Some tools to automate recon - 003random
Home Page: https://poc-server.com/
From the commands in install.sh, it is visible that you are downloading the source code of nmap and then locally building it.
(IMHO It is really waste of time if the system already has latest version of nmap.)
Compiling nmap requires gcc and other libraries like OpenSSL and LibSSH2. Instead of going to hard way, why not just sudo apt-get install nmap ?
Implement a default 5s delay between requests to the same origin.
Create a override parameter for this delay.
Ref: tomnomnom/meg#6 (comment)
As install.sh begins with:
`home_dir=$(pwd)
dependencies_dir="dependencies"
mkdir $output_dir;
mkdir $dependencies_dir;
`
$output_dir is used before assigning it. Also home_dir is assigned but not used, though this won't arrise any error.
I guess there was some confusion declaring them.
First two lines of install.sh:
dependencies_dir="dependencies"
dependencies_dir="output"
It causes the install to fail unless it is changed to:
dependencies_dir="dependencies"
output_dir="output"
Hi,
While other functions are perfectly working but these two are not working:
CORS misconfiguration
CRLF injection
Wpscan-subdoamins.sh
nmap
I am getting this result after running the tool.
in header_scan.py is this code snippet:
for domain in domains:
if domain != "":
try:
**_r = requests.head("https://"+domain, timeout=5)_**
except:
print("[-]Error on https://"+domain)
headers_found = []
for header in headers:
_**current_header = r.headers.get(header.lower())**_
if current_header != None and "nginx" not in current_header.lower():
headers_found.append(str(current_header))
if headers_found != []:
if is_closed:
file = open(output_file,"w+")
is_closed = False
print("[+]"+domain+" - "+str(headers_found))
file.write(domain+" - "+str(headers_found)+"\n")
else:
print("[-]"+domain+" - "+str(headers_found))
else:
So there is defined variable "r" and the variable is in try-except clause. Later the same variable is referenced again. The problem is, that if the TRY fails, the variable "r" is not defined, and therefore we get error(on the right side of the picture), we get "NameError: name 'r' is not defined"
I manually installed sublist3r because it wasn't automatically included through the install script, but now I'm running into an error where it seems to fail after Sublist3r runs and then encounters cascading failure.
Any insight into what's tripping it up would be a huge help.
โ sudo ./recon.sh DUMMY.SITE
Please read through this script before executing, to prevent unexpected things from happening.
mkdir: DUMMY.SITE: File exists
-- DUMMY.SITE Started --
____ _ _ _ _ _____
/ ___| _ _| |__ | (_)___| |_|___ / _ __
\___ \| | | | '_ \| | / __| __| |_ \| '__|
___) | |_| | |_) | | \__ \ |_ ___) | |
|____/ \__,_|_.__/|_|_|___/\__|____/|_|
# Coded By Ahmed Aboul-Ela - @aboul3la
[-] Enumerating subdomains now for DUMMY.SITE
[-] Searching now in Baidu..
[-] Searching now in Yahoo..
[-] Searching now in Google..
[-] Searching now in Bing..
[-] Searching now in Ask..
[-] Searching now in Netcraft..
[-] Searching now in DNSdumpster..
[-] Searching now in Virustotal..
[-] Searching now in ThreatCrowd..
[-] Searching now in SSL Certificates..
[-] Searching now in PassiveDNS..
Traceback (most recent call last):
File "tools/online.py", line 28, in <module>
input_file_open = open(input_file, 'r')
IOError: [Errno 2] No such file or directory: 'output/DUMMY.SITE/domains-all.txt'
-- Testing crlf on domains in output/DUMMY.SITE/domains.txt with output file, output/DUMMY.SITE/crlf.txt --
tools/crlf.sh: line 15: output/DUMMY.SITE/domains.txt: No such file or directory
tools/crlf.sh: line 15: output/DUMMY.SITE/domains.txt: No such file or directory
tools/crlf.sh: line 15: output/DUMMY.SITE/domains.txt: No such file or directory
tools/crlf.sh: line 15: output/DUMMY.SITE/domains.txt: No such file or directory
tools/crlf.sh: line 15: output/DUMMY.SITE/domains.txt: No such file or directory
tools/crlf.sh: line 15: output/DUMMY.SITE/domains.txt: No such file or directory
tools/crlf.sh: line 15: output/DUMMY.SITE/domains.txt: No such file or directory
tools/crlf.sh: line 15: output/DUMMY.SITE/domains.txt: No such file or directory
tools/crlf.sh: line 15: output/DUMMY.SITE/domains.txt: No such file or directory
-- Done --
-- Scanning for misconfigured cors headers in output/DUMMY.SITE/domains.txt with output file, output/DUMMY.SITE/misconfigured_cors.txt --
[-]File not found!
-- Done --
-- Testing open redirects on domains in output/DUMMY.SITE/domains.txt with output file, output/DUMMY.SITE/open_redirects.txt --
Traceback (most recent call last):
File "tools/open_redirect.py", line 48, in <module>
start()
File "tools/open_redirect.py", line 17, in start
domains = open(input_file,'r').read().split('\n')
IOError: [Errno 2] No such file or directory: 'output/DUMMY.SITE/domains.txt'
-- Testing for sensitive info in headers on domains in output/DUMMY.SITE/domains.txt with output file, output/DUMMY.SITE/sensitive_headers.txt --
Traceback (most recent call last):
File "tools/header_scan.py", line 10, in <module>
domains = open(input_file,'r').read().split('\n')
IOError: [Errno 2] No such file or directory: 'output/DUMMY.SITE/domains.txt'
Traceback (most recent call last):
File "tools/error_page_info_check.py", line 10, in <module>
domains = open(input_file,'r').read().split('\n')
IOError: [Errno 2] No such file or directory: 'output/DUMMY.SITE/domains.txt'
Traceback (most recent call last):
File "tools/subdomain_takeover_scan.py", line 9, in <module>
domains = open(input_file,'r').read().split('\n')
IOError: [Errno 2] No such file or directory: 'output/DUMMY.SITE/domains.txt'
-- Extracting javascript files from domains in output/DUMMY.SITE/domains.txt with output file, output/DUMMY.SITE/javascript_files.txt --
Traceback (most recent call last):
File "tools/javascript_files_extractor.py", line 10, in <module>
domains_file = open(input_file,'r')
IOError: [Errno 2] No such file or directory: 'output/DUMMY.SITE/domains.txt'
-- Extracting links out of javascript files in output/DUMMY.SITE/javascript_files.txt with output file, output/DUMMY.SITE/extracted_urls.txt --
[-]File not found!webscreenshot.py version 2.1
Traceback (most recent call last):
File "dependencies/webscreenshot/webscreenshot.py", line 398, in <module>
main()
File "dependencies/webscreenshot/webscreenshot.py", line 391, in main
url_list = parse_targets(options)
File "dependencies/webscreenshot/webscreenshot.py", line 227, in parse_targets
with open(fd,'rb') as fd_input:
IOError: [Errno 2] No such file or directory: 'output/DUMMY.SITE/domains.txt'
Traceback (most recent call last):
File "tools/wordpress_check.py", line 9, in <module>
domains = open(input_file,'r').read().split('\n')
IOError: [Errno 2] No such file or directory: 'output/DUMMY.SITE/domains.txt'
[ERROR] cannot load such file -- typhoeus
[TIP] Try to run 'gem install typhoeus' or 'gem install --user-install typhoeus'. If you still get an error, Please see README file or https://github.com/wpscanteam/wpscan
-- Starting a wpscan for the domains in output/DUMMY.SITE/wordpress_sites.txt --
[-]File not found!
-- Done --
-- Scanning services from output/DUMMY.SITE/domains.txt with output file, output/DUMMY.SITE/nmap_scans.txt --
tools/nmap_scan.sh: line 4: output/DUMMY.SITE/domains.txt: No such file or directory
tools/nmap_scan.sh: line 4: / 1: syntax error: operand expected (error token is "/ 1")
tools/nmap_scan.sh: line 9: output/DUMMY.SITE/domains.txt: No such file or directory
-- Done --
-- DUMMY.SITE Finished --
Hi @003random
Could not find any command for feeding a list domains/ips. Please add support for list of domains/ips because sometimes subdomain tools within 003Recon can't find Subdomains which we find via manual checking or using other tools than sublist3r etc..
Thanks.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.