Usage: ~$ bash scanner.sh example.com
Running in background in VPS using nohup
Usage: ~$ nohup bash scanner.sh example.com &> example.out&
Subdomain Enumeration
- Amass
- Findomain
- Subfinder
- Aquatone (old)
gem install aquatone - Sublist3r
- Rapid7's Project Sonar
changing altdns to dnsgen. it's faster than altdns
Scan All Alive Hosts with filter-resolved and Httprobe
The reason we implement this, Is filter-resolved has an output which httprobe doesn't have. We filter it using diff and include it to vhost scan's wordlist :)
Separating Cloudflare IPs to Non-Cloudflare IPs
It's useless to scan Cloudflare IPs. FYI, Install grepcidr first
apt-get install grepcidr
Subdomain TakeOver
Collecting Endpoints thru Linkfinder
Collecting Endpoints thru Github
make sure to create
.tokensfile (containing your github token) together withgithub-endpoints.py(probably in ~/tools folder).
Port Scanning
- NMAP
- Masscan
Webanalyze for Fingerprinting assets
Default Credential Scanning
Scanning default credentials for all protocols and services Need a redis server to properly run this tool.
File/Dir Discovery
Virtual Hosts Scan
I hope that someone could help me to add more useful automated scanning technique :)
For the installation of all the tools above. I linked all the github links, just make sure that its in the right directory PATH and your good to go. feel free to modify and feel free not to use it if you don't like it :)
- Install Script
Thanks to @sumgr0
- Another Vhost Scanner
Thinking about gobuster or codingo's VHost Scan
- HTML Report
HTML Reporting Yey :)
- A Param Miner like tool
A parameter bruteforcer, maybe parameth will do.
ALL CREDIT GOES TO AMAZING CREATORS OF THIS WONDERFUL TOOLS :)
cannot make to mention y'all co'z i'm too lazy to do that though :D (i'm being honest here)
You can help me by registering an account here (with my referral code of course) and you can also help me (slash) support me in this project.
Or Buy Me Coffee here