@@ -506,7 +506,7 @@ function metadata() {
506506
507507 exiftool -r .tmp/metagoofil_${domain} /* 2>> " ${LOGFILE} " | tee /dev/null | egrep -i " Author|Creator|Email|Producer|Template" | sort -u | anew -q " osint/metadata_results.txt"
508508
509- end_func " Results are saved in ${domain} /osint/[software/authors/ metadata_results] .txt" " ${FUNCNAME[0]} "
509+ end_func " Results are saved in ${domain} /osint/metadata_results.txt" " ${FUNCNAME[0]} "
510510 else
511511 if [[ ${METADATA} == false ]] || [[ ${OSINT} == false ]]; then
512512 printf " \n%b[%s] %s skipped due to mode or configuration settings.%b\n" " ${yellow} " " $( date +' %Y-%m-%d %H:%M:%S' ) " " ${FUNCNAME[0]} " " ${reset} "
@@ -997,7 +997,7 @@ function sub_passive() {
997997
998998 # Run subfinder and check for errors
999999 subfinder -all -d " $domain " " $SUBFINDER_ENUM_TIMEOUT " 2>> " $LOGFILE " > /dev/null
1000- # merklemap-cli search $domain 2>/dev/null | awk -F' ' '{for(i=1;i<=NF;i++) if($i ~ /^domain=/) {split($i,a,"="); print a[2]}}' | anew -q .tmp/subfinder_psub.txt 2>>"$LOGFILE" >/dev/null
1000+ curl -s https://ip.thc.org/sb/ $domain | grep -v " ;; " | anew -q .tmp/subfinder_psub.txt 2>> " $LOGFILE " > /dev/null
10011001
10021002 # Run github-subdomains if GITHUB_TOKENS is set and file is not empty
10031003 if [[ -s $GITHUB_TOKENS ]]; then
@@ -1324,6 +1324,12 @@ function sub_dns() {
13241324 grep -E ' ^([a-zA-Z0-9][-a-zA-Z0-9]*\.)+[a-zA-Z]{2,}$' | sort -u |
13251325 anew -q .tmp/subdomains_dns.txt
13261326
1327+ for i in $ (); do
1328+ curl -s https://ip.thc.org/$i 2>> " $LOGFILE " | grep " \.$domain $" |
1329+ grep -E ' ^([a-zA-Z0-9][-a-zA-Z0-9]*\.)+[a-zA-Z]{2,}$' | sort -u |
1330+ anew -q .tmp/subdomains_dns.txt
1331+ done
1332+
13271333 jq -r ' select(.host) |"\(.host) - \((.a // [])[])", "\(.host) - \((.aaaa // [])[])"' < " subdomains/subdomains_dnsregs.json" |
13281334 grep -E ' - [0-9a-fA-F:.]+$' | sort -u | anew -q " subdomains/subdomains_ips.txt"
13291335 fi
@@ -2525,17 +2531,6 @@ function s3buckets() {
25252531 fi
25262532 fi
25272533
2528- # Include root domain in the process
2529- if ! printf " %b\n" " $domain " > webs/full_webs.txt; then
2530- printf " %b[!] Failed to create webs/full_webs.txt.%b\n" " $bred " " $reset "
2531- fi
2532-
2533- if [[ -s " webs/webs_all.txt" ; then
2534- if ! cat webs/webs_all.txt >> webs/full_webs.txt; then
2535- printf " %b[!] Failed to append webs_all.txt to full_webs.txt.%b\n" " $bred " " $reset "
2536- fi
2537- fi
2538-
25392534 # Initialize the output file in the subdomains folder
25402535 if ! : > subdomains/cloudhunter_open_buckets.txt; then
25412536 printf " %b[!] Failed to initialize cloudhunter_open_buckets.txt.%b\n" " $bred " " $reset "
@@ -2595,11 +2590,6 @@ function s3buckets() {
25952590 fi
25962591 ) >> " $dir /subdomains/cloudhunter_open_buckets.txt" 2>> " $LOGFILE "
25972592
2598- # Remove the full_webs.txt file after CloudHunter processing
2599- if ! rm webs/full_webs.txt; then
2600- printf " %b[!] Failed to remove webs/full_webs.txt.%b\n" " $bred " " $reset "
2601- fi
2602-
26032593 # Process CloudHunter results
26042594 if [[ -s " subdomains/cloudhunter_open_buckets.txt" ; then
26052595 if ! NUMOFLINES1=$( cat subdomains/cloudhunter_open_buckets.txt 2>> " $LOGFILE " | anew subdomains/cloud_assets.txt | wc -l) ; then
@@ -3122,7 +3112,7 @@ function favicon() {
31223112function portscan() {
31233113
31243114 # Create necessary directories
3125- if ! mkdir -p .tmp subdomains hosts; then
3115+ if ! mkdir -p .tmp subdomains hosts webs ; then
31263116 printf " %b[!] Failed to create directories.%b\n" " $bred " " $reset "
31273117 return 1
31283118 fi
@@ -3677,7 +3667,7 @@ function fuzz() {
36773667 fi
36783668 end_func " Results are saved in $domain /fuzzing/*subdomain*.txt" ${FUNCNAME[0]}
36793669 else
3680- end_func " No $domain /web/ webs.txts file found, fuzzing skipped " ${FUNCNAME[0]}
3670+ end_func " No $domain /webs/webs_all.txt file found, fuzzing skipped " ${FUNCNAME[0]}
36813671 fi
36823672
36833673 else
@@ -4021,7 +4011,7 @@ function url_gf() {
40214011 fi
40224012
40234013 else
4024- end_func " No webs/webs/ url_extract.txt file found, URL_GF check skipped." " ${FUNCNAME[0]} "
4014+ end_func " No webs/url_extract.txt file found, URL_GF check skipped." " ${FUNCNAME[0]} "
40254015 return
40264016 fi
40274017
@@ -4205,8 +4195,9 @@ function jschecks() {
42054195 -c " python3 ${tools} /getjswords.py '_target_' | anew -q webs/dict_words.txt" 2>> " $LOGFILE " > /dev/null
42064196 fi
42074197 end_func " Results are saved in $domain /js folder" " ${FUNCNAME[0]} "
4198+ else
4199+ end_func " No JS files to process" " ${FUNCNAME[0]} "
42084200 fi
4209- end_func " No JS files to process" " ${FUNCNAME[0]} "
42104201 else
42114202 if [[ $JSCHECKS == false ]]; then
42124203 pt_msg_warn " ${FUNCNAME[0]} skipped due to configuration"
@@ -4779,7 +4770,7 @@ function crlf_checks() {
47794770 # Handle cases where CRLF_CHECKS is false, no vulnerable URLs, or already processed
47804771 if [[ $CRLF_CHECKS == false ]]; then
47814772 pt_msg_warn " ${FUNCNAME[0]} skipped due to configuration"
4782- elif [[ ! -s " gf /crlf.txt" ; then
4773+ elif [[ ! -s " vulns /crlf.txt" ; then
47834774 pt_msg_warn " ${FUNCNAME[0]} skipped: no candidate URLs for CRLF"
47844775 else
47854776 pt_msg_warn " ${FUNCNAME[0]} already processed. To force, delete ${called_fn_dir} /.${FUNCNAME[0]} "
@@ -4960,8 +4951,7 @@ function test_ssl() {
49604951 fi
49614952
49624953 # Check if the function should run
4963- if { [[ ! -f " $called_fn_dir /.${FUNCNAME[0]} " || [[ $DIFF == true ]]; } && [[ $TEST_SSL == true ]] &&
4964- ! [[ $domain =~ ^[0-9]+\. [0-9]+\. [0-9]+\. [0-9]+$ ]]; then
4954+ if { [[ ! -f " $called_fn_dir /.${FUNCNAME[0]} " || [[ $DIFF == true ]]; } && [[ $TEST_SSL == true ]]; then
49654955
49664956 start_func " ${FUNCNAME[0]} " " SSL Test"
49674957
@@ -4972,15 +4962,15 @@ function test_ssl() {
49724962
49734963 # Run testssl.sh
49744964 printf " ${yellow} \n[$( date +' %Y-%m-%d %H:%M:%S' ) ${reset} \n\n"
4975- " ${tools} /testssl.sh/testssl.sh" " hosts/ips.txt" 2>> " $LOGFILE " > " vulns/testssl.txt"
4965+ " ${tools} /testssl.sh/testssl.sh" " $dir / hosts/ips.txt" 2>> " $LOGFILE " > " vulns/testssl.txt"
49764966
49774967 end_func " Results are saved in vulns/testssl.txt" " ${FUNCNAME[0]} "
49784968
49794969 else
49804970 # Handle cases where TEST_SSL is false, no vulnerable URLs, or already processed
49814971 if [[ $TEST_SSL == false ]]; then
49824972 pt_msg_warn " ${FUNCNAME[0]} skipped due to configuration"
4983- elif [[ ! -s " gf /testssl.txt" ; then
4973+ elif [[ ! -s " vulns /testssl.txt" ; then
49844974 pt_msg_warn " ${FUNCNAME[0]} skipped: no candidate targets for SSL tests"
49854975 else
49864976 pt_msg_warn " ${FUNCNAME[0]} already processed. To force, delete ${called_fn_dir} /.${FUNCNAME[0]} "
@@ -6434,27 +6424,21 @@ function multi_recon() {
64346424 }
64356425
64366426 notification " ############################# Total data ############################"
6437- NUMOFLINES_users_total=$( find . -type f -name ' users.txt' | anew osint/users.txt | sed ' /^$/d' | wc -l)
64386427 NUMOFLINES_pwndb_total=$( find . -type f -name ' passwords.txt' | anew osint/passwords.txt | sed ' /^$/d' | wc -l)
6439- NUMOFLINES_software_total=$( find . -type f -name ' software.txt' | anew osint/software.txt | sed ' /^$/d' | wc -l)
6440- NUMOFLINES_authors_total=$( find . -type f -name ' authors.txt' | anew osint/authors.txt | sed ' /^$/d' | wc -l)
64416428 NUMOFLINES_subs_total=$( find . -type f -name ' subdomains.txt' | anew subdomains/subdomains.txt | sed ' /^$/d' | wc -l)
64426429 NUMOFLINES_subtko_total=$( find . -type f -name ' takeover.txt' | anew webs/takeover.txt | sed ' /^$/d' | wc -l)
64436430 NUMOFLINES_webs_total=$( find . -type f -name ' webs.txt' | anew webs/webs.txt | sed ' /^$/d' | wc -l)
6444- NUMOFLINES_webs_total =$( find . -type f -name ' webs_uncommon_ports.txt' | anew webs/webs_uncommon_ports.txt | sed ' /^$/d' | wc -l)
6431+ NUMOFLINES_webs_total_uncommon =$( find . -type f -name ' webs_uncommon_ports.txt' | anew webs/webs_uncommon_ports.txt | sed ' /^$/d' | wc -l)
64456432 NUMOFLINES_ips_total=$( find . -type f -name ' ips.txt' | anew hosts/ips.txt | sed ' /^$/d' | wc -l)
64466433 NUMOFLINES_cloudsprov_total=$( find . -type f -name ' cdn_providers.txt' | anew hosts/cdn_providers.txt | sed ' /^$/d' | wc -l)
6447- find . -type f -name ' portscan_active.txt' | tee -a hosts/portscan_active.txt >> " $LOGFILE " 2>&1 > /dev/null
64486434 find . -type f -name ' portscan_active.gnmap' | tee hosts/portscan_active.gnmap 2>> " $LOGFILE " > /dev/null
64496435 find . -type f -name ' portscan_passive.txt' | tee hosts/portscan_passive.txt 2>&1 >> " $LOGFILE " > /dev/null
64506436
6451- notification " - ${NUMOFLINES_users_total} total users found"
64526437 notification " - ${NUMOFLINES_pwndb_total} total creds leaked"
6453- notification " - ${NUMOFLINES_software_total} total software found"
6454- notification " - ${NUMOFLINES_authors_total} total authors found"
64556438 notification " - ${NUMOFLINES_subs_total} total subdomains"
64566439 notification " - ${NUMOFLINES_subtko_total} total probably subdomain takeovers"
64576440 notification " - ${NUMOFLINES_webs_total} total websites"
6441+ notification " - ${NUMOFLINES_webs_total_uncommon} total websites on uncommon ports"
64586442 notification " - ${NUMOFLINES_ips_total} total ips"
64596443 notification " - ${NUMOFLINES_cloudsprov_total} total IPs belongs to cloud"
64606444 s3buckets
0 commit comments