Kali Linux

Reconky : A Great Content Discovery Bash Script For Bug Bounty Hunters Which Automate Lot Of Task And Organized It

Reconky is a script written in bash to automate the task of recon and information gathering. This Bash Script allows you to collect some information that will help you identify what to do next and where to look for the required target.

Main-Features

  • It will Gathers Subdomains with assetfinder and Sublist3r
  • Duplex check for subdomains using amass
  • Enumerates subdomains on a target domain through dictionary attack using knockpy
  • searchs for alive domains using Httprobe
  • Investigates for feasible subdomain takeover
  • Scans for open ports using nmap
  • Pulls and Assembls all possible parameters found in wayback_url data
  • Pulls and compilis json/js/php/aspx/ files from wayback output
  • Runs eyewitness against all the compiled(alive) domains

Installation & Requirements

  • Download the install script from https://github.com/ShivamRai2003/Reconky-Automated_Bash_Script/blob/main/reconky.sh
#!/usr/bin/bash
#Author:Shivam Rai/
#Date:18/06/2021
#Description:Automated Recon tool
echo “
——— _______ _______ _______ _______ _ _
( ____ )( ____ \( ____ \( ___ )( ( /|| \ /\|\ /|
| ( )|| ( \/| ( \/| ( ) || \ ( || \ / /( \ / )
| (____)|| (__ | | | | | || \ | || (_/ / \ (_) /
| __)| __) | | | | | || (\ \) || _ ( \ /
| (\ ( | ( | | | | | || | \ || ( \ \ ) (
| ) \ \__| (____/\| (____/\| (___) || ) \ || / \ \ | |
|/ \__/(_______/(_______/(_______)|/ )_)|_/ \/ \_/
if [[ $(id -u) != 0 ]]; then
echo -e “\n[!] Install.sh requires root privileges”
exit 0
fi
target=$1
if [ ! -d “$target” ];then
mkdir $target
fi
if [ ! -d “$target/reconky” ];then
mkdir $target/reconky
fi
if [ ! -d ‘$target/reconky/sublist3r’ ];then
mkdir $target/reconky/sublist3r
touch $target/reconky/sublist3r/subdomains.txt
fi
if [ ! -d ‘$tagget/reconky/httprobe’ ]; then
mkdir $target/reconky/httprobe
fi
if [ ! -d ‘$target/reconky/assetfinder’ ];then
mkdir $target/reconky/assetfinder
touch $target/reconky/assetfinder/subdomains1.txt
fi
if [ ! -d ‘$target/reconky/Subdomain_Takeover’ ]; then
mkdir $target/reconky/Subdomain_Takeover
fi
if [ ! -d ‘$target/reconky/scans’ ]; then
mkdir $target/reconky/scans
fi
if [ ! -d ‘$target/reconky/wayback_urls’ ]; then
mkdir $target/reconky/wayback_urls
mkdir $target/reconky/wayback_urls/params
touch $target/reconky/wayback_urls/params/params.txt
mkdir $target/reconky/wayback_urls/extensions
fi
if [ ! -d ‘$target/reconky/amass’ ]; then
mkdir $target/reconky/amass
touch $target/reconky/amass/subdomains2.txt
fi
if [ ! -d ‘$target/reconky/witness’ ]; then
mkdir $target/reconky/eyewitness
fi
if [ ! -d ‘$target/reconky/knockpy’ ]; then
mkdir $target/reconky/knockpy
touch $target/reconky/knockpy/subdomains3.txt
fi
if [ ! -f “$target/reconky/httprobe/alivee.txt” ];then
touch $target/reconky/httprobe/alivee.txt
fi
red=`tput setaf 1`
green=`tput setaf 2`
yellow=`tput setaf 3`
echo
echo ${yellow}”Welcome to the Reconky Script-An Excellent Automation Script For Bug Bounty/Pentesting”${yellow}
echo
echo ${red}”[+++] Gatherings subdomains with assetfinder and Sublist3r…[+++]”${red}
echo
echo ${red}”[+++] Duplex checking for subdomains with amass…[+++]”${red}
echo
echo ${red}”[+++] Enumerating subdomains on a target domain through dictionary attack…[+++]”${red}
echo
echo ${red}”[+++] Searching for alive domains using Httprobe…[+++]”${red}
echo
echo ${red}”[+++] Investigating for feasible subdomain takeover…[+++]”${red}
echo
echo ${green}”[+++] Scanning for open ports using nmap…[+++]”${green}
echo
echo ${green}”[+++] Pulling and Assembling all possible params found in wayback_url data…[+++]”${green}
echo
echo ${green}”[+++] Pulling and compiling json/js/php/aspx/ files from wayback output…[+++]”${green}
echo
echo ${green}”[+++] Running gowtiness(eyewitness) against all the compiled(alive) domains…[+++]”${green}
echo
echo ${yellow}”[+++]Recon is in Progress Take A Cofee or Tea ;)[+++]”${yellow}
echo
assetfinder $target >> $target/reconky/assetfinder/subdomains1.txt
cat $target/reconky/assetfinder/subdomains1.txt | grep $1 >> $target/reconky/Subdomain_final.txt
echo
sublist3r -d $target -v -t 100 -o $target/reconky/sublist3r/subdomains.txt
cat $target/reconky/sublist3r/subdomains.txt | grep $1 >> $target/reconky/Subdomain_final.txt
echo
amass enum -d $target -o $target/reconky/amass/subdomains2.txt
cat $target/reconky/amass/subdomains2.txt | grep $1 >> $target/reconky/Subdomain_final.txt
echo
knockpy $target >> $target/reconky/knockpy/subdomains3.txt
awk ‘/$target/ {print}’ $target/reconky/knockpy/subdomains3.txt | cut -d ” ” -f 9 >> $target/reconky/Subdomain_final.txt
echo
cat $target/reconky/Subdomain_final.txt | sort -u | httprobe | sed -E ‘s/^\s*.*:\/\///g’ >> $target/reconky/httprobe/alivee.txt
echo
if [ ! -f “$target/reconky/Subdomain_Takeover/Subdomain_Takeover.txt” ];then
touch $target/reconky/Subdomain_Takeover/Subdomain_Takeover.txt
fi
subjack -w $target/reconky/Subdomain_final.txt -t 70 -timeout 25 -ssl -c /root/go/src/github.com/haccer/subjack/fingerprints.json -v 3 -o $target/reconky/Subdomain_Takeover/Subdomain_Takeover.txt
echo
nmap -iL $target/reconky/httprobe/alivee.txt -T4 -oA $target/reconky/scans/scanned.txt
echo
if [ ! -f “$target/reconky/wayback_urls/wayback_output.txt” ];then
touch $target/reconky/wayback_urls/wayback_output.txt
fi
cat $target/reconky/Subdomain_final.txt | waybackurls >> $target/reconky/wayback_urls/wayback_output.txt
sort -u $target/reconky/wayback_urls/wayback_output.txt
cat $target/reconky/wayback_urls/wayback_output.txt | grep ‘?*=’ | cut -d ‘=’ -f 1 | sort -u >> $target/reconky/wayback_urls/params/params.txt
for i in $(cat $target/reconky/wayback_urls/params/params.txt);do echo $i’=’;done
echo
for i in $(cat $target/reconky/wayback_urls/wayback_output.txt);do
ext=”${i##*.}”
if [[ “ext”==”php” ]];then
echo $i >> $target/reconky/wayback_urls/extensions/php1.txt
sort -u $target/reconky/wayback_urls/extensions/php1.txt >> $target/reconky/wayback_urls/extensions/php.txt
rm $target/reconky/wayback_urls/extensions/php1.txt
fi
if [[ “ext”==”js” ]];then
echo $i >> $target/reconky/wayback_urls/extensions/js1.txt
sort -u $target/reconky/wayback_urls/extensions/js1.txt >> $target/reconky/wayback_urls/extensions/js.txt
rm $target/reconky/wayback_urls/extensions/js1.txt
fi
if [[ “ext”==”html” ]];then
echo $i >> $target/reconky/wayback_urls/extensions/html1.txt
sort -u $target/reconky/wayback_urls/extensions/html1.txt >> $target/reconky/wayback_urls/extensions/html.txt
rm $target/reconky/wayback_urls/extensions/html1.txt
fi
if [[ “ext”==”json” ]];then
echo $i >> $target/reconky/wayback_urls/extensions/json1.txt
sort -u $target/reconky/wayback_urls/extensions/json1.txt >> $target/reconky/wayback_urls/extensions/json.txt
rm $target/reconky/wayback_urls/extensions/json1.txt
fi
if [[ “ext”==”aspx” ]];then
echo $i >> $target/reconky/wayback_urls/extensions/aspx1.txt
sort -u $target/reconky/wayback_urls/extensions/aspx1.txt >> $target/reconky/wayback_urls/extensions/aspx.txt
rm $target/reconky/wayback_urls/extensions/aspx1.txt
fi
done
eyewitness -f $target/reconky/httprobe/alivee.txt –web -d $target/
reconky/eyewitness –resolve

DEMO

R K

Recent Posts

Bomber : Navigating Security Vulnerabilities In SBOMs

bomber is an application that scans SBOMs for security vulnerabilities. So you've asked a vendor…

4 hours ago

EmbedPayloadInPng : A Guide To Embedding And Extracting Encrypted Payloads In PNG Files

Embed a payload within a PNG file by splitting the payload across multiple IDAT sections.…

4 hours ago

Exploit Street – Navigating The New Terrain Of Windows LPEs

Exploit-Street, where we dive into the ever-evolving world of cybersecurity with a focus on Local…

2 days ago

ShadowDumper – Advanced Techniques For LSASS Memory Extraction

Shadow Dumper is a powerful tool used to dump LSASS (Local Security Authority Subsystem Service)…

3 days ago

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

2 weeks ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

3 weeks ago