├── README.md ├── install.sh └── script.sh /README.md: -------------------------------------------------------------------------------- 1 | # domains-to-ip 2 | 3 | ![dom](https://user-images.githubusercontent.com/82051128/121773983-f9b83a80-cb98-11eb-9780-6b4019c1cc69.png) 4 | 5 | 6 | # Prerequisite: 7 | Make sure go language is installed and setup on correct path. 8 | if not installed, check my recon-automation repo, i have already given commands there. 9 | 10 | # Installation: 11 | 1. git clone https://github.com/machine1337/dom-to-ip . 12 | 2. chmod +x install.sh 13 | 3. chmod +x script.sh 14 | 15 | # Usage: 16 | ./script.sh 17 | 18 | # Note: 19 | Q: What should my domains.txt looks like? 20 | 21 | testphp.vulnweb.com 22 | evil.com 23 | 24 | # Current Features: 25 | 1. Subdomains Enumeration. 26 | 2. Resolving domains to ip's. 27 | 3. Run advanced level NMAP nse scan. 28 | 29 | # Special Thanks To: 30 | @tomnomnom 31 | @ProjectDiscovery 32 | 33 | -------------------------------------------------------------------------------- /install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | NC='\033[0m' 3 | RED='\033[1;38;5;196m' 4 | GREEN='\033[1;38;5;040m' 5 | ORANGE='\033[1;38;5;202m' 6 | BLUE='\033[1;38;5;012m' 7 | BLUE2='\033[1;38;5;032m' 8 | PINK='\033[1;38;5;013m' 9 | GRAY='\033[1;38;5;004m' 10 | NEW='\033[1;38;5;154m' 11 | YELLOW='\033[1;38;5;214m' 12 | CG='\033[1;38;5;087m' 13 | CP='\033[1;38;5;221m' 14 | CPO='\033[1;38;5;205m' 15 | CN='\033[1;38;5;247m' 16 | CNC='\033[1;38;5;051m' 17 | echo -e ${RED} "###############################################################" 18 | echo -e ${ORANGE} " # DOMAIN'S TO IP RESOLVERS & NMAP NSE SCRIPT SCAN # " 19 | echo -e ${PINK} " # # " 20 | echo -e ${BLUE} " # https://facebook.com/unknownclay # " 21 | echo -e ${YELLOW} " # Coded By: Machine404 # " 22 | echo -e ${CP} " # https://github.com/machine1337 # " 23 | echo -e ${RED} "################################################################ \n " 24 | d=$(date +"%b-%d-%y %H:%M") 25 | sleep 1 26 | echo -e ${CP}"[+]Installtion Started On: $d \n" 27 | sleep 1 28 | echo -e ${BLUE}"[+]Checking Go Installation\n" 29 | 30 | if [[ -z "$GOPATH" ]]; then 31 | echo -e ${RED}"[+]Go is not Installed....Plz Install it and run the script again" 32 | echo -e ${CP}"[+]For Installation Plz Check my recon-automation repo pre-requisite part!" 33 | exit 1 34 | else 35 | echo -e ${BLUE}"..........Go is installed..............\n" 36 | fi 37 | echo -e ${GREEN}"[+]Installing Assetfinder\n" 38 | sleep 1 39 | 40 | assetfinder_checking(){ 41 | command -v "assetfinder" >/dev/null 2>&1 42 | if [[ $? -ne 0 ]]; then 43 | go get -u github.com/tomnomnom/assetfinder >/dev/null 2>&1 44 | echo -e ".............assetfinder successfully installed..............\n" 45 | else 46 | echo -e ".......assetfinder already installed..........\n" 47 | fi 48 | 49 | } 50 | assetfinder_checking 51 | sleep 1 52 | echo -e ${RED}"[+]Installing Seclists\n" 53 | command -v "seclists" >/dev/null 2>&1 54 | if [[ ! -d /usr/share/seclists ]]; then 55 | 56 | sudo apt install seclists -y 57 | echo -e "....................Seclists Successfully Installed.................\n" 58 | 59 | else 60 | echo -e ".................Seclists Already Exists.................\n" 61 | fi 62 | 63 | sleep 1 64 | echo -e ${PINK}"[+]Installing Amass\n" 65 | amass_checking(){ 66 | 67 | command -v "amass" >/dev/null 2>&1 68 | if [[ $? -ne 0 ]]; then 69 | 70 | sudo apt-get install amass -y 71 | echo -e "................Amass successfully installed..............\n" 72 | else 73 | echo -e "..........Amass is already installed..........\n" 74 | fi 75 | } 76 | amass_checking 77 | sleep 1 78 | echo -e ${GRAY}"[+]Installing jq\n" 79 | jq_checking(){ 80 | 81 | command -v "jq" >/dev/null 2>&1 82 | if [[ $? -ne 0 ]]; then 83 | 84 | sudo apt-get install jq -y 85 | echo -e ".................jq successfully installed..............\n" 86 | else 87 | echo -e "...........jq is already installed..............\n" 88 | fi 89 | 90 | } 91 | jq_checking 92 | 93 | sleep 1 94 | echo -e ${ORANGE}"[+]Installing Subfinder\n" 95 | subfinder_checking(){ 96 | command -v "subfinder" >/dev/null 2>&1 97 | if [[ $? -ne 0 ]]; then 98 | 99 | GO111MODULE=on go get -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder >/dev/null 2>&1 100 | echo -e "................subfinder successfully installed..............\n" 101 | else 102 | echo -e "...........subfinder is already installed.............\n" 103 | fi 104 | 105 | } 106 | subfinder_checking 107 | sleep 1 108 | echo -e ${YELLOW}"[+]Installing massdns\n" 109 | massdns_checking(){ 110 | mkdir -p ~/tools 111 | command -v "massdns" >/dev/null 2>&1 112 | if [[ $? -ne 0 ]]; then 113 | cd ~/tools 114 | git clone https://github.com/blechschmidt/massdns.git 115 | cd massdns 116 | make 117 | cd bin 118 | sudo mv massdns /usr/local/bin 119 | echo -e "............massdns installed successfully............\n" 120 | else 121 | echo -e "..........massdns is already installed............\n" 122 | fi 123 | 124 | } 125 | massdns_checking 126 | sleep 1 127 | echo -e ${CNC}"[+]Installing dnsvalidator\n" 128 | dnsvalidator_installing(){ 129 | mkdir -p ~/tools 130 | mkdir -p ~/tools/resolvers 131 | 132 | 133 | command -v "dnsvalidator" >/dev/null 2>&1 134 | if [[ $? -ne 0 ]]; then 135 | cd ~/tools 136 | git clone https://github.com/vortexau/dnsvalidator.git 137 | cd dnsvalidator 138 | sudo apt-get install python3-pip -y 139 | sudo python3 setup.py install 140 | dnsvalidator -tL https://public-dns.info/nameservers.txt -threads 25 -o resolvers.txt 141 | cat resolvers.txt | tail -n 60 > ~/tools/resolvers/resolver.txt 142 | else 143 | echo -e ".......dnsvalidator already exist.........\n" 144 | fi 145 | 146 | } 147 | dnsvalidator_installing 148 | sleep 1 149 | 150 | other_tools(){ 151 | echo -e ${CPO}"[+]Installing httpx\n" 152 | command -v "httpx" >/dev/null 2>&1 153 | if [[ $? -ne 0 ]]; then 154 | 155 | go get -v github.com/projectdiscovery/httpx/cmd/httpx >/dev/null 2>&1 156 | echo -e ".................httpx successfully installed..............\n" 157 | else 158 | echo -e "...............httpx is already installed.............\n" 159 | fi 160 | 161 | sleep 1 162 | echo -e ${CP}"[+]Installing httprobe\n" 163 | command -v "httprobe" >/dev/null 2>&1 164 | if [[ $? -ne 0 ]]; then 165 | 166 | go get -u github.com/tomnomnom/httprobe >/dev/null 2>&1 167 | echo -e".............httprobe successfully installed..............\n" 168 | else 169 | echo -e "...........httprobe is already installed...............\n" 170 | fi 171 | } 172 | other_tools 173 | sleep 1 174 | echo -e ${CG}"[+]Installing NMAP NSE scripts\n" 175 | nmap_script(){ 176 | if [ -f /usr/share/nmap/scripts/vulners.nse ]; then 177 | 178 | echo -e "...............Script already exists................\n" 179 | else 180 | cd /usr/share/nmap/scripts 181 | sudo wget https://raw.githubusercontent.com/vulnersCom/nmap-vulners/master/vulners.nse 182 | echo -e "...............Scripts successfully installed..................\n" 183 | 184 | fi 185 | sleep 1 186 | echo -e ${CP}"[+] Installing vulnscan For NMAP\n" 187 | if [ -d /usr/share/nmap/scripts/vulscan ]; then 188 | echo -e "....................vulnscan already exists....................\n" 189 | else 190 | 191 | cd /usr/share/nmap/scripts 192 | sudo git clone https://github.com/scipag/vulscan.git 193 | echo -e "......................vulnscan successfully installed................\n" 194 | 195 | exit 1 196 | fi 197 | } 198 | nmap_script 199 | echo -e ${BLUE}"[+] Installation Done :) " 200 | -------------------------------------------------------------------------------- /script.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | NC='\033[0m' 3 | RED='\033[1;38;5;196m' 4 | GREEN='\033[1;38;5;040m' 5 | ORANGE='\033[1;38;5;202m' 6 | BLUE='\033[1;38;5;012m' 7 | BLUE2='\033[1;38;5;032m' 8 | PINK='\033[1;38;5;013m' 9 | GRAY='\033[1;38;5;004m' 10 | NEW='\033[1;38;5;154m' 11 | YELLOW='\033[1;38;5;214m' 12 | CG='\033[1;38;5;087m' 13 | CP='\033[1;38;5;221m' 14 | CPO='\033[1;38;5;205m' 15 | CN='\033[1;38;5;247m' 16 | CNC='\033[1;38;5;051m' 17 | 18 | function nmap_scan(){ 19 | echo -e ${RED} "###############################################################" 20 | echo -e ${ORANGE} " # DOMAIN'S TO IP RESOLVERS & NMAP NSE SCRIPT SCAN # " 21 | echo -e ${PINK} " # # " 22 | echo -e ${BLUE} " # https://facebook.com/unknownclay # " 23 | echo -e ${YELLOW} " # Coded By: Machine404 # " 24 | echo -e ${CP} " # https://github.com/machine1337 # " 25 | echo -e ${RED} "################################################################ \n " 26 | 27 | } 28 | d=$(date +"%b-%d-%y %H:%M") 29 | function scan_single(){ 30 | clear 31 | nmap_scan 32 | echo -n -e ${RED}"\n[+] Enter Single domain (https://target.com) : " 33 | read domain 34 | mkdir -p $domain $domain/masscan $domain/nmap 35 | echo "$domain" > $domain/domain.txt 36 | echo -e ${BLUE}"\n[+] Resolving domain to IP:- \n" 37 | massdns -r ~/tools/resolvers/resolver.txt -t A -o S -w $domain/masscan/results.txt $domain/domain.txt 38 | cat $domain/masscan/results.txt | sed '/\/ /g' | awk '{print $3}' | tee $domain/masscan/ip.txt 39 | echo -e ${GREEN}"\n[+] NMAP NSE Scan Started On Domain:- " 40 | nmap -sV --script vulners.nse -iL $domain/masscan/ip.txt -oN $domain/nmap/scan.txt 41 | } 42 | function scan_all(){ 43 | clear 44 | nmap_scan 45 | echo -e -n ${ORANGE}"\n[+] Enter domain name (e.g target.com) : " 46 | read domain 47 | mkdir -p $domain $domain/domain_enum $domain/final_domains $domain/nmap $domain/masscan 48 | 49 | echo -e ${BLUE}"\n[+] Finding Subdomains.....:- \n" 50 | sleep 1 51 | echo -e ${CP}"\n[+] Crt.sh Started:- " 52 | curl -s https://crt.sh/\?q\=%25.$domain\&output\=json | jq -r '.[].name_value' | sed 's/\*\.//g' | sort -u | tee $domain/domain_enum/crt.txt 53 | echo -e ${PINK}"\n[+] Subfinder Started:- " 54 | subfinder -d $domain -o $domain/domain_enum/subfinder.txt 55 | 56 | echo -e ${YELLOW}"[+] Assetfinder Started:- " 57 | assetfinder -subs-only $domain | tee $domain/domain_enum/assetfinder.txt 58 | 59 | echo -e ${GREEN}"\n[+] Amass Started:- " 60 | amass enum -passive -d $domain -o $domain/domain_enum/amass.txt 61 | 62 | echo -e ${BLUE}"\n[+] Shuffledns Started:- " 63 | 64 | shuffledns -d $domain -w /usr/share/seclists/Discovery/DNS/deepmagic.com-prefixes-top50000.txt -r ~/tools/resolvers/resolver.txt -o $domain/domain_enum/shuffledns.txt 65 | echo -e ${CPO}"\n[+] Collecting All Subdomains Into Single File:- " 66 | cat $domain/domain_enum/*.txt > $domain/domain_enum/all.txt 67 | 68 | echo -e ${RED}"\n[+] Resolving All Subdomains:- " 69 | 70 | shuffledns -d $domain -list $domain/domain_enum/all.txt -o $domain/domains.txt -r ~/tools/resolvers/resolver.txt 71 | 72 | echo -e ${BLUE}"\n[+]Checking Services on Domains:- " 73 | cat $domain/domains.txt | httpx -threads 30 -o $domain/final_domains/httpx.txt 74 | 75 | echo -e ${CP}"[+] Resolving Domains to IP'S:- " 76 | massdns -r ~/tools/resolvers/resolver.txt -t A -o S -w $domain/masscan/results.txt $domain/domains.txt 77 | cat $domain/masscan/results.txt | sed '/\/ /g' | awk '{print $3}' | tee $domain/masscan/ip.txt 78 | 79 | echo -e ${GREEN}"\n[+] Started NMAP NSE Scan:- " 80 | 81 | nmap -sV --script vulners.nse -iL $domain/masscan/ip.txt -oN $domain/nmap/scan.txt 82 | 83 | 84 | 85 | } 86 | function scan_list(){ 87 | clear 88 | nmap_scan 89 | echo -n -e ${BLUE2}"\n[+] Enter path of domains list (e.g https://target.com): " 90 | read host 91 | for domain in $(cat $host); 92 | do 93 | mkdir -p $domain $domain/masscan $domain/nmap 94 | echo "$domain" > $domain/domain.txt 95 | echo -e ${BLUE}"[+] Resolving Domains to IP:- " 96 | massdns -r ~/tools/resolvers/resolver.txt -t A -o S -w $domain/masscan/results.txt $domain/domain.txt 97 | cat $domain/masscan/results.txt | sed '/\/ /g' | awk '{print $3}' | tee $domain/masscan/ip.txt 98 | 99 | echo -e ${GREEN}"\n[+] NMAP NSE SCAN Started:- " 100 | 101 | nmap -sV --script vulners.nse -iL $domain/masscan/ip.txt -oN $domain/nmap/scan.txt 102 | 103 | done 104 | 105 | } 106 | 107 | menu(){ 108 | clear 109 | nmap_scan 110 | echo -e ${YELLOW}"\n[*] Which Type of Scan u want to Perform\n " 111 | echo -e " ${NC}[${CG}"1"${NC}]${CNC} Single domain Scan" 112 | echo -e " ${NC}[${CG}"2"${NC}]${CNC} List of domains" 113 | echo -e " ${NC}[${CG}"3"${NC}]${CNC} Full domain scan with subdomains" 114 | echo -e " ${NC}[${CG}"4"${NC}]${CNC} Exit" 115 | 116 | echo -n -e ${YELLOW}"\n[+] Select: " 117 | read js_play 118 | if [ $js_play -eq 1 ]; then 119 | scan_single 120 | elif [ $js_play -eq 2 ]; then 121 | scan_list 122 | elif [ $js_play -eq 3 ]; then 123 | scan_all 124 | elif [ $js_play -eq 4 ]; then 125 | exit 126 | fi 127 | 128 | } 129 | menu 130 | --------------------------------------------------------------------------------