "subfinder" 172 | sudo subfinder -d $1 |grep "$target" | tee -a $output_dir/${target}_subfinder.txt 173 | echo -e "${BLUE}[*] Subfinder Done! View the File${RESET}" 174 | } 175 | 176 | Aquatone(){ 177 | echo -e "${GREEN} Running aquatone on targets ${RESET}" 178 | runBanner "aquatone" 179 | aquatone-discover -d $1 180 | cat $HOME/aquatone/${target}/hosts.txt | cut -d ',' -f1 | tee -a $output_dir/${target}_aquatone.txt 181 | echo -e "${BLUE}[*] aquatone Done! View the File${RESET}" 182 | } 183 | 184 | Sublist3r(){ 185 | echo -e "${GREEN} Running Sublist3r on targets ${RESET}" 186 | sublist3r -d $1 -o temp 187 | cat temp | grep "$target" | tee -a $output_dir/${target}_sublist3r.txt 188 | echo -e "${BLUE}[*] sublist3r Done! View the File${RESET}" 189 | rm temp 190 | } 191 | 192 | Knockpy(){ 193 | echo -e "${GREEN} Running knockpy on targets ${RESET}" 194 | runBanner "knockpy" 195 | knockpy $1 | tee -a temp 196 | cat temp | grep "$target" >> $output_dir/${target}_knockpy.txt 197 | #you can Use Own Wordlist [ knockpy domain.com -w wordlist.txt ] 198 | echo -e "${BLUE}[*] knockpy Done! View the File${RESET}" 199 | rm temp 200 | } 201 | 202 | Hackertarget(){ 203 | #Forward DNS search API 204 | echo -e "${GREEN} Running Hackertarget on targets ${RESET}" 205 | curl -s https://api.hackertarget.com/hostsearch/?q=$1 | cut -d ',' -f1 | sort -u | tee -a $output_dir/${target}_hackertarget.txt 206 | echo -e "${BLUE}[*] Hackertarget Done! View the File${RESET}" 207 | } 208 | 209 | Subbrute(){ 210 | touch temp 211 | echo -e "${GREEN} Running subbrute on targets ${RESET}" 212 | runBanner "subbrute" 213 | cd $HOME/CasperEye/tools 214 | subbrute $1 | tee -a temp 215 | cat temp | tr ',' ' ' | awk '{print $1}' | tee -a $output_dir/${target}_subbrute.txt 216 | cat temp | tee -a $output_dir/${target}_subbrute[with-all-CNAMe].txt 217 | echo -e "${BLUE}[*] subbrute Done! View the File${RESET}" 218 | rm temp 219 | } 220 | 221 | final-list() { 222 | echo -e "${GREEN} Preparing Final List ${RESET}" 223 | cd $output_dir 224 | touch final 225 | #Copy all Files into Final List 226 | cat ${target}_certdata_mainFile.txt ${target}_subfinder.txt ${target}_aquatone.txt ${target}_sublist3r.txt ${target}_hackertarget.txt ${target}_subbrute.txt | tee -a final 227 | #Print Domains Without [@]-- 228 | cat final | sort -u | uniq -u | grep -v "@" >> ${target}_Final.txt 229 | #Print Email Address [@]-- 230 | cat final | sort -u | uniq -u | grep -i "@" >> ${target}_Emails.txt 231 | rm final 232 | echo -e "${BOLD}${BLUE}File successfullyy Created${RESET}" 233 | #move certdata Files 234 | mkdir cert-output 235 | mv ${target}-crtsh.txt ${target}-certspotter.txt ${target}-assetfinder.txt ${target}_certdata_mainFile.txt cert-output/ 236 | } 237 | 238 | WayBack_machine(){ 239 | echo -e "${GREEN} Running WayBack_machine on targets ${RESET}" 240 | runBanner "WayBack_machine" 241 | cat $output_dir/${target}_Final.txt | waybackurls |sort -u | tee -a $output_dir/${target}_waybackURLS.txt 242 | cat $output_dir/${target}_waybackURLS.txt 243 | echo -e "${BLUE}[*] WayBack_machine Done..! ${RESET}" 244 | } 245 | 246 | 247 | Simple-SSRF(){ 248 | echo -e "${GREEN} Running SSRF on targets ${RESET}" 249 | runBanner "Searching SSRF EndPoints" 250 | cat $output_dir/${target}_Final.txt $output_dir/${target}_waybackURLS.txt >> temp 251 | cat temp | grep "?url="| anti-burl | tee $output_dir/${target}_SSRF.txt 252 | rm temp 253 | echo -e "${BLUE}[*] SSRF Searching Done..! ${RESET}" 254 | } 255 | 256 | 257 | Target-wordlist(){ 258 | echo -e "${GREEN} Creating Target Wordlist by Waybackurl ${RESET}" 259 | runBanner "Creating Target Wordlist" 260 | cat $output_dir/${target}_waybackURLS.txt| cut -d "/" -f 4,5 | sed 's/?.*//' | sort -u | tee -a $output_dir/${target}_Target_Wordlist.txt 261 | echo -e "${BLUE}[*] Wordlist Created Successfully ${RESET}" 262 | } 263 | 264 | #-----------For Port Scanning -------------# 265 | 266 | dig-loop() { 267 | echo -e "${GREEN} Running dig Command on targets ${RESET}" 268 | runBanner "Digging All Url's" 269 | cd $output_dir 270 | for i in $(cat ${target}_Final.txt) 271 | do 272 | dig $i +noall +answer > temp 273 | cat temp | awk '{print $5}' |sort -u | tee -a ip.txt 274 | cat temp | awk '{print $1" :: "$5}' | tee -a ${target}_dig_domians.txt 275 | done 276 | cat ip.txt| sort -u | grep '^\s*[0-9]'| tee ${target}_ip.txt 277 | rm ip.txt temp 278 | echo -e "${BLUE}[*] Digging Done..! ${RESET}" 279 | } 280 | 281 | Rust-scan() { 282 | calling() { 283 | val=1 284 | cd $output_dir/ 285 | while IFS= read line 286 | do 287 | echo -e "\n\n${BLINK}${UNDERLINE}${PURPLE} --{ RUSTSCAN AND NMAP IS WORKING }--${RESET}" 288 | echo -e "${BOLD}${BLUE}[!]--------Ip No $val: [ $line ]: --------[!] ${RESET}" | tee -a ${target}_PortScan_result.txt 289 | echo -e "${BOLD}${YELLOW}Related IP & Domains:--- \n $(cat ${target}_dig_domians.txt |sort -u | grep "$line")${RESET}" | tee -a ${target}_PortScan_result.txt 290 | echo "" | tee -a ${target}_PortScan_result.txt 291 | sudo docker run rustscan/rustscan:alpine -b $batch_size -t $time $line -- -$par | grep -i "open" | tee -a ${target}_PortScan_result.txt 292 | #| grep '^\s*[0-9]' 293 | echo -e "${BOLD}${CYAN}-----------------[!] Finished [!]----------------- ${RESET}" | tee -a ${target}_PortScan_result.txt 294 | echo "" | tee -a ${target}_PortScan_result.txt 295 | val=$((val+1)) 296 | done < ${target}_ip.txt 297 | } 298 | 299 | par="exit" 300 | if [[ "$rust_nmap" == "-nmap" ]] 301 | then 302 | #Enableling Nmap 303 | echo -e "${YELLOW}Nmap is Enable ${RESET}" 304 | par="A" 305 | calling 306 | elif [[ -z "$rust_nmap" ]] 307 | then 308 | #Without Nmap 309 | echo -e "${YELLOW}Nmap is Not Enable${RESET}" 310 | calling 311 | fi 312 | } 313 | 314 | 315 | Httprobe(){ 316 | #Scanning Live URL's 317 | echo -e "${GREEN}${BOLD} Running httprobe on target Url ${RESET}" 318 | runBanner "Live URL's Scan" 319 | cat $output_dir/${target}_Final.txt | httprobe | tee -a temp 320 | cat temp | sort -u | tee -a $output_dir/${target}_httprobe.txt 321 | rm temp 322 | echo -e "${BLUE}${BOLD}[*] Live URL's Scan, Done..! ${RESET}" 323 | } 324 | 325 | Http_response_code(){ 326 | echo -e "${GREEN}${BOLD} Genrating Response Code ${RESET}" 327 | runBanner "Response Code" 328 | mkdir -p $output_dir/${target}_http-response 329 | for i in $(cat $output_dir/${target}_httprobe.txt) ;do 330 | #echo -e "$i \t $(curl --write-out %{http_code} --silent --connect-timeout 10 --no-keepalive --output /dev/null $i)" 331 | res="$(curl --write-out %{http_code} --silent --connect-timeout 10 --no-keepalive --output /dev/null $i)" 332 | code_200="$(echo $res | grep '^\s*[2]' )" 333 | code_300="$(echo $res | grep '^\s*[3]')" 334 | code_400="$(echo $res | grep '^\s*[4]')" 335 | 336 | if [[ "$res" -eq "$code_200" ]] 337 | then 338 | if [[ $res == '200' ]] 339 | then 340 | echo -e "$i: ${BOLD}${GREEN} $code_200 ${RESET}" | tee -a $output_dir/${target}_http-response/${target}_http_200.txt 341 | else 342 | echo -e "$i: ${BOLD}${PURPLE} [Response time Out] ${RESET}" | tee -a $output_dir/${target}_http-response/${target}_http_500.txt 343 | fi 344 | elif [[ "$res" -eq "$code_300" ]] 345 | then 346 | echo -e "$i: ${BOLD}${YELLOW} $code_300 ${RESET}" | tee -a $output_dir/${target}_http-response/${target}_http_300.txt 347 | elif [[ "$res" -eq "$code_400" ]] 348 | then 349 | echo -e "$i: ${BOLD}${RED} $code_400 ${RESET}" | tee -a $output_dir/${target}_http-response/${target}_http_400.txt 350 | else 351 | echo -e "${BOLD}Error in Subdomain Or Certificate${RESET}" 352 | fi 353 | 354 | done 355 | echo -e "${BLUE}${BOLD}[*] Completed..! ${RESET}" 356 | } 357 | 358 | 359 | telegram-bot(){ 360 | bot_api=$(cat $telegram_dir/set-api-keys.sh | grep "bot" | cut -d '"' -f2) 361 | chatID=$(cat $telegram_dir/set-api-keys.sh | grep "chatID" | cut -d '"' -f2) 362 | ##Message send 363 | curl -s -X POST https://api.telegram.org/$bot_api/sendMessage -d chat_id=$chatID -d text="__Alert Your $target Recon Process Has been Finished__" > temp 364 | 365 | #create zip file 366 | zip -r ${target}_${date}.zip $DIR/${target}_${date} > temp 367 | 368 | ##file Sending 369 | curl -F document=@"${target}_${date}.zip" https://api.telegram.org/$bot_api/sendDocument?chat_id=$chatID > temp 370 | rm ${target}_${date}.zip temp 371 | 372 | echo -e "\n\n${BLUE}[*] File ${target}.Zip Sending To Telegram Has Been Done..! ${RESET}" 373 | } 374 | 375 | ######################## 376 | #Execute All Functions 377 | 378 | certdata-abhi $1 379 | Subfinder $1 380 | Aquatone $1 381 | Sublist3r $1 382 | Knockpy $1 383 | Hackertarget $1 384 | Subbrute $1 385 | final-list 386 | dig-loop 387 | Rust-scan $rust_nmap 388 | WayBack_machine 389 | Simple-SSRF 390 | Target-wordlist 391 | Httprobe 392 | Http_response_code 393 | telegram-bot 394 | ProtonVPN_Connect 395 | 396 | fi 397 | 398 | 399 | -------------------------------------------------------------------------------- /set-api-keys.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Exchange "$$" with your API KEY 3 | shodan="$$" 4 | censys_id="$$" 5 | censys_secret="$$" 6 | virustotal="$$" 7 | passivetotal_key="" 8 | passivetotal_secret="" 9 | riddler_username="" 10 | riddler_password="" 11 | 12 | #Aquatone API Location $HOME/aquatone/.keys.yml 13 | echo """ 14 | shodan: $shodan 15 | censys_id: $censys_id 16 | censys_secret: $censys_secret 17 | virustotal: $virustotal 18 | passivetotal_key: $passivetotal_key 19 | passivetotal_secret: $passivetotal_secret 20 | riddler_username: $riddler_username 21 | riddler_password: $riddler_password 22 | """ > $HOME/aquatone/.keys.yml 23 | 24 | #Telegram Bot API KEYS AND CHAT ID 25 | telegram_api="$$" 26 | chatID="$$" 27 | 28 | #Knockpy Virustotal Api Key 29 | echo """ 30 | { 31 | 'virustotal': '$virustotal' 32 | } 33 | """ > $HOME/Desktop/101/tools/knock/knockpy/config.json 34 | --------------------------------------------------------------------------------