-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauto_recon.sh
72 lines (56 loc) · 2 KB
/
auto_recon.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/bash
# auto_recon.sh
# -------------
# A single script to run the entire reconnaissance workflow.
set -e
domain="$1"
if [ -z "$domain" ]; then
echo "Usage: $0 <domain>"
exit 1
fi
echo "[*] Starting automated reconnaissance on $domain"
# Ensure all scripts are executable
chmod +x subdomain_enum.sh \
port_scan.sh \
http_probe.sh \
dir_bruteforce.sh \
vuln_scan.sh \
js_collection.sh \
endpoint_discovery.sh \
subdomain_takeover.sh
# --------------------------------------------------
# Step 1: Subdomain Enumeration
# --------------------------------------------------
./subdomain_enum.sh "$domain"
# --------------------------------------------------
# Step 2: Port Scanning
# --------------------------------------------------
./port_scan.sh "$domain"
# --------------------------------------------------
# Step 3: HTTP Probing and Screenshotting
# --------------------------------------------------
./http_probe.sh "$domain"
# --------------------------------------------------
# Step 4: Directory and File Bruteforcing
# --------------------------------------------------
./dir_bruteforce.sh "$domain"
# --------------------------------------------------
# Step 5: Vulnerability Scanning
# --------------------------------------------------
./vuln_scan.sh "$domain"
# --------------------------------------------------
# Step 6: Collecting and Analyzing JavaScript Files
# --------------------------------------------------
./js_collection.sh "$domain"
cd "recon/$domain/javascript_files" || exit
python3 ../../../js_analyzer.py
cd ../../../
# --------------------------------------------------
# Step 7: API and Endpoint Discovery
# --------------------------------------------------
./endpoint_discovery.sh "$domain"
# --------------------------------------------------
# Step 8: Subdomain Takeover Check
# --------------------------------------------------
./subdomain_takeover.sh "$domain"
echo "[*] Automated reconnaissance completed for $domain"