-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathhussh.sh
155 lines (138 loc) · 7.6 KB
/
hussh.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
#!/bin/bash
logo(){
echo "$(tput setaf 2)
_ _ _ _ _
| | | | _ _ ___ ___ | | | | | |
| |_| | | | | | / __| / __| | |_| | | |
| _ | | |_| | \__ \ \__ \ | _ | |_|
|_| |_| \__,_| |___/ |___/ |_| |_| (_)
$(tput sgr 0)"
}
domenum(){
subfinder -d $1 -o ./$1/$foldername/findf.txt> /dev/null #use subfinder for domain enum
clear
logo
sublist3r -d $1 -o ./$1/$foldername/listf.txt> /dev/null #use sublist3r for domain enum > here is append
clear
logo
cat ./$1/$foldername/findf.txt ./$1/$foldername/listf.txt > ./$1/$foldername/combined.txt #combine all domains
./trace ./$1/$foldername/combined.txt >> ./$1/$foldername/filtered.txt #remove duplicate to save resources
}
activedom(){
cat ./$1/$foldername/filtered.txt |./httprobe |tee -a ./$1/$foldername/httpf.txt #check which domains are with port 80 or 443 open
cat ./$1/$foldername/httpf.txt |grep "https" |tee -a ./$1/$foldername/httpxf.txt
sort ./$1/$foldername/httpxf.txt > ./$1/$foldername/httprobe.txt
./go ./$1/$foldername/httprobe.txt| tee -a ./$1/$foldername/statf.txt #used to detect status code
cat ./$1/$foldername/statf.txt|grep "200" |awk '{print $4}'| tee -a ./$1/$foldername/usefull.txt #list all url with "200" to usefull.txt
cat ./$1/$foldername/statf.txt|grep "302" |awk '{print $4}'| tee -a ./$1/$foldername/usefull.txt #list all url with "302" to usefull.txt
}
waybackmachine(){
cat ./$1/$foldername/usefull.txt|./waybackurls >>./$1/$foldername/wb.txt
cat ./$1/$foldername/wb.txt |./inturl >>./$1/$foldername/wbinterest.txt
}
spider(){
gospider -o ./$1/$foldername/gspoutput -S ./$1/$foldername/usefull.txt #spider all domains.
cd ./$1/$foldername/gspoutput
cat * >> all.txt
cat all.txt |grep "url" |awk '{print $5}' | grep -P '[(?:https:\/\/|www\.|https:\/\/)]([^\/]+)' >> urls.txt
cat all.txt |grep "robots" |awk '{print $3}' | grep -P '[(?:https:\/\/|www\.|https:\/\/)]([^\/]+)' >> robots.txt
cat all.txt |grep "javascript" |awk '{print $3}' | grep -P '[(?:https:\/\/|www\.|https:\/\/)]([^\/]+)' >> javas.txt
cat all.txt |grep "subdomains" |awk '{print $3}' | grep -P '[^(?:https:\/\/|www\.|https:\/\/)]([^\/]+)' >> subd.txt
cat all.txt |grep "form" |awk '{print $3}' | grep -P '[(?:https:\/\/|www\.|https:\/\/)]([^\/]+)' >> forms.txt
cat urls.txt robots.txt javas.txt subd.txt forms.txt >>vulnd.txt
#rm all.txt
cd ../../..
}
interesting(){
pwd
cat ./$1/$foldername/usefull.txt ./$1/$foldername/gspoutput/vulnd.txt >>./$1/$foldername/vulna.txt
./trace ./$1/$foldername/vulna.txt >> ./$1/$foldername/vulns.txt
cat ./$1/$foldername/vulns.txt |./inturl >>./$1/$foldername/interes.txt
}
vuln(){
cat ./$1/$foldername/vulns.txt| ./cors |tee -a ./$1/$foldername/cors.txt # check for cors
}
html(){
touch ./$1/$foldername/$1.html
echo "<title> HussH! </title>" >> ./$1/$foldername/$1.html
echo "<html>" >> ./$1/$foldername/$1.html
echo "<head>" >> ./$1/$foldername/$1.html
echo "<link rel=\"stylesheet\" href=\"https://fonts.googleapis.com/css?family=Mina\" rel=\"stylesheet\">" >> ./$1/$foldername/$1.html
echo "</head>" >> ./$1/$foldername/$1.html
echo "<body><meta charset=\"utf-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <link rel=\"stylesheet\" href=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css\"> <script src=\"https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js\"></script> <script src=\"https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js\"></script></body>" >> ./$1/$foldername/$1.html
echo "<div class=\"jumbotron text-center\"><h1> Recon Report for <a/href=\"http://$1\">$1</a></h1>" >> ./$1/$foldername/$1.html
echo ""
echo " <div clsas=\"row\">" >> ./$1/$foldername/$1.html
echo " <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<style> p { border: no border; margin: 10px; } </style>" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> see subdomains enumeration reports <a href="./filtered.txt ">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> see active website here <a href="./httprobe.txt">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> all usefull domains <a href="./usefull.txt">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> all domains with cors vulnerability <a href="./cors.txt">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> all interesting wayback domains<a href="./wbinterest.txt">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> postspider data <a href="./gspoutput/">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> all robots file <a href="./gspoutput/robots.txt">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> URL files <a href="./gspoutput/urls.txt">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> all javascript file <a href="./gspoutput/javas.txt">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> all form files <a href="./gspoutput/forms.txt">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> all subdomains internally listed files <a href="./gspoutput/subd.txt">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
echo " <p> <div class=\"col-sm-6\">" >> ./$1/$foldername/$1.html
echo "<div style=\"font-family: 'Mina', serif;\"><h2> all interesting domans/subdomains <a href="./interes.txt">Here</a></h2></div>" >> ./$1/$foldername/$1.html
echo " </div> </p>" >> ./$1/$foldername/$1.html
}
main(){
clear
logo
if [ -d "./$1" ]
then
echo "This is a known target."
else
mkdir ./$1
fi
mkdir ./$1/$foldername/
domenum $1
clear
logo
activedom $1
clear
logo
waybackmachine $1
spider $1
clear
logo
vuln $1
clear
logo
interesting $1
#clear
#logo
html $1
}
logo
if [ ! "$1" ]; then
echo "enter domain"
echo "Usage $ ./hussh <google.com>"
fi
foldername=hussh-$(date +"%Y-%m-%d")
main $1