🛠️ Reconnaissance and Vulnerability Scanning Script🛡️

In the fast-paced world of cybersecurity, staying ahead of potential threats requires thorough reconnaissance and vulnerability assessments. This blog post introduces you to a powerful bash script designed to automate these crucial tasks. Whether you’re a security professional or a cybersecurity enthusiast, this script provides a comprehensive approach to uncovering vulnerabilities and mapping out your target domain.

Tools Used:
  • dnsenum: Collects DNS records and performs DNS queries.
  • dnsrecon: Provides detailed DNS reconnaissance including zone transfers.

Expected Output: Detailed DNS records and zone transfer attempts, highlighting hidden aspects of the domain’s DNS configuration.

IP Resolution and Reverse Lookup 🌐

Purpose: Resolve subdomains to IP addresses and perform reverse DNS lookups to identify associated infrastructure.

Tools Used:

  • dnsx: Resolves subdomains to IP addresses.
  • host: Performs reverse DNS lookups.

Expected Output: A list of resolved IP addresses and associated domain names.

Port Scanning 🕵️‍♂️

Purpose: Identify open ports and services to understand potential attack vectors.

Tools Used:

  • nmap: Versatile network discovery and security auditing.
  • masscan: High-speed port scanner.
  • rustscan: Modern port scanner with Nmap integration.

Expected Output: Scan results detailing open ports and services.

Web Probing and WAF Detection 🌐

Purpose: Check for live web applications and detect protective mechanisms like Web Application Firewalls (WAFs).

Tools Used:

  • httpx: Probes for live web servers.
  • wafw00f: Identifies WAFs.

Expected Output: A list of live subdomains and WAF detection results.

Screenshots and Content Discovery 📸

Purpose: Capture screenshots and discover web content to gain visual and contextual insights.

Tools Used:

  • gowitness: Captures web page screenshots.
  • ffuf: Fuzzing tool for hidden directories and files.
  • dirsearch: Brute-forces directories and files.

Expected Output: Screenshots of web pages and lists of discovered directories and files.

Vulnerability Scanning 🔎

Purpose: Identify known vulnerabilities in web applications and services.

Tools Used:

  • nuclei: Customizable vulnerability detection.
  • nikto: Web server vulnerability scanner.
  • sqlmap: SQL injection testing.
  • xsser: XSS vulnerability scanning.
  • subjack: Subdomain takeover checks.

Expected Output: Detailed vulnerability scan results, highlighting potential security issues.

Additional Checks 🔍

Purpose: Cover a wide range of potential issues beyond core vulnerabilities.

Tools Used:

  • s3scanner: Detects exposed Amazon S3 buckets.
  • getJS: Extracts and analyzes JavaScript files.
  • sslyze and testssl.sh: Assess SSL/TLS configurations.
  • corscanner: Checks for CORS misconfigurations.
  • smuggler: Tests for HTTP request smuggling vulnerabilities.
  • cacheblaster: Scans for web cache poisoning vulnerabilities.
  • csti-scanner: Detects client-side template injection (CSTI).
  • xmlrpcscan: Scans for XML external entity (XXE) injection.
  • crlfuzz: Checks for CRLF injection vulnerabilities.
  • wscat: Analyzes WebSocket security.
  • graphql-cop: Checks for GraphQL Vulnerabilities.

Expected Output: Comprehensive results covering additional vulnerabilities and security issues.

Certificate Transparency Logs and Wayback Machine Crawling 📜

Purpose: Retrieve historical data and past issues from certificate transparency logs and the Wayback Machine.

Tools Used:

  • crt.sh: Certificate transparency logs.
  • waybackurls: Historical URLs from the Wayback Machine.

Expected Output: Certificate transparency logs and historical URLs.

This Post Has One Comment

  1. Lord

    Thank you
    God bless you

Leave a Reply