diff --git a/configuration.cfg b/configuration.cfg index a4663ce..8ca2602 100644 --- a/configuration.cfg +++ b/configuration.cfg @@ -2,7 +2,7 @@ ####### CONFIGURATION FILE ######### #################################### -#COLORS +# COLORS RED="\e[31m" GREEN="\033[1;32m" YELLOW="\e[33m" @@ -13,11 +13,27 @@ DEFAULT="\e[39m" BOLD="\e[1m" NORMAL="\e[0m" -#PARAMETERS -dnsDictionary=YOUR DNS DICTIONARY +#################################### +########## PARAMETERS ############## +#################################### + +# Path to DNS wordlist +dnsDictionary="YOUR_DNS_DICTIONARY" + +# Aquatone timeout (milliseconds) aquatoneTimeout=50000 -dictionary=YOUR DICTIONARY -github_token=YOUR GITHUB TOKEN + +# Path to your main wordlist (e.g. SecLists) +dictionary="YOUR_DICTIONARY" + +# GitHub Personal Access Token +github_token="YOUR_GITHUB_TOKEN" + +# Maximum runtime for long scans (seconds) massiveTime=3600 -excludeStatus=404,403,401,503 -burpCollaborator=YOUR BURP COLLABORATOR LINK + +# HTTP status codes to ignore +excludeStatus="404,403,401,503" + +# Burp Collaborator URL +burpCollaborator="YOUR_BURP_COLLABORATOR_LINK" \ No newline at end of file diff --git a/install.sh b/install.sh index 212617b..6a8cd60 100755 --- a/install.sh +++ b/install.sh @@ -15,15 +15,31 @@ printf "##########################################################\n\n${NORMAL}" sudo apt-get -y update printf "${BOLD}${MAGENTA}Installing programming languages and essential packages\n${NORMAL}" -sudo apt-get install -y python3-pip dnspython golang cargo html2text whatweb theharvester nmap dirsearch sqlmap cargo subjack +sudo apt-get install -y \ +python3-pip \ +python3-venv \ +python3-dnspython \ +golang-go \ +cargo \ +rustc \ +html2text \ +whatweb \ +theharvester \ +nmap \ +dirsearch \ +sqlmap \ +jq \ +curl \ +wget \ +git printf "${BOLD}${MAGENTA}Cloning repositories and installing dependencies\n${NORMAL}" -cd $HOME +cd "$HOME" mkdir -p tools cd tools declare -A REPOS=( - ["Asnlookup"]="https://github.com/yassineaboukir/Asnlookup" + ["Asnlookup"]="https://github.com/fang0654/Asnlookup.git" ["ssl-checker"]="https://github.com/narbehaj/ssl-checker" ["cloud_enum"]="https://github.com/initstring/cloud_enum" ["GitDorker"]="https://github.com/obheda12/GitDorker" @@ -41,62 +57,113 @@ declare -A REPOS=( for repo in "${!REPOS[@]}"; do printf "${CYAN}Cloning ${repo}\n${NORMAL}" - git clone "${REPOS[$repo]}" + if [ ! -d "$repo" ]; then + git clone "${REPOS[$repo]}" + fi cd "$repo" if [ -f requirements.txt ]; then - pip3 install -r requirements.txt --break-system-packages + python3 -m pip install -r requirements.txt --break-system-packages --ignore-installed fi cd .. done -pip3 install arjun +python3 -m pip install arjun --break-system-packages --ignore-installed printf "${CYAN}Building findomain\n${NORMAL}" cd findomain -cargo build --release -sudo cp target/release/findomain /usr/bin/ +if command -v cargo >/dev/null; then + cargo build --release + sudo cp target/release/findomain /usr/local/bin/ +fi cd .. printf "${CYAN}Building anti-burl\n${NORMAL}" cd hacks/anti-burl/ go build main.go -sudo mv main ~/go/bin/anti-burl +mkdir -p ~/go/bin +mv main ~/go/bin/anti-burl +sudo cp ~/go/bin/anti-burl /usr/local/bin/ cd ../.. +# ---- gf patterns / examples / shell completion ---- +printf "${CYAN}Setting up gf patterns\n${NORMAL}" mkdir -p ~/.gf cp -r Gf-Patterns/* ~/.gf +GF_TMP=$(mktemp -d) +if git clone --depth 1 https://github.com/tomnomnom/gf "$GF_TMP/gf"; then + [ -d "$GF_TMP/gf/examples" ] && cp -r "$GF_TMP/gf/examples" ~/.gf + if [ -f "$GF_TMP/gf/gf-completion.bash" ]; then + cp "$GF_TMP/gf/gf-completion.bash" ~/.gf/ + grep -qxF 'source ~/.gf/gf-completion.bash' ~/.bashrc 2>/dev/null || \ + echo 'source ~/.gf/gf-completion.bash' >> ~/.bashrc + fi +else + printf "Could not clone gf repo for examples/completion, skipping.\n" +fi +rm -rf "$GF_TMP" + +# ---- Amass ---- +printf "${CYAN}Installing Amass v5.1.1\n${NORMAL}" +AMASS_TMP=$(mktemp -d) +if wget -q -O "$AMASS_TMP/amass.tar.gz" \ + https://github.com/owasp-amass/amass/releases/download/v5.1.1/amass_linux_amd64.tar.gz; then + tar -xzf "$AMASS_TMP/amass.tar.gz" -C "$AMASS_TMP" + AMASS_BIN=$(find "$AMASS_TMP" -type f -iname amass | head -n1) + if [ -n "$AMASS_BIN" ]; then + sudo cp "$AMASS_BIN" /usr/local/bin/amass + sudo chmod +x /usr/local/bin/amass + else + printf "Amass binary not found inside the archive, skipping.\n" + fi +else + printf "Amass download failed (asset name may have changed upstream), skipping.\n" +fi +rm -rf "$AMASS_TMP" + +# ---- Go tools ---- printf "${BOLD}${MAGENTA}Installing GO tools\n${NORMAL}" declare -a GO_TOOLS=( - "github.com/OWASP/Amass/v3/..." - "github.com/michenriksen/aquatone" - "github.com/projectdiscovery/subfinder/v2/cmd/subfinder" - "github.com/hakluke/hakrawler" - "github.com/tomnomnom/anew" - "github.com/projectdiscovery/httpx/cmd/httpx" - "github.com/projectdiscovery/notify/cmd/notify" - "github.com/projectdiscovery/nuclei/v2/cmd/nuclei" - "github.com/lc/gau" - "github.com/tomnomnom/gf" - "github.com/tomnomnom/qsreplace" - "github.com/hahwul/dalfox/v2" - "github.com/tomnomnom/hacks/html-tool" - "github.com/tomnomnom/waybackurls" + "github.com/projectdiscovery/subfinder/v2/cmd/subfinder|subfinder" + "github.com/hakluke/hakrawler|hakrawler" + "github.com/tomnomnom/anew|anew" + "github.com/projectdiscovery/httpx/cmd/httpx|httpx" + "github.com/projectdiscovery/notify/cmd/notify|notify" + "github.com/projectdiscovery/nuclei/v3/cmd/nuclei|nuclei" + "github.com/lc/gau|gau" + "github.com/tomnomnom/gf|gf" + "github.com/tomnomnom/qsreplace|qsreplace" + "github.com/hahwul/dalfox/v2|dalfox" + "github.com/tomnomnom/hacks/html-tool|html-tool" + "github.com/tomnomnom/waybackurls|waybackurls" ) -for tool in "${GO_TOOLS[@]}"; do - printf "${CYAN}Installing $(basename $tool)\n${NORMAL}" - go install "$tool@latest" - sudo cp "$HOME/go/bin/$(basename $tool)" /usr/local/bin/ -done +mkdir -p ~/go/bin -echo 'source $GOPATH/src/github.com/tomnomnom/gf/gf-completion.bash' >> ~/.bashrc -cp -r ~/go/src/github.com/tomnomnom/gf/examples ~/.gf +for entry in "${GO_TOOLS[@]}"; do + module="${entry%%|*}" + binary="${entry##*|}" + + printf "${CYAN}Installing ${binary}\n${NORMAL}" + go install "${module}@latest" + + if [ -f "$HOME/go/bin/$binary" ]; then + sudo cp "$HOME/go/bin/$binary" /usr/local/bin/ + else + printf "Warning: %s binary not found at ~/go/bin after install, skipping copy.\n" "$binary" + fi +done -printf "${CYAN}Installing MailSpoof\n${NORMAL}" -sudo pip3 install mailspoof +printf "${CYAN}Installing MailSpoof (isolated, to avoid downgrading system requests/dnspython/idna)\n${NORMAL}" +if ! command -v pipx >/dev/null; then + sudo apt-get install -y pipx +fi +pipx install mailspoof || pipx install --force mailspoof +pipx ensurepath >/dev/null 2>&1 || true printf "${CYAN}Installing Shcheck\n${NORMAL}" -git clone https://github.com/santoru/shcheck +if [ ! -d shcheck ]; then + git clone https://github.com/santoru/shcheck +fi -printf "${BOLD}${YELLOW}Installation completed successfully!\n${NORMAL}" +printf "${BOLD}${YELLOW}Installation completed successfully!\n${NORMAL}" \ No newline at end of file diff --git a/subdomains/alive.csv b/subdomains/alive.csv new file mode 100644 index 0000000..e69de29 diff --git a/subdomains/alive.json b/subdomains/alive.json new file mode 100644 index 0000000..55d2400 --- /dev/null +++ b/subdomains/alive.json @@ -0,0 +1 @@ +{"domains": []} diff --git a/subdomains/alive.txt b/subdomains/alive.txt new file mode 100644 index 0000000..e69de29 diff --git a/subdomains/alive_subdomains.txt b/subdomains/alive_subdomains.txt new file mode 100644 index 0000000..e69de29 diff --git a/subdomains/subdomains.csv b/subdomains/subdomains.csv new file mode 100644 index 0000000..e69de29 diff --git a/subdomains/subdomains.json b/subdomains/subdomains.json new file mode 100644 index 0000000..55d2400 --- /dev/null +++ b/subdomains/subdomains.json @@ -0,0 +1 @@ +{"domains": []} diff --git a/subdomains/subdomains.txt b/subdomains/subdomains.txt new file mode 100644 index 0000000..e69de29 diff --git a/targets/hackycorp.com/footprinting/asn.txt b/targets/hackycorp.com/footprinting/asn.txt new file mode 100644 index 0000000..84d4a2c --- /dev/null +++ b/targets/hackycorp.com/footprinting/asn.txt @@ -0,0 +1,13 @@ + + ____ ____ _ _ _ ____ ____ _ _ _ _ ___ + |__| [__ |\ | | | | | | |_/ | | |__] + | | ___] | \| |___ |__| |__| | \_ |__| | + + Author: Yassine Aboukir (@yassineaboukir) + +[*] Downloading ASN database ... + + +Done! + +[*] Timed out while trying to connect to the database server, please run the tool again. diff --git a/targets/hackycorp.com/footprinting/cloud.txt b/targets/hackycorp.com/footprinting/cloud.txt new file mode 100644 index 0000000..0919256 --- /dev/null +++ b/targets/hackycorp.com/footprinting/cloud.txt @@ -0,0 +1 @@ +[!] Please pip install requirements.txt. diff --git a/targets/hackycorp.com/footprinting/emails.txt b/targets/hackycorp.com/footprinting/emails.txt new file mode 100644 index 0000000..e69de29 diff --git a/targets/hackycorp.com/footprinting/hosts.txt b/targets/hackycorp.com/footprinting/hosts.txt new file mode 100644 index 0000000..e69de29 diff --git a/targets/hackycorp.com/footprinting/ips.txt b/targets/hackycorp.com/footprinting/ips.txt new file mode 100644 index 0000000..e69de29 diff --git a/targets/hackycorp.com/footprinting/nslookup.txt b/targets/hackycorp.com/footprinting/nslookup.txt new file mode 100644 index 0000000..1c147d0 --- /dev/null +++ b/targets/hackycorp.com/footprinting/nslookup.txt @@ -0,0 +1,7 @@ +Server: 192.168.1.1 +Address: 192.168.1.1#53 + +Non-authoritative answer: +Name: hackycorp.com +Address: 51.158.147.132 + diff --git a/targets/hackycorp.com/footprinting/ssl.txt b/targets/hackycorp.com/footprinting/ssl.txt new file mode 100644 index 0000000..bf5d9db --- /dev/null +++ b/targets/hackycorp.com/footprinting/ssl.txt @@ -0,0 +1,35 @@ ++---------------------+ +| Analyzing 1 host(s) | ++---------------------+ + [✓] hackycorp.com + ------------------ + Issued domain: hackycorp.com + Issued to: N/A + Issued by: Let's Encrypt (US) + Server IP: 51.158.147.132 + Valid from: 2026-07-04 + Valid to: 2026-10-02 (80 days left) + Validity days: 89 + TLS Version: TLSv1.2 + Cipher: ECDHE-RSA-CHACHA20-POLY1305 + Chain length: 3 + Certificate trusted: True + Hostname matches: True + Certificate valid: True + Certificate S/N: 491835649558861378523953798870119837188470 + Certificate SHA1 FP: e58eecb91f5c0daceb87ba49800da80b28efcff4 + Certificate SHA256 FP: 21f272fc8a1af35e8ba33384b9d3c8c064625df27010f98cb1d6f1392fb2c9b7 + Certificate version: 2 + Certificate algorithm: sha256WithRSAEncryption + Public key: RSA 2048 bits + Signature hash: sha256 + Expired: False + Certificate SANs: + \_ 66177e3f25e3ea0713807b1dc5f0b9df.hackycorp.com + \_ hackycorp.com + \_ www.hackycorp.com + + ++----------------------------------------------------------------------------------------------------------+ +| Successful: 1 | Failed: 0 | Valid: 1 | Warning: 0 | Expired: 0 | Untrusted: 0 | Duration: 0:00:00.633416 | ++----------------------------------------------------------------------------------------------------------+ diff --git a/targets/hackycorp.com/footprinting/theharvester.txt b/targets/hackycorp.com/footprinting/theharvester.txt new file mode 100644 index 0000000..e69de29 diff --git a/targets/hackycorp.com/footprinting/users.txt b/targets/hackycorp.com/footprinting/users.txt new file mode 100644 index 0000000..e69de29 diff --git a/targets/hackycorp.com/footprinting/whatweb.txt b/targets/hackycorp.com/footprinting/whatweb.txt new file mode 100644 index 0000000..b0635c2 --- /dev/null +++ b/targets/hackycorp.com/footprinting/whatweb.txt @@ -0,0 +1,2 @@ +http://hackycorp.com [200 OK] Bootstrap, Country[UNITED KINGDOM][GB], HTML5, HTTPServer[nginx], IP[51.158.147.132], JQuery, Script, Title[HackyCorp], UncommonHeaders[pentesterlab_recon_09], X-UA-Compatible[IE=edge], nginx +https://hackycorp.com [200 OK] Bootstrap, Country[UNITED KINGDOM][GB], HTML5, HTTPServer[nginx], IP[51.158.147.132], JQuery, Script, Title[HackyCorp], UncommonHeaders[pentesterlab_recon_09], X-UA-Compatible[IE=edge], nginx diff --git a/targets/hackycorp.com/footprinting/whois.txt b/targets/hackycorp.com/footprinting/whois.txt new file mode 100644 index 0000000..0af0ae0 --- /dev/null +++ b/targets/hackycorp.com/footprinting/whois.txt @@ -0,0 +1,85 @@ + Domain Name: HACKYCORP.COM + Registry Domain ID: 2506038815_DOMAIN_COM-VRSN + Registrar WHOIS Server: whois.gandi.net + Registrar URL: http://www.gandi.net + Updated Date: 2026-03-04T00:19:15Z + Creation Date: 2020-03-22T07:53:04Z + Registry Expiry Date: 2028-03-22T07:53:04Z + Registrar: Gandi SAS + Registrar IANA ID: 81 + Registrar Abuse Contact Email: abuse@support.gandi.net + Registrar Abuse Contact Phone: +33.170377661 + Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited + Name Server: NS-104-A.GANDI.NET + Name Server: NS-123-C.GANDI.NET + Name Server: NS-219-B.GANDI.NET + DNSSEC: unsigned +The Registry database contains ONLY .COM, .NET, .EDU domains and +Registrars. +Domain Name: hackycorp.com +Registry Domain ID: 2506038815_DOMAIN_COM-VRSN +Registrar WHOIS Server: whois.gandi.net +Registrar URL: http://www.gandi.net +Updated Date: 2026-03-04T00:19:15Z +Creation Date: 2020-03-22T06:53:04Z +Registrar Registration Expiration Date: 2028-03-22T07:53:04Z +Registrar: GANDI SAS +Registrar IANA ID: 81 +Registrar Abuse Contact Email: abuse@support.gandi.net +Registrar Abuse Contact Phone: +33.170377661 +Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited +Domain Status: +Domain Status: +Domain Status: +Domain Status: +Registry Registrant ID: REDACTED FOR PRIVACY +Registrant Name: REDACTED FOR PRIVACY +Registrant Organization: PentesterLab +Registrant Street: REDACTED FOR PRIVACY +Registrant City: REDACTED FOR PRIVACY +Registrant State/Province: +Registrant Postal Code: REDACTED FOR PRIVACY +Registrant Country: AU +Registrant Phone: REDACTED FOR PRIVACY +Registrant Phone Ext: +Registrant Fax: REDACTED FOR PRIVACY +Registrant Fax Ext: +Registrant Email: b4f64d25d6de936b53f6f967cdeb3c6b-18257455@contact.gandi.net +Registry Admin ID: REDACTED FOR PRIVACY +Admin Name: REDACTED FOR PRIVACY +Admin Organization: REDACTED FOR PRIVACY +Admin Street: REDACTED FOR PRIVACY +Admin City: REDACTED FOR PRIVACY +Admin State/Province: REDACTED FOR PRIVACY +Admin Postal Code: REDACTED FOR PRIVACY +Admin Country: REDACTED FOR PRIVACY +Admin Phone: REDACTED FOR PRIVACY +Admin Phone Ext: +Admin Fax: REDACTED FOR PRIVACY +Admin Fax Ext: +Admin Email: b4f64d25d6de936b53f6f967cdeb3c6b-18257455@contact.gandi.net +Registry Tech ID: REDACTED FOR PRIVACY +Tech Name: REDACTED FOR PRIVACY +Tech Organization: REDACTED FOR PRIVACY +Tech Street: REDACTED FOR PRIVACY +Tech City: REDACTED FOR PRIVACY +Tech State/Province: REDACTED FOR PRIVACY +Tech Postal Code: REDACTED FOR PRIVACY +Tech Country: REDACTED FOR PRIVACY +Tech Phone: REDACTED FOR PRIVACY +Tech Phone Ext: +Tech Fax: REDACTED FOR PRIVACY +Tech Fax Ext: +Tech Email: b4f64d25d6de936b53f6f967cdeb3c6b-18257455@contact.gandi.net +Name Server: NS-104-A.GANDI.NET +Name Server: NS-219-B.GANDI.NET +Name Server: NS-123-C.GANDI.NET +Name Server: +Name Server: +Name Server: +Name Server: +Name Server: +Name Server: +Name Server: +DNSSEC: Unsigned +A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.