Skip to content
/ Automated-Scanner Public
forked from 0xspade/Automated-Scanner

Trying to make automated recon for bug bounties

2 stars 52 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AkshayJainG/Automated-Scanner

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

188 Commits
tools
tools
 
 
Flow.png
Flow.png
 
 
README.md
README.md
 
 
scanner.sh
scanner.sh
 
 

Repository files navigation

Follow on Twitter Follow on Twitter

Automated-Scanner

We will rename the scanner into new one and we will update it that you can scan with a multiple domain in a txt file :D

Stay Tune :D

Usage: ~$ bash scanner.sh example.com

Running in background in VPS using nohup

Usage: ~$ nohup bash scanner.sh example.com &> example.out&

flow

Subdomain Enumeration

Changing Sublist3r to assetfinder

https://github.com/phspade/Project_Sonar_R7

changing altdns to dnsgen. it's faster than altdns

Scan All Alive Hosts with filter-resolved and Httprobe

The reason we implement this, Is filter-resolved has an output which httprobe doesn't have. We filter it using diff and include it to vhost scan's wordlist :)

Separating Cloudflare, Incapsula, Sucuri, and Akamai IPs from collected IPs

It's useless to scan Cloudflare, Incapsula, Sucuri, and Akamai IPs. (Just like talking to a wall)

FYI, Install grepcidr first apt-get install grepcidr

Subdomain TakeOver

Collecting Endpoints thru Linkfinder

Collecting Endpoints thru Github

make sure to create .tokens file (containing your github token) together with github-endpoints.py (probably in ~/tools folder).

HTTP Request Smuggler

Massdns

Shodan

Aquatone

Port Scanning

Webanalyze for Fingerprinting assets

Default Credential Scanning

Disable for now until further updates in this tool.

File/Dir Discovery

otxurls and waybackurls combine with Tomnomnom's get-title tool

Virtual Hosts Scan

  • 401 Basic Authorization Bruteforce with FFUF

Some subdomains has 401 authentication basic, so we need to bruteforce it with base64 credentials :)

Added X-Forwarded-For Header (you should setup your own dns server) to check for IP Spoofing Attack.

I hope that someone could help me to add more useful automated scanning technique :)

Installation

For the installation of all the tools above. I linked all the github links, just make sure that its in the right directory PATH and your good to go. feel free to modify and feel free not to use it if you don't like it :)

Future Tools to be added

  • Install Script

Thanks to @sumgr0

  • Another Vhost Scanner

Thinking about gobuster or codingo's VHost Scan

  • HTML Report

Just wait a little longer :D

ALL CREDIT GOES TO AMAZING CREATORS OF THIS WONDERFUL TOOLS :)

cannot make to mention y'all co'z i'm too lazy to do that though :D (i'm being honest here)

Need a Digitalocean?

You can help me (slash) support me in this project by registering an account here (with my referral code of course) .

Contributor

Big thanks to @sumgr0 :)

About

Trying to make automated recon for bug bounties

Resources

Readme
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%