simrotion13 · July 23, 2022 06:36
diff --git a/mass-recon.sh b/mass-recon.sh
 #!/bin/bash
 filename=$1
 resolversFile=$2
 resultDir=~/recon/output
 nucleiTmpDir=~/nuclei-templates
 Header='User-Agent: Mozllla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKlt/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safarl/537.36'

 nuclei -ut

 for line in $(cat $1); do

        echo "Scan started for $line domain" | notify --silent

        mkdir -p $resultDir/$line

        amass enum -passive -d $line -rf $resolversFile -o $resultDir/$line/subdomains.txt

        python3 ~/tools/Sublist3r/sublist3r.py -d $line | anew -q $resultDir/$line/subdomains.txt

        assetfinder --subs-only $line | anew -q $resultDir/$line/subdomains.txt

        subfinder -d $line -rL $resolversFile | anew -q $resultDir/$line/subdomains.txt

        findomain -t $line --resolvers $resolversFile | anew -q $resultDir/$line/subdomains.txt

        cat $resultDir/$line/subdomains.txt | sort -u | filter-resolved | anew -q $resultDir/$line/subdomains-live.txt

        cat $resultDir/$line/subdomains-live.txt | httpx -silent | anew -q $resultDir/$line/subdomains-live-httpx.txt
        
        echo "Live subdomains saved at $resultDir/$line/subdomains-live.txt" | notify    
        
        echo "Scan for CVES started." | notify      
        nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/cves/ -H "$Header" -o $resultDir/$line/cves.txt | notify  
        echo "Scan for CVES completed." | notify

        echo "Scan for default-logins started." | notify
        nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/default-logins/ -H "$Header" -o $resultDir/$line/default-logins.txt | notify
        echo "Scan for default-logins completed." | notify

        echo "Scan for exposures started." | notify
        nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/exposures/ -H "$Header" -o $resultDir/$line/exposures.txt | notify
        echo "Scan for exposures completed." | notify

        echo "Scan for misconfigurations started." | notify
        nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/misconfiguration/ -H "$Header" -o $resultDir/$line/misconfiguration.txt | notify
        echo "Scan for misconfigurations completed." | notify

        echo "Scan for takeovers started." | notify
        nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/takeovers/ -H "$Header" -o $resultDir/$line/takeovers.txt | notify
        echo "Scan for takeovers completed." | notify

        echo "Scan for vulnerabilities started." | notify
        nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/vulnerabilities/ -H "$Header" -o $resultDir/$line/vulnerabilities.txt | notify
        echo "Scan for vulnerabilities completed." | notify

        echo "Scan finished for $line domain" | notify --silent
 done
	#!/bin/bash
	filename=$1
	resolversFile=$2
	resultDir=~/recon/output
	nucleiTmpDir=~/nuclei-templates
	Header='User-Agent: Mozllla/5.0 (Macintosh; Intel Mac OS X 10_13_0) AppleWebKlt/537.36 (KHTML, like Gecko) Chrome/65.0.3325.162 Safarl/537.36'

	nuclei -ut

	for line in $(cat $1); do

	echo "Scan started for $line domain" \| notify --silent

	mkdir -p $resultDir/$line

	amass enum -passive -d $line -rf $resolversFile -o $resultDir/$line/subdomains.txt

	python3 ~/tools/Sublist3r/sublist3r.py -d $line \| anew -q $resultDir/$line/subdomains.txt

	assetfinder --subs-only $line \| anew -q $resultDir/$line/subdomains.txt

	subfinder -d $line -rL $resolversFile \| anew -q $resultDir/$line/subdomains.txt

	findomain -t $line --resolvers $resolversFile \| anew -q $resultDir/$line/subdomains.txt

	cat $resultDir/$line/subdomains.txt \| sort -u \| filter-resolved \| anew -q $resultDir/$line/subdomains-live.txt

	cat $resultDir/$line/subdomains-live.txt \| httpx -silent \| anew -q $resultDir/$line/subdomains-live-httpx.txt

	echo "Live subdomains saved at $resultDir/$line/subdomains-live.txt" \| notify

	echo "Scan for CVES started." \| notify
	nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/cves/ -H "$Header" -o $resultDir/$line/cves.txt \| notify
	echo "Scan for CVES completed." \| notify

	echo "Scan for default-logins started." \| notify
	nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/default-logins/ -H "$Header" -o $resultDir/$line/default-logins.txt \| notify
	echo "Scan for default-logins completed." \| notify

	echo "Scan for exposures started." \| notify
	nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/exposures/ -H "$Header" -o $resultDir/$line/exposures.txt \| notify
	echo "Scan for exposures completed." \| notify

	echo "Scan for misconfigurations started." \| notify
	nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/misconfiguration/ -H "$Header" -o $resultDir/$line/misconfiguration.txt \| notify
	echo "Scan for misconfigurations completed." \| notify

	echo "Scan for takeovers started." \| notify
	nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/takeovers/ -H "$Header" -o $resultDir/$line/takeovers.txt \| notify
	echo "Scan for takeovers completed." \| notify

	echo "Scan for vulnerabilities started." \| notify
	nuclei -l $resultDir/$line/subdomains-live-httpx.txt -t $nucleiTmpDir/vulnerabilities/ -H "$Header" -o $resultDir/$line/vulnerabilities.txt \| notify
	echo "Scan for vulnerabilities completed." \| notify

	echo "Scan finished for $line domain" \| notify --silent
	done