-
Notifications
You must be signed in to change notification settings - Fork 1
/
autoWebPentest.sh
294 lines (249 loc) · 8.86 KB
/
autoWebPentest.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
#!/bin/bash
#--------------------------------- Utils
greenColour="\e[0;32m\033[1m"
redColour="\e[0;31m\033[1m"
blueColour="\e[0;34m\033[1m"
yellowColour="\e[0;33m\033[1m"
purpleColour="\e[0;35m\033[1m"
turquoiseColour="\e[0;36m\033[1m"
grayColour="\e[0;37m\033[1m"
endColour="\033[0m\e[0m"
function log_error(){
printf "[${redColour}!${endColour}] $@\n"
}
function log_warning(){
printf "[${yellowColour}⚠${endColour}] $@\n"
}
function log_ok(){
printf "[${greenColour}✓${endColour}] $@\n"
}
function log_info(){
printf "[${blueColour}i${endColour}] $@\n"
}
function run_cmd(){
/bin/bash -c "$1" 2>/dev/null
}
function make_dirtool(){
TOOL_NAME=$1
TOOL_PATH="$(pwd)/WebPentest_${TOOL_NAME}"
if [ ! -d "${TOOL_PATH}" ]; then
log_info "Creating dir ${TOOL_PATH}/"
run_cmd "mkdir -p ${TOOL_PATH}"
fi
run_cmd "chown -R 1000:1000 ${TOOL_PATH}/"
}
# -h Help option
function usage(){
log_info "Usage:"
echo -e "autoWebPentest.sh [-u | -L] <URL Single | URLs File> -o <output_name>"
echo -e "\t-u <URL>\t\tFor single URL scan"
echo -e "\t-L <URLs file>\t\tFor muliples URL in file scan"
echo -e "\t-o <output_name>\tFor File name Output dir"
echo -e "\t-h \t\t\tFor Help\n\n"
echo -e "Made with love by:"
log_ok "@Fatake"
}
#-------------------------------------------------------------------------------------
#------------------------------------- Web Scan scripts ------------------------------
#-------------------------------------------------------------------------------------
USERAGENT='"Mozilla/5.0 \(Windows NT 10.0; rv:100.0\) Gecko/20100101 Firefox/100.0"'
function analice_URL(){
local TARGET=$1
local MULTIPLE=$2
if [ "$MULTIPLE" = true ]; then
log_info "Multiple List of URLs mode"
else
log_info "Single URL mode"
fi
echo -e "<------------------------------->\n";
check_alive $TARGET $MULTIPLE
whatweb_analyce $TARGET $MULTIPLE
ffuf_analyce $TARGET $MULTIPLE
nuclei_analyce $TARGET $MULTIPLE
testssl_analyce $TARGET $MULTIPLE
}
function check_alive(){
local TAR_S=$1
local MULTIPLE=$2
echo -e "${greenColour}\n[*] Check Alive${endColour}"
if [ "$MULTIPLE" = true ]; then
for t in $(cat $TAR_S); do
log_info "Testing alive: ${t}"
curl -Is $t
if [ $? -eq 0 ]; then
log_ok "Alive"
get_ip $t
else
log_warning "Not alive"
fi
echo ""
done;
else # Single
log_info "URL ${TAR_S}"
curl -Is $TAR_S
if [ $? -eq 0 ]; then
log_ok "URL is alive"
get_ip TAR_S
else
log_warning "URL is not alive"
fi
fi
}
function get_ip(){
local TAR_S=$1
host_name=$(echo $TAR_S | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')
ip=$(host $host_name | awk '/has address/ {print $4}' | head -n 1)
log_info "IP: $ip"
}
function whatweb_analyce(){
local TAR_S=$1
local MULTIPLE=$2
echo -e "${greenColour}\n[*] Whatweb${endColour}"
if [ "$MULTIPLE" = true ]; then
for t in $(cat $TAR_S); do
local host_name=$(echo $t | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')
local OPFILE="--log-verbose ${TOOL_PATH}/whatweb_${host_name}"
local COMMAND="whatweb --user-agent ${USERAGENT} -v -a 3 ${OPFILE} ${t}"
echo -e "${purpleColour}command${endColour}# ${COMMAND}\n"
echo -e "<------------------------------->\n";
eval $COMMAND
done;
else # Single
local host_name=$(echo $TAR_S | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')
local OPFILE="--log-verbose ${TOOL_PATH}/whatweb_${host_name}"
local COMMAND="whatweb --user-agent ${USERAGENT} -v -a 3 ${OPFILE} ${TAR_S}"
echo -e "${purpleColour}command${endColour}# ${COMMAND}\n"
echo -e "<------------------------------->\n";
eval $COMMAND
fi
}
function ffuf_analyce(){
echo -e "${greenColour}\n[*] FFuF ${endColour}"
#Check for fuzz file
local file_path="/usr/share/wordlists/fuzz.txt"
local fuzz_url="https://raw.githubusercontent.com/Bo0oM/fuzz.txt/master/fuzz.txt"
if [ -f "$file_path" ]; then
log_info "Using fuzz.txt wordlist"
else
log_info "Downloading fuzz.txt"
run_cmd "sudo wget -O ${file_path} ${fuzz_url}"
fi
local TAR_S=$1
local MULTIPLE=$2
echo "Multiples is $MULTIPLE"
if [ "$MULTIPLE" = true ]; then
OPFILE="-o ${TOOL_PATH}/ffuf_multiple.html -of html"
SCOPE="-w ${TAR_S}:URL -u URL/FUZZ"
else # Single
host_name=$(echo $TAR_S | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')
OPFILE="-o ${TOOL_PATH}/ffuf_${host_name}.html -of html"
SCOPE="-u ${TAR_S}/FUZZ"
fi
# Fuzz directory
local WORDLIST="-ac -w /usr/share/wordlists/fuzz.txt:FUZZ"
local EXTENSIONS="-e conf,config,bak,backup,swp,old,db,sql,asp,aspx,aspx~,asp~,py,py~,rb,rb~,php,php~,bak,bkp,cache,cgi,conf,csv,html,inc,jar,js,json,jsp,jsp~,lock,log,rar,old,sql,sql.gz,sql.zip,sql.tar.gz,sql~,swp,swp~,tar,tar.bz2,tar.gz,txt,wadl,zip,.log,.xml,.js.,.json"
local RECURSION="-r -recursion -recursion-depth 2"
local REPLAY_PROXY="-replay-proxy http://127.0.0.1:8080"
local THREADS="-t 10"
local USR="-H 'User-Agent: Mozilla/5.0 \(Windows NT 10.0; rv:100.0\) Gecko/20100101 Firefox/100.0'"
local COMMAND="ffuf ${RECURSION} ${REPLAY_PROXY} ${USR} ${THREADS} ${OPFILE} ${WORDLIST} ${SCOPE}"
echo -e "${purpleColour}command${endColour}$ ${COMMAND}"
echo -e "<------------------------------->\n";
eval $COMMAND
}
function nuclei_analyce(){
echo -e "${greenColour}\n[*] Nuclei ${endColour}"
local TAR_S=$1
local MULTIPLE=$2
if [ "$MULTIPLE" = true ]; then
OPFILE="-markdown-export ${TOOL_PATH}/nuclei_multiple"
SCOPE="-list ${TAR_S}"
else # Single
host_name=$(echo $TAR_S | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')
OPFILE="-markdown-export ${TOOL_PATH}/nuclei_${host_name}"
SCOPE="-target ${TAR_S}"
fi
local USR="-H 'User-Agent: Mozilla/5.0 \(Windows NT 10.0; rv:100.0\) Gecko/20100101 Firefox/100.0'"
local TAGS="-include-tags osint,cve,panel,exposure,misconfig"
local THREADS="-rl 200 -retries 3 -timeout 5 -c 50"
local PROXY="-proxy http://127.0.0.1:8080"
local COMMAND="nuclei -follow-redirects ${USR} ${TAGS} ${OPFILE} ${SCOPE}"
echo -e "${purpleColour}command${endColour}$ ${COMMAND}"
echo -e "<------------------------------->\n";
eval $COMMAND
}
function testssl_analyce(){
echo -e "${greenColour}\n[*] testSSL ${endColour}"
url=$1
MULTIPLE=$2
if [ "$MULTIPLE" = true ]; then
OPFILE="--htmlfile ${TOOL_PATH}/testssl_multiple.html"
SCOPE="--parallel --file ${url}"
else # Single
host_name=$(echo $url | sed -e 's/[^/]*\/\/\([^@]*@\)\?\([^:/]*\).*/\2/')
OPFILE="--htmlfile ${TOOL_PATH}/testssl_${host_name}.html"
SCOPE="${url}"
fi
COMMAND="/opt/testssl/testssl.sh --quiet ${OPFILE} ${SCOPE}"
echo -e "${purpleColour}command${endColour}$ ${COMMAND}"
echo -e "<------------------------------->\n";
eval $COMMAND
}
#-------------------------------------------------------------------------------------
#----------------------------------- Init script ------------------------------------
#-------------------------------------------------------------------------------------
#Check if the script is called with parameters
if [[ ${#} -eq 0 ]]; then
log_error "Please add the necessary arguments"
usage;
exit 1
fi
## Lectura de parámetros
while getopts :hu:L:o: flag ; do
case "${flag}" in
u) url=${OPTARG};;
L) url_list=${OPTARG};;
o) output=${OPTARG};;
h)
usage
exit 0;;
\?)
log_error "Invalid option:\t -${OPTARG}"
usage
exit 1;;
:)
log_error "Option -${OPTARG} requires an argument."
usage
exit 1;;
esac
done
# Check if -u o -L have values
if { [ -n "${url}" ] && [ -n "${url_list}" ]; } || { [ -z "${url}" ] && [ -z "${url_list}" ]; }; then
if [ -n "${url}" ] && [ -n "${url_list}" ]; then
log_error "Only one of -u or -L can be used"
else
log_error "Either -u or -L is required"
fi
usage
exit 1
fi
outDir=""
# Check if -o flag have Values
if [ -z "${output}" ]; then
log_warning "No log value assigned to output folder, default value set to \"webPentest_output\""
outDir="output"
else
outDir="${output}"
fi
# Create WebPentest_output directory
TOOL_PATH=""
make_dirtool "${outDir}"
# Star Scan
if [ -n "$url_list" ]; then
analice_URL $url_list true
elif [ -n "$url" ]; then
analice_URL $url false
else
log_error "No URL found"
fi
run_cmd "chown -R 1000:1000 ${TOOL_PATH}/"