├── README.md ├── lists ├── resolvers.txt ├── resolvers.txt.save └── subdomains-top1million-20000.txt ├── requirements.sh └── shoot.sh /README.md: -------------------------------------------------------------------------------- 1 | ![sling](https://github.com/haqqibrahim/Sling-Shot-R3con/assets/68786496/d32453c2-91fa-4236-8b13-f1adeacd9842) 2 | 3 | ```markdown 4 | # Sling Shot R3con: Automate Your Bug Bounty and Pentest Reconnaissance 🎯 5 | 6 | Sling Shot R3con is a powerful open-source reconnaissance tool designed to automate and streamline the initial phase of bug bounty and penetration testing engagements. Discover subdomains, perform DNS enumeration, conduct port scanning, identify HTTP servers, and more—all with a single command. 7 | 8 | 🔥 **Features**: 9 | - Subdomain Discovery 10 | - DNS Enumeration and Resolution 11 | - Comprehensive Port Scanning 12 | - HTTP Server Discovery 13 | - Crawling and Scraping 14 | - Customizable and Extensible 15 | ``` 16 | ## Getting Started 17 | 18 | ### Prerequisites 19 | 20 | Make sure to install the required dependencies by running the following script: 21 | 22 | ```bash 23 | chmod +x ./requirements.sh 24 | ./requirements.sh 25 | ``` 26 | 27 | ### Usage 28 | 29 | Run Sling Shot R3con by providing the target domain as follows: 30 | 31 | ```bash 32 | ./shoot.sh domain.com 33 | ``` 34 | 35 | ### Example: 36 | 37 | ```bash 38 | ./shoot.sh google.com 39 | ``` 40 | 41 | ## License 42 | 43 | Sling Shot R3con is open-source software released under the MIT License. 44 | 45 | ## Acknowledgments 46 | 47 | Special thanks to the security community for their contributions and feedback. 48 | -------------------------------------------------------------------------------- /requirements.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest 4 | go install -v github.com/projectdiscovery/shuffledns/cmd/shuffledns@latest 5 | go install github.com/d3mondev/puredns/v2@latest 6 | go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest 7 | go install github.com/pry0cc/tew@latest 8 | go install github.com/projectdiscovery/katana/cmd/katana@latest 9 | go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest 10 | 11 | chmod +x ./shoot.sh 12 | -------------------------------------------------------------------------------- /shoot.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Set up scan_path globally 4 | id="$1" 5 | ppath="$(pwd)" 6 | timestamp="$(date +%s)" 7 | scan_path="$ppath/scans/$id-$timestamp" 8 | 9 | # Function to create a scan folder and set up necessary files 10 | setup_scan() { 11 | local scope_path="$ppath/scope/$id" 12 | 13 | echo -e "${GREEN}##################################################################" 14 | echo -e "${GREEN} _____ _ _ _____ _ _ _____ ____ " 15 | echo -e "${GREEN} / ____| (_) / ____| | | | | __ \|___ \ " 16 | echo -e "${GREEN} | (___ | |_ _ __ __ _ | (___ | |__ ___ | |_ | |__) | __) | ___ ___ _ __ " 17 | echo -e "${GREEN} \___ \| | | '_ \ / _\` | \___ \| '_ \ / _ \| __| | _ / |__ < / __/ _ \| '_ \ " 18 | echo -e "${GREEN} ____) | | | | | | (_| | ____) | | | | (_) | |_ | | \ \ ___) | (_| (_) | | | |" 19 | echo -e "${GREEN} |_____/|_|_|_| |_|\__, | |_____/|_| |_|\___/ \__| |_| \_|____/ \___\___/|_| |_|" 20 | echo -e "${GREEN} __/ | " 21 | echo -e "${GREEN} |___/ " 22 | echo -e "${YELLOW} Automate Your Bug Bounty Sling Shot R3con #" 23 | echo -e "${YELLOW} Created by: Haqq the Bounty Hunter #" 24 | echo -e "${YELLOW} https://github.com/haqqibrahim #" 25 | echo -e "${GREEN}##################################################################${NC}" 26 | 27 | echo -e "${CYAN}[INFO] Creating scan folder for $id" 28 | mkdir -p "$scope_path" 29 | sleep 3 30 | 31 | echo -e "${CYAN}[INFO] Creating roots file for $id" 32 | echo "$id" > "$scope_path/roots.txt" 33 | 34 | if [ $# -eq 0 ]; then 35 | echo -e "${RED}[ERROR] Usage: $0 ${NC}" 36 | exit 1 37 | fi 38 | 39 | # Exit if scope doesn't exist 40 | if [ ! -d "$scope_path" ]; then 41 | echo -e "${RED}[ERROR] Path doesn't exist${NC}" 42 | exit 1 43 | fi 44 | 45 | mkdir -p "$scan_path" 46 | cd "$scan_path" 47 | 48 | echo -e "${CYAN}[INFO] Starting scan against root" 49 | cat "$scope_path/roots.txt" 50 | cp -v "$scope_path/roots.txt" "$scan_path/roots.txt" 51 | } 52 | 53 | 54 | # Function to perform DNS enumeration and resolution 55 | perform_dns_scan() { 56 | echo -e "${YELLOW}[INFO] Performing DNS Enumeration and Resolution${NC}" 57 | 58 | ## DNS Enumeration - Find Subdomains 59 | cat "$scan_path/roots.txt" | subfinder | anew "$scan_path/subs.txt" 60 | cat "$scan_path/roots.txt" | shuffledns -w "$ppath/lists/subdomains-top1million-20000.txt" -r "$ppath/lists/resolvers.txt" | anew "$scan_path/subs.txt" | wc -l 61 | 62 | ## DNS Resolution - Resolve discovered Subdomains 63 | puredns resolve "$scan_path/subs.txt" -r "$ppath/lists/resolvers.txt" -w "$ppath/resolved.txt" | wc -l 64 | dnsx -l "$scan_path/resolved.txt" -json -o "$scan_path/dns.json" | jq -r '.a?[]?' | anew "$scan_path/ips.txt" | wc -l 65 | } 66 | 67 | # Function to perform port scanning and HTTP server discovery using naabu 68 | perform_port_scan() { 69 | echo -e "${YELLOW}[INFO] Performing Port Scanning and HTTP Server Discovery${NC}" 70 | 71 | ## Port scanning & HTTP Server Discovery using naabu 72 | naabu -iL "$scan_path/ips.txt" -p 1-65535 -silent | cut -d '/' -f 1 | sort -u > "$scan_path/ports.txt" 73 | tew -l "$scan_path/ports.txt" -dnsx "$scan_path/dns.json" --vhost -o "$scan_path/hostport.txt" | httpx -json -o "$scan_path/http.json" 74 | 75 | cat "$scan_path/http.json" | jq -r '.url' | sed -e 's/:80$//g' -e 's/:443$//g' | sort -u > "$scan_path/http.txt" 76 | } 77 | 78 | # Function to perform crawling and JavaScript scraping 79 | perform_crawling() { 80 | echo -e "${YELLOW}[INFO] Performing Crawling and JavaScript Scraping${NC}" 81 | 82 | # CRAWLING 83 | katana -s "$scan_path/http.txt" --json | grep "{" | jq -r '.output?' | tee "$scan_path/crawl.txt" 84 | 85 | ### JavaScript crawling 86 | cat "$scan_path/crawl.txt" | grep "\.js" | httpx -sr -srd js 87 | } 88 | 89 | # Define colors 90 | GREEN='\033[0;32m' 91 | CYAN='\033[0;36m' 92 | YELLOW='\033[1;33m' 93 | RED='\033[0;31m' 94 | NC='\033[0m' # No Color 95 | 96 | # Main script 97 | 98 | # Check if an argument is provided 99 | if [ $# -eq 0 ]; then 100 | echo -e "${RED}[ERROR] Usage: $0 ${NC}" 101 | exit 1 102 | fi 103 | 104 | # Set up the scan folder and necessary files 105 | setup_scan "$1" 106 | 107 | # Perform DNS enumeration and resolution 108 | perform_dns_scan 109 | 110 | # Perform port scanning and HTTP server discovery 111 | perform_port_scan 112 | 113 | # Perform crawling and JavaScript scraping 114 | perform_crawling 115 | 116 | # Calculate and display scan duration 117 | end_time="$(date +%s)" 118 | seconds="$(expr $end_time - $timestamp)" 119 | time=" " 120 | 121 | if [[ $seconds -gt 59 ]]; then 122 | minutes=$(expr $seconds / 60) 123 | time="$minutes minutes" 124 | else 125 | time="$seconds seconds" 126 | fi 127 | 128 | echo -e "${GREEN}[$id] Scan took $time${NC}" 129 | --------------------------------------------------------------------------------