Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 23 additions & 7 deletions configuration.cfg
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
####### CONFIGURATION FILE #########
####################################

#COLORS
# COLORS
RED="\e[31m"
GREEN="\033[1;32m"
YELLOW="\e[33m"
Expand All @@ -13,11 +13,27 @@ DEFAULT="\e[39m"
BOLD="\e[1m"
NORMAL="\e[0m"

#PARAMETERS
dnsDictionary=YOUR DNS DICTIONARY
####################################
########## PARAMETERS ##############
####################################

# Path to DNS wordlist
dnsDictionary="YOUR_DNS_DICTIONARY"

# Aquatone timeout (milliseconds)
aquatoneTimeout=50000
dictionary=YOUR DICTIONARY
github_token=YOUR GITHUB TOKEN

# Path to your main wordlist (e.g. SecLists)
dictionary="YOUR_DICTIONARY"

# GitHub Personal Access Token
github_token="YOUR_GITHUB_TOKEN"

# Maximum runtime for long scans (seconds)
massiveTime=3600
excludeStatus=404,403,401,503
burpCollaborator=YOUR BURP COLLABORATOR LINK

# HTTP status codes to ignore
excludeStatus="404,403,401,503"

# Burp Collaborator URL
burpCollaborator="YOUR_BURP_COLLABORATOR_LINK"
135 changes: 101 additions & 34 deletions install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -15,15 +15,31 @@ printf "##########################################################\n\n${NORMAL}"
sudo apt-get -y update

printf "${BOLD}${MAGENTA}Installing programming languages and essential packages\n${NORMAL}"
sudo apt-get install -y python3-pip dnspython golang cargo html2text whatweb theharvester nmap dirsearch sqlmap cargo subjack
sudo apt-get install -y \
python3-pip \
python3-venv \
python3-dnspython \
golang-go \
cargo \
rustc \
html2text \
whatweb \
theharvester \
nmap \
dirsearch \
sqlmap \
jq \
curl \
wget \
git

printf "${BOLD}${MAGENTA}Cloning repositories and installing dependencies\n${NORMAL}"
cd $HOME
cd "$HOME"
mkdir -p tools
cd tools

declare -A REPOS=(
["Asnlookup"]="https://github.com/yassineaboukir/Asnlookup"
["Asnlookup"]="https://github.com/fang0654/Asnlookup.git"
["ssl-checker"]="https://github.com/narbehaj/ssl-checker"
["cloud_enum"]="https://github.com/initstring/cloud_enum"
["GitDorker"]="https://github.com/obheda12/GitDorker"
Expand All @@ -41,62 +57,113 @@ declare -A REPOS=(

for repo in "${!REPOS[@]}"; do
printf "${CYAN}Cloning ${repo}\n${NORMAL}"
git clone "${REPOS[$repo]}"
if [ ! -d "$repo" ]; then
git clone "${REPOS[$repo]}"
fi
cd "$repo"
if [ -f requirements.txt ]; then
pip3 install -r requirements.txt --break-system-packages
python3 -m pip install -r requirements.txt --break-system-packages --ignore-installed
fi
cd ..
done

pip3 install arjun
python3 -m pip install arjun --break-system-packages --ignore-installed

printf "${CYAN}Building findomain\n${NORMAL}"
cd findomain
cargo build --release
sudo cp target/release/findomain /usr/bin/
if command -v cargo >/dev/null; then
cargo build --release
sudo cp target/release/findomain /usr/local/bin/
fi
cd ..

printf "${CYAN}Building anti-burl\n${NORMAL}"
cd hacks/anti-burl/
go build main.go
sudo mv main ~/go/bin/anti-burl
mkdir -p ~/go/bin
mv main ~/go/bin/anti-burl
sudo cp ~/go/bin/anti-burl /usr/local/bin/
cd ../..

# ---- gf patterns / examples / shell completion ----
printf "${CYAN}Setting up gf patterns\n${NORMAL}"
mkdir -p ~/.gf
cp -r Gf-Patterns/* ~/.gf

GF_TMP=$(mktemp -d)
if git clone --depth 1 https://github.com/tomnomnom/gf "$GF_TMP/gf"; then
[ -d "$GF_TMP/gf/examples" ] && cp -r "$GF_TMP/gf/examples" ~/.gf
if [ -f "$GF_TMP/gf/gf-completion.bash" ]; then
cp "$GF_TMP/gf/gf-completion.bash" ~/.gf/
grep -qxF 'source ~/.gf/gf-completion.bash' ~/.bashrc 2>/dev/null || \
echo 'source ~/.gf/gf-completion.bash' >> ~/.bashrc
fi
else
printf "Could not clone gf repo for examples/completion, skipping.\n"
fi
rm -rf "$GF_TMP"

# ---- Amass ----
printf "${CYAN}Installing Amass v5.1.1\n${NORMAL}"
AMASS_TMP=$(mktemp -d)
if wget -q -O "$AMASS_TMP/amass.tar.gz" \
https://github.com/owasp-amass/amass/releases/download/v5.1.1/amass_linux_amd64.tar.gz; then
tar -xzf "$AMASS_TMP/amass.tar.gz" -C "$AMASS_TMP"
AMASS_BIN=$(find "$AMASS_TMP" -type f -iname amass | head -n1)
if [ -n "$AMASS_BIN" ]; then
sudo cp "$AMASS_BIN" /usr/local/bin/amass
sudo chmod +x /usr/local/bin/amass
else
printf "Amass binary not found inside the archive, skipping.\n"
fi
else
printf "Amass download failed (asset name may have changed upstream), skipping.\n"
fi
rm -rf "$AMASS_TMP"

# ---- Go tools ----
printf "${BOLD}${MAGENTA}Installing GO tools\n${NORMAL}"
declare -a GO_TOOLS=(
"github.com/OWASP/Amass/v3/..."
"github.com/michenriksen/aquatone"
"github.com/projectdiscovery/subfinder/v2/cmd/subfinder"
"github.com/hakluke/hakrawler"
"github.com/tomnomnom/anew"
"github.com/projectdiscovery/httpx/cmd/httpx"
"github.com/projectdiscovery/notify/cmd/notify"
"github.com/projectdiscovery/nuclei/v2/cmd/nuclei"
"github.com/lc/gau"
"github.com/tomnomnom/gf"
"github.com/tomnomnom/qsreplace"
"github.com/hahwul/dalfox/v2"
"github.com/tomnomnom/hacks/html-tool"
"github.com/tomnomnom/waybackurls"
"github.com/projectdiscovery/subfinder/v2/cmd/subfinder|subfinder"
"github.com/hakluke/hakrawler|hakrawler"
"github.com/tomnomnom/anew|anew"
"github.com/projectdiscovery/httpx/cmd/httpx|httpx"
"github.com/projectdiscovery/notify/cmd/notify|notify"
"github.com/projectdiscovery/nuclei/v3/cmd/nuclei|nuclei"
"github.com/lc/gau|gau"
"github.com/tomnomnom/gf|gf"
"github.com/tomnomnom/qsreplace|qsreplace"
"github.com/hahwul/dalfox/v2|dalfox"
"github.com/tomnomnom/hacks/html-tool|html-tool"
"github.com/tomnomnom/waybackurls|waybackurls"
)

for tool in "${GO_TOOLS[@]}"; do
printf "${CYAN}Installing $(basename $tool)\n${NORMAL}"
go install "$tool@latest"
sudo cp "$HOME/go/bin/$(basename $tool)" /usr/local/bin/
done
mkdir -p ~/go/bin

echo 'source $GOPATH/src/github.com/tomnomnom/gf/gf-completion.bash' >> ~/.bashrc
cp -r ~/go/src/github.com/tomnomnom/gf/examples ~/.gf
for entry in "${GO_TOOLS[@]}"; do
module="${entry%%|*}"
binary="${entry##*|}"

printf "${CYAN}Installing ${binary}\n${NORMAL}"
go install "${module}@latest"

if [ -f "$HOME/go/bin/$binary" ]; then
sudo cp "$HOME/go/bin/$binary" /usr/local/bin/
else
printf "Warning: %s binary not found at ~/go/bin after install, skipping copy.\n" "$binary"
fi
done

printf "${CYAN}Installing MailSpoof\n${NORMAL}"
sudo pip3 install mailspoof
printf "${CYAN}Installing MailSpoof (isolated, to avoid downgrading system requests/dnspython/idna)\n${NORMAL}"
if ! command -v pipx >/dev/null; then
sudo apt-get install -y pipx
fi
pipx install mailspoof || pipx install --force mailspoof
pipx ensurepath >/dev/null 2>&1 || true

printf "${CYAN}Installing Shcheck\n${NORMAL}"
git clone https://github.com/santoru/shcheck
if [ ! -d shcheck ]; then
git clone https://github.com/santoru/shcheck
fi

printf "${BOLD}${YELLOW}Installation completed successfully!\n${NORMAL}"
printf "${BOLD}${YELLOW}Installation completed successfully!\n${NORMAL}"
Empty file added subdomains/alive.csv
Empty file.
1 change: 1 addition & 0 deletions subdomains/alive.json
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"domains": []}
Empty file added subdomains/alive.txt
Empty file.
Empty file added subdomains/alive_subdomains.txt
Empty file.
Empty file added subdomains/subdomains.csv
Empty file.
1 change: 1 addition & 0 deletions subdomains/subdomains.json
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"domains": []}
Empty file added subdomains/subdomains.txt
Empty file.
13 changes: 13 additions & 0 deletions targets/hackycorp.com/footprinting/asn.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@

____ ____ _ _ _ ____ ____ _ _ _ _ ___
|__| [__ |\ | | | | | | |_/ | | |__]
| | ___] | \| |___ |__| |__| | \_ |__| |

Author: Yassine Aboukir (@yassineaboukir)

[*] Downloading ASN database ...


Done!

[*] Timed out while trying to connect to the database server, please run the tool again.
1 change: 1 addition & 0 deletions targets/hackycorp.com/footprinting/cloud.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
[!] Please pip install requirements.txt.
Empty file.
Empty file.
Empty file.
7 changes: 7 additions & 0 deletions targets/hackycorp.com/footprinting/nslookup.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: hackycorp.com
Address: 51.158.147.132

35 changes: 35 additions & 0 deletions targets/hackycorp.com/footprinting/ssl.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
+---------------------+
| Analyzing 1 host(s) |
+---------------------+
[✓] hackycorp.com
------------------
Issued domain: hackycorp.com
Issued to: N/A
Issued by: Let's Encrypt (US)
Server IP: 51.158.147.132
Valid from: 2026-07-04
Valid to: 2026-10-02 (80 days left)
Validity days: 89
TLS Version: TLSv1.2
Cipher: ECDHE-RSA-CHACHA20-POLY1305
Chain length: 3
Certificate trusted: True
Hostname matches: True
Certificate valid: True
Certificate S/N: 491835649558861378523953798870119837188470
Certificate SHA1 FP: e58eecb91f5c0daceb87ba49800da80b28efcff4
Certificate SHA256 FP: 21f272fc8a1af35e8ba33384b9d3c8c064625df27010f98cb1d6f1392fb2c9b7
Certificate version: 2
Certificate algorithm: sha256WithRSAEncryption
Public key: RSA 2048 bits
Signature hash: sha256
Expired: False
Certificate SANs:
\_ 66177e3f25e3ea0713807b1dc5f0b9df.hackycorp.com
\_ hackycorp.com
\_ www.hackycorp.com


+----------------------------------------------------------------------------------------------------------+
| Successful: 1 | Failed: 0 | Valid: 1 | Warning: 0 | Expired: 0 | Untrusted: 0 | Duration: 0:00:00.633416 |
+----------------------------------------------------------------------------------------------------------+
Empty file.
Empty file.
2 changes: 2 additions & 0 deletions targets/hackycorp.com/footprinting/whatweb.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
http://hackycorp.com [200 OK] Bootstrap, Country[UNITED KINGDOM][GB], HTML5, HTTPServer[nginx], IP[51.158.147.132], JQuery, Script, Title[HackyCorp], UncommonHeaders[pentesterlab_recon_09], X-UA-Compatible[IE=edge], nginx
https://hackycorp.com [200 OK] Bootstrap, Country[UNITED KINGDOM][GB], HTML5, HTTPServer[nginx], IP[51.158.147.132], JQuery, Script, Title[HackyCorp], UncommonHeaders[pentesterlab_recon_09], X-UA-Compatible[IE=edge], nginx
85 changes: 85 additions & 0 deletions targets/hackycorp.com/footprinting/whois.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
Domain Name: HACKYCORP.COM
Registry Domain ID: 2506038815_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2026-03-04T00:19:15Z
Creation Date: 2020-03-22T07:53:04Z
Registry Expiry Date: 2028-03-22T07:53:04Z
Registrar: Gandi SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NS-104-A.GANDI.NET
Name Server: NS-123-C.GANDI.NET
Name Server: NS-219-B.GANDI.NET
DNSSEC: unsigned
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: hackycorp.com
Registry Domain ID: 2506038815_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.gandi.net
Registrar URL: http://www.gandi.net
Updated Date: 2026-03-04T00:19:15Z
Creation Date: 2020-03-22T06:53:04Z
Registrar Registration Expiration Date: 2028-03-22T07:53:04Z
Registrar: GANDI SAS
Registrar IANA ID: 81
Registrar Abuse Contact Email: abuse@support.gandi.net
Registrar Abuse Contact Phone: +33.170377661
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status:
Domain Status:
Domain Status:
Domain Status:
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: PentesterLab
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province:
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: AU
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext:
Registrant Email: b4f64d25d6de936b53f6f967cdeb3c6b-18257455@contact.gandi.net
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext:
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext:
Admin Email: b4f64d25d6de936b53f6f967cdeb3c6b-18257455@contact.gandi.net
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext:
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext:
Tech Email: b4f64d25d6de936b53f6f967cdeb3c6b-18257455@contact.gandi.net
Name Server: NS-104-A.GANDI.NET
Name Server: NS-219-B.GANDI.NET
Name Server: NS-123-C.GANDI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC: Unsigned
A dispute over the ownership of a domain name may be subject to the alternate procedure established by the Registry in question or brought before the courts.