Skip to content

Recon toolkit via Exegol my-resources (scripts + aliases + preloaded history)#3

Merged
Dxsk merged 6 commits into
mainfrom
feat/recon-toolkit
Jun 10, 2026
Merged

Recon toolkit via Exegol my-resources (scripts + aliases + preloaded history)#3
Dxsk merged 6 commits into
mainfrom
feat/recon-toolkit

Conversation

@Dxsk

@Dxsk Dxsk commented Jun 10, 2026

Copy link
Copy Markdown
Owner

Summary

A recon script/alias library that lives in Exegol via the standard my-resources mechanism, deployed idempotently by dotsec, driven by the engagement's env vars. dotsec only deploys the bundle — execution happens entirely inside Exegol.

  • exegol/my-resources/ restructured to the standard Exegol layout (bin/, fragments/), replacing the old non-standard /opt/resources/dotenv-sec/setup.sh.
  • deploy.sh merges the bundle into ~/.exegol/my-resources/ with idempotent delimited blocks (# >>> dotsec >>># <<< dotsec <<<) — never clobbers the user's own aliases/history/setup.
  • bin/ scripts (env-driven, $DOMAIN/$WORKSPACE, fail-fast guard):
    • recon-subsrecon-aliverecon-crawl (urls/js/params) → recon-loot (pull juicy files: json/js/zip/tar/bak/rar/sql/config… from the crawled link list) → recon-sourcemaps (detect .js.map, reconstruct source) ; recon-full chains them.
    • dl <target> loads an engagement env into a fresh Exegol shell.
  • aliases + preloaded zsh history (the screenshot's recon/listing/testing one-liners, recallable via Ctrl-R).
  • load_user_setup.sh fragment installs only what Exegol lacks (uv/pnpm, unwebpack-sourcemap) — ProjectDiscovery tools untouched.
  • Makefile exegol-setup now calls deploy.sh; lib/exegol.sh setup + docs point at the standard /opt/my-resources/ paths.

Test Plan

  • make lint — shellcheck clean (incl. deploy.sh + all bin scripts)
  • make test — 50/50 bats (deploy idempotence + user-content preservation, dl, recon guards)
  • deploy.sh dry-run into a temp dir: 7 scripts deployed + executable, 3 delimited blocks merged, re-run leaves a single block
  • Manual Exegol smoke: in a loaded engagement window, recon-full runs the pipeline and fills $WORKSPACE/recon/ (subdomains, alive, allurls, js, loot/, src/) — requires Exegol + ProjectDiscovery tools

Real pipelines aren't CI-testable (tools + network + Exegol); only the merge logic and guards are.

@Dxsk Dxsk self-assigned this Jun 10, 2026
@Dxsk Dxsk merged commit bbdd286 into main Jun 10, 2026
4 checks passed
@Dxsk Dxsk deleted the feat/recon-toolkit branch June 10, 2026 02:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant