Kali Linux

Reconky : A Great Content Discovery Bash Script For Bug Bounty Hunters Which Automate Lot Of Task And Organized It

Reconky is a script written in bash to automate the task of recon and information gathering. This Bash Script allows you to collect some information that will help you identify what to do next and where to look for the required target.

Main-Features

  • It will Gathers Subdomains with assetfinder and Sublist3r
  • Duplex check for subdomains using amass
  • Enumerates subdomains on a target domain through dictionary attack using knockpy
  • searchs for alive domains using Httprobe
  • Investigates for feasible subdomain takeover
  • Scans for open ports using nmap
  • Pulls and Assembls all possible parameters found in wayback_url data
  • Pulls and compilis json/js/php/aspx/ files from wayback output
  • Runs eyewitness against all the compiled(alive) domains

Installation & Requirements

  • Download the install script from https://github.com/ShivamRai2003/Reconky-Automated_Bash_Script/blob/main/reconky.sh
#!/usr/bin/bash
#Author:Shivam Rai/
#Date:18/06/2021
#Description:Automated Recon tool
echo “
——— _______ _______ _______ _______ _ _
( ____ )( ____ \( ____ \( ___ )( ( /|| \ /\|\ /|
| ( )|| ( \/| ( \/| ( ) || \ ( || \ / /( \ / )
| (____)|| (__ | | | | | || \ | || (_/ / \ (_) /
| __)| __) | | | | | || (\ \) || _ ( \ /
| (\ ( | ( | | | | | || | \ || ( \ \ ) (
| ) \ \__| (____/\| (____/\| (___) || ) \ || / \ \ | |
|/ \__/(_______/(_______/(_______)|/ )_)|_/ \/ \_/
if [[ $(id -u) != 0 ]]; then
echo -e “\n[!] Install.sh requires root privileges”
exit 0
fi
target=$1
if [ ! -d “$target” ];then
mkdir $target
fi
if [ ! -d “$target/reconky” ];then
mkdir $target/reconky
fi
if [ ! -d ‘$target/reconky/sublist3r’ ];then
mkdir $target/reconky/sublist3r
touch $target/reconky/sublist3r/subdomains.txt
fi
if [ ! -d ‘$tagget/reconky/httprobe’ ]; then
mkdir $target/reconky/httprobe
fi
if [ ! -d ‘$target/reconky/assetfinder’ ];then
mkdir $target/reconky/assetfinder
touch $target/reconky/assetfinder/subdomains1.txt
fi
if [ ! -d ‘$target/reconky/Subdomain_Takeover’ ]; then
mkdir $target/reconky/Subdomain_Takeover
fi
if [ ! -d ‘$target/reconky/scans’ ]; then
mkdir $target/reconky/scans
fi
if [ ! -d ‘$target/reconky/wayback_urls’ ]; then
mkdir $target/reconky/wayback_urls
mkdir $target/reconky/wayback_urls/params
touch $target/reconky/wayback_urls/params/params.txt
mkdir $target/reconky/wayback_urls/extensions
fi
if [ ! -d ‘$target/reconky/amass’ ]; then
mkdir $target/reconky/amass
touch $target/reconky/amass/subdomains2.txt
fi
if [ ! -d ‘$target/reconky/witness’ ]; then
mkdir $target/reconky/eyewitness
fi
if [ ! -d ‘$target/reconky/knockpy’ ]; then
mkdir $target/reconky/knockpy
touch $target/reconky/knockpy/subdomains3.txt
fi
if [ ! -f “$target/reconky/httprobe/alivee.txt” ];then
touch $target/reconky/httprobe/alivee.txt
fi
red=`tput setaf 1`
green=`tput setaf 2`
yellow=`tput setaf 3`
echo
echo ${yellow}”Welcome to the Reconky Script-An Excellent Automation Script For Bug Bounty/Pentesting”${yellow}
echo
echo ${red}”[+++] Gatherings subdomains with assetfinder and Sublist3r…[+++]”${red}
echo
echo ${red}”[+++] Duplex checking for subdomains with amass…[+++]”${red}
echo
echo ${red}”[+++] Enumerating subdomains on a target domain through dictionary attack…[+++]”${red}
echo
echo ${red}”[+++] Searching for alive domains using Httprobe…[+++]”${red}
echo
echo ${red}”[+++] Investigating for feasible subdomain takeover…[+++]”${red}
echo
echo ${green}”[+++] Scanning for open ports using nmap…[+++]”${green}
echo
echo ${green}”[+++] Pulling and Assembling all possible params found in wayback_url data…[+++]”${green}
echo
echo ${green}”[+++] Pulling and compiling json/js/php/aspx/ files from wayback output…[+++]”${green}
echo
echo ${green}”[+++] Running gowtiness(eyewitness) against all the compiled(alive) domains…[+++]”${green}
echo
echo ${yellow}”[+++]Recon is in Progress Take A Cofee or Tea ;)[+++]”${yellow}
echo
assetfinder $target >> $target/reconky/assetfinder/subdomains1.txt
cat $target/reconky/assetfinder/subdomains1.txt | grep $1 >> $target/reconky/Subdomain_final.txt
echo
sublist3r -d $target -v -t 100 -o $target/reconky/sublist3r/subdomains.txt
cat $target/reconky/sublist3r/subdomains.txt | grep $1 >> $target/reconky/Subdomain_final.txt
echo
amass enum -d $target -o $target/reconky/amass/subdomains2.txt
cat $target/reconky/amass/subdomains2.txt | grep $1 >> $target/reconky/Subdomain_final.txt
echo
knockpy $target >> $target/reconky/knockpy/subdomains3.txt
awk ‘/$target/ {print}’ $target/reconky/knockpy/subdomains3.txt | cut -d ” ” -f 9 >> $target/reconky/Subdomain_final.txt
echo
cat $target/reconky/Subdomain_final.txt | sort -u | httprobe | sed -E ‘s/^\s*.*:\/\///g’ >> $target/reconky/httprobe/alivee.txt
echo
if [ ! -f “$target/reconky/Subdomain_Takeover/Subdomain_Takeover.txt” ];then
touch $target/reconky/Subdomain_Takeover/Subdomain_Takeover.txt
fi
subjack -w $target/reconky/Subdomain_final.txt -t 70 -timeout 25 -ssl -c /root/go/src/github.com/haccer/subjack/fingerprints.json -v 3 -o $target/reconky/Subdomain_Takeover/Subdomain_Takeover.txt
echo
nmap -iL $target/reconky/httprobe/alivee.txt -T4 -oA $target/reconky/scans/scanned.txt
echo
if [ ! -f “$target/reconky/wayback_urls/wayback_output.txt” ];then
touch $target/reconky/wayback_urls/wayback_output.txt
fi
cat $target/reconky/Subdomain_final.txt | waybackurls >> $target/reconky/wayback_urls/wayback_output.txt
sort -u $target/reconky/wayback_urls/wayback_output.txt
cat $target/reconky/wayback_urls/wayback_output.txt | grep ‘?*=’ | cut -d ‘=’ -f 1 | sort -u >> $target/reconky/wayback_urls/params/params.txt
for i in $(cat $target/reconky/wayback_urls/params/params.txt);do echo $i’=’;done
echo
for i in $(cat $target/reconky/wayback_urls/wayback_output.txt);do
ext=”${i##*.}”
if [[ “ext”==”php” ]];then
echo $i >> $target/reconky/wayback_urls/extensions/php1.txt
sort -u $target/reconky/wayback_urls/extensions/php1.txt >> $target/reconky/wayback_urls/extensions/php.txt
rm $target/reconky/wayback_urls/extensions/php1.txt
fi
if [[ “ext”==”js” ]];then
echo $i >> $target/reconky/wayback_urls/extensions/js1.txt
sort -u $target/reconky/wayback_urls/extensions/js1.txt >> $target/reconky/wayback_urls/extensions/js.txt
rm $target/reconky/wayback_urls/extensions/js1.txt
fi
if [[ “ext”==”html” ]];then
echo $i >> $target/reconky/wayback_urls/extensions/html1.txt
sort -u $target/reconky/wayback_urls/extensions/html1.txt >> $target/reconky/wayback_urls/extensions/html.txt
rm $target/reconky/wayback_urls/extensions/html1.txt
fi
if [[ “ext”==”json” ]];then
echo $i >> $target/reconky/wayback_urls/extensions/json1.txt
sort -u $target/reconky/wayback_urls/extensions/json1.txt >> $target/reconky/wayback_urls/extensions/json.txt
rm $target/reconky/wayback_urls/extensions/json1.txt
fi
if [[ “ext”==”aspx” ]];then
echo $i >> $target/reconky/wayback_urls/extensions/aspx1.txt
sort -u $target/reconky/wayback_urls/extensions/aspx1.txt >> $target/reconky/wayback_urls/extensions/aspx.txt
rm $target/reconky/wayback_urls/extensions/aspx1.txt
fi
done
eyewitness -f $target/reconky/httprobe/alivee.txt –web -d $target/
reconky/eyewitness –resolve

DEMO

R K

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

1 week ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

1 week ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

1 week ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

1 week ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

1 week ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

1 week ago