2 |
3 | 4 |
5 | webrecon 6 |

├── LICENSE
├── README.md
├── autonuce.sh
├── github-assets
    └── banner.png
├── quredir.sh
└── urlfiles.sh


/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2021 Bhavesh Kaul
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | <h1 align="center">
 2 | 	<br>
 3 | 	<img src="https://raw.githubusercontent.com/xerohackcom/quick-pentest-scripts/main/github-assets/banner.png" alt="quick-pentest-scripts bhavesh kaul xerohack">
 4 | 	<br>
 5 | 	webrecon
 6 | </h1>
 7 | 
 8 | <p align="center">
 9 | 	Some useful shell scripts to automate web recon
10 | </p>
11 | 
12 | ## Scripts
13 | 
14 | - [x] autonuce - just automate nuclei against list of subs
15 | - [x] urlfiles - grep files from allurls
16 | - [x] quredir - get open-redirect endpoints from all urls
17 | 
18 | 
19 | ### Quick Setup
20 | 
21 | #### Run the following command in terminal
22 | 
23 | > git clone --depth=1 https://github.com/xerohackcom/webrecon.git && mv webrecon XHW && rm -rf webrecon && cd XHW && rm -rf github-assets && ll
24 | 
25 | #### Copy scripts to your recon folder
26 | - Copy the scripts to your recon directory. You can use 'cp' command to copy these scripts to your recon folder.
27 | 
28 | - You reqire the basics of settings up the tools these scripts automate. Copy the tool name & google. Goto their github repos and set them up propoerly. These scripts automate usage. Sit down and relax. Better to run on cloud for heavy tests / full scope recons.
29 | 
30 | ### Usage!
31 | 
32 | Filenames in bold don't work if the name is changed. Pls change the scripts to accomodate your names
33 | 
34 | #### assetfinder + httpx + https-only + autonuce.sh
35 | 
36 | > assetfinder xyz.com | httpx --silent | grep -i "https://" | anew <b>subs</b> && bash autonuce.sh
37 | 
38 | #### assetfinder + httpx + https-only + gauplus + urlfiles.sh + quredir.sh (Heavy)
39 | 
40 | > assetfinder xyz.com | httpx --silent | grep -i "https://" | anew <b>subs</b> && cat <b>subs</b> | gauplus -b ttf,woff,svg,png,jpeg,jpg,css,bmp,tiff,woff2,ico,icon,PNG,JPG,BMP,CSS,gif,GIF | grep -i "https://" | anew <b>allurls</b> && bash urlfiles.sh && bash quredir.sh
41 | 
42 | #### assetfinder + httpx + https-only + gauplus + urlfiles.sh + + quredir.sh + autonuce.sh (Very-Heavy - All In One)
43 | 
44 | > assetfinder xyz.com | httpx --silent | grep -i "https://" | anew <b>subs</b> && cat <b>subs</b> | gauplus -b ttf,woff,svg,png,jpeg,jpg,css,bmp,tiff,woff2,ico,icon,PNG,JPG,BMP,CSS,gif,GIF | grep -i "https://" | anew <b>allurls</b> && bash urlfiles.sh && bash quredir.sh && bash autonuce.sh
45 | 
46 | ## Happy Haxing :)
47 | 


--------------------------------------------------------------------------------
/autonuce.sh:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env bash
 2 | 
 3 | echo "autonuce.sh | results will be saved in /nuce/"
 4 | 
 5 | mkdir nuce
 6 | 
 7 | echo ":: run scanner :: cnvd ::"
 8 | nuclei -l subs -t cnvd/ -o nuce/cnvd
 9 | 
10 | echo ":: run scanner :: cves ::"
11 | nuclei -l subs -t cves/ -o nuce/cves
12 | 
13 | echo ":: run scanner :: default-logins ::"
14 | nuclei -l subs -t default-logins/ -o nuce/default-logins
15 | 
16 | echo ":: run scanner :: dns ::"
17 | nuclei -l subs -t dns/ -o nuce/dns
18 | 
19 | echo ":: run scanner :: exposed-panels ::"
20 | nuclei -l subs -t exposed-panels/ -o nuce/exposed-panels
21 | 
22 | echo ":: run scanner :: exposures ::"
23 | nuclei -l subs -t exposures/ -o nuce/exposures
24 | 
25 | echo ":: run scanner :: fuzzing ::"
26 | nuclei -l subs -t fuzzing/ -o nuce/fuzzing
27 | 
28 | echo ":: run scanner :: iot ::"
29 | nuclei -l subs -t iot/ -o nuce/iot
30 | 
31 | echo ":: run scanner :: misc ::"
32 | nuclei -l subs -t miscellaneous/ -o nuce/miscellaneous
33 | 
34 | echo ":: run scanner :: misconfigs ::"
35 | nuclei -l subs -t misconfigurations/ -o nuce/misconfigurations
36 | 
37 | echo ":: run scanner :: network ::"
38 | nuclei -l subs -t network/ -o nuce/network
39 | 
40 | echo ":: run scanner :: subdomain takeovers ::"
41 | nuclei -l subs -t takeovers/ -o nuce/takeovers
42 | 
43 | echo ":: run scanner :: technologies ::"
44 | nuclei -l subs -t technologies/ -o nuce/technologies
45 | 
46 | echo ":: run scanner :: vulnerabilities ::"
47 | nuclei -l subs -t vulnerabilities/ -o nuce/vulnerabilities
48 | 
49 | echo "Printing Nuclei Findings..."
50 | 
51 | cat nuce/cnvd && cat nuce/cves && cat nuce/default-logins && cat nuce/dns && cat nuce/exposed-panels && cat nuce/exposures && cat nuce/fuzzing && cat nuce/iot && cat nuce/miscellaneous && cat nuce/misconfigurations && cat nuce/network && cat nuce/takeovers && cat nuce/technologies && cat nuce/vulnerabilities
52 | 


--------------------------------------------------------------------------------
/github-assets/banner.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xerohackcom/webrecon/f217179f196ef6001f2885e35e54b3c4e3b85f84/github-assets/banner.png


--------------------------------------------------------------------------------
/quredir.sh:
--------------------------------------------------------------------------------
1 | cat allurls | grep -i "redir=" && cat allurls | grep -i "redir=" | grep -i "https://" && cat allurls | grep -i "redirect=" | grep -i "https://www." | grep -i "http://" && cat allurls | grep -i "redirect=www." | grep -i "https://" && cat allurls | grep -i "redirect=https://" | grep -i "https://" && cat allurls | grep -i "redirect=http://" | grep -i "https://"
2 | 


--------------------------------------------------------------------------------
/urlfiles.sh:
--------------------------------------------------------------------------------
1 | cat allurls | grep -i ".*\.dat$" && cat allurls | grep -i ".*\.rtf$" && cat allurls | grep -i ".*\.xls$" && cat allurls | grep -i ".*\.ppt$" && cat allurls | grep -i ".*\.sdf$" && cat allurls | grep -i ".*\.odf$" && cat allurls | grep -i ".*\.pptx$" && cat allurls | grep -i ".*\.xlsx$" && cat allurls | grep -i ".*\.exe$" && cat allurls | grep -i ".*\.lnk$" && cat allurls | grep -i ".*\.7z$" && cat allurls | grep -i ".*\.bin$" && cat allurls | grep -i ".*\.part$" && cat allurls | grep -i ".*\.pdb$" && cat allurls | grep -i ".*\.cgi$" && cat allurls | grep -i ".*\.crdownload$" && cat allurls | grep -i ".*\.ini$" && cat allurls | grep -i ".*\.zipx$" && cat allurls | grep -i ".*\.bak$" && cat allurls | grep -i ".*\.torrent$" && cat allurls | grep -i ".*\.jar$" && cat allurls | grep -i ".*\.sys$" && cat allurls | grep -i ".*\.deb$" && cat allurls | grep -i ".*\.sh$" && cat allurls | grep -i ".*\.docm$" && cat allurls | grep -i ".*\.mdb$" && cat allurls | grep -i ".*\.xla$" && cat allurls | grep -i ".*\.zip$" && cat allurls | grep -i ".*\.tar.gz$" && cat allurls | grep -i ".*\.txt$" && cat allurls | grep -i ".*\.txt$" | grep -v "robots.txt" && cat allurls | grep -i ".*\.json$" && cat allurls | grep -i ".*\.csv$" && cat allurls | grep -i ".*\.pdf$" && cat allurls | grep -i ".*\.doc$" && cat allurls | grep -i ".*\.docx$" && cat allurls | grep -i ".*\.js$" && cat allurls | grep -i ".*\.xml$" && cat allurls | grep -i ".*\.GIT$" && cat allurls | grep -i ".*\.git$" && cat allurls | grep -i ".*\.pem$" && cat allurls | grep -i ".*\.bash_history$" && cat allurls | grep -i ".*\.db$" && cat allurls | grep -i ".*\.key$" && cat allurls | grep -i ".*\.tar$" && cat allurls | grep -i ".*\.log$" && cat allurls | grep -i ".*\.sql$" && cat allurls | grep -i ".*\.accdb$" && cat allurls | grep -i ".*\.dbf$" && cat allurls | grep -i ".*\.apk$" && cat allurls | grep -i ".*\.cer$" && cat allurls | grep -i ".*\.cfg$" && cat allurls | grep -i ".*\.rar$" && cat allurls | grep -i ".*\.sln$" && cat allurls | grep -i ".*\.tmp$" && cat allurls | grep -i ".*\.dll$" && cat allurls | grep -i ".*\.iso$" && cat allurls | grep -i ".*\.swf$"
2 | 


--------------------------------------------------------------------------------