Recon script.Connecting with lots of GitHub Repo.
English | 简体中文 | Kali Linux
- cURL GitHub URL as Input, Read Features before start.
VPS with Debian9.x was tested.
apt update
apt install -y -q git
cd /root
git clone https://github.com/fngoo/sh
bash sh/du_hast.sh
- One-click deployment
- Against unstable SSH process
- Parallel based on CPU
- Web based Input(one.sh : target="curl github_url")
- Customize your Input, Single Domain or SubDomain.
- While true sleep 6s, running if Input changed.
- Auto update tools.
- SubDomain gathering(multi)
- DNS resolve
- Github sensitive info
- Cloud based bucket(s3 bucket/Azure/Google bucket)
- SubDomain Hijacking and Broken Link Hijacking
- HTTP Smuggling
- DNS-server Cache Poison
- Web service screenshot
- Web tech analyzing
- Crawler
- waybackMachine URL(memory error)
- Param discovery
- XSS
- HTML sensitive keyword
- CRLF
- JavaScript sensitive keyword
- JavaScript endpoint gathering
- DirScan and screenshot
- chaitin/XRAY webscan
- Bypass CDN
- Correct PoC about Web or port tech
- Port scanning and tech fingerprint
- Unauthorized detection(ftp, Memcached, mongodb, zookeeper, Redis, elasticsearch)
- Alerting(Slack API)
- Web browser(Python SimpleHTTPServer)
- Exploit DB Web newest PoC monitoring, if match the keyword of Web tech then alert(Slack API)
- Exploit DB newest PoC monitoring, if match the keyword of Port tech then alert(Slack API)
- Extracting valuable info to .txt
- .zip file, unzip to Web Python SimpleHTTPServer
Don't be a dick.
Kuruma(Armored)
I don't believe in License.