Usage: ~$ bash scanner.sh example.com
Running in background in VPS using nohup
Usage: ~$ nohup bash scanner.sh example.com &> example.out&
Subdomain Enumeration
Scan All Alive Hosts with Httprobe
- Getting All IP from the subdomains collected with DNSProbe
Separating Cloudflare, Incapsula, Sucuri, and Akamai IPs from collected IPs
It's useless to scan Cloudflare, Incapsula, Sucuri, and Akamai IPs. (Just like talking to a wall)
FYI, Install grepcidr first
apt-get install grepcidr
- S3 Bucket scanner with s3scanner
Subdomain TakeOver
Collecting Endpoints thru Linkfinder
Collecting Endpoints and Secrets in Github
make sure to create
.tokensfile (containing your github token) together withgithub-endpoints.pyandgithub-secrets.py(probably in ~/tools folder).
Port Scanning
- NMAP
- Naabu
Webanalyze for Fingerprinting assets
Default Credential Scanning
Disable for now until further updates in this tool.
File/Dir Discovery
Potential XSS
Virtual Hosts Scan
- 401 Basic Authorization Bruteforce with FFUF
Some subdomains has 401 authentication basic, so we need to bruteforce it with base64 credentials :)
Added X-Forwarded-For Header (you should setup your own dns server) to check for IP Spoofing Attack.
Feel free to modify it on your own if you don't feel about on how it works :)
For the installation of all the tools above. I linked all the github links, just make sure that its in the right directory PATH and your good to go. feel free to modify and feel free not to use it if you don't like it :)
ALL CREDIT GOES TO AMAZING CREATORS OF THIS WONDERFUL TOOLS :)
cannot make to mention y'all co'z i'm too lazy to do that though :D (i'm being honest here)
You can help me (slash) support me in this project by registering an account here (with my referral code of course) .
Big thanks to @sumgr0 :)
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent