Recon script for VPS.Connecting with lots of GitHub Repo.
English | 简体中文 | Kali Linux
Edit sh/one.sh Input ---> bash sh/du_hast.sh
- cURL GitHub URL as Input, replace input target(sh/one.sh) to yours.Or just run with given target.
VPS with Debian9.x was tested.
apt update
apt install -y -q git
cd /root
git clone https://github.com/fngoo/sh
bash sh/du_hast.sh
- One-click deployment
- Against unstable SSH process
- Parallel based on CPU
- Web based Input(one.sh : target="curl github_url")
- Customize your Input, Single Domain or SubDomain.
- While true sleep 6s, running if Input changed.
- Auto update tools.
- SubDomain gathering(multi)
- DNS resolve(remove wildcard records)
- Github sensitive info
- Cloud based bucket(s3 bucket/Azure/Google bucket)
- SubDomain Hijacking and Broken Link Hijacking
- HTTP Smuggling
- DNS-server Cache Poison
- Web service screenshot
- Web tech analyzing
- Crawler
- waybackMachine URL
- Param discovery
- XSS
- HTML sensitive keyword
- CRLF
- JavaScript sensitive keyword
- JavaScript endpoint gathering
- DirScan and screenshot
- chaitin/XRAY webscan
- Bypass CDN
- Correct PoC about Web or port tech
- Port scanning and tech fingerprint
- Unauthorized detection(ftp, Memcached, mongodb, zookeeper, Redis, elasticsearch)
- Alerting(Slack API)
- Web browser(Python SimpleHTTPServer)
- Exploit DB Web newest PoC monitoring, if match the keyword of Web tech then alert(Slack API)
- Exploit DB newest PoC monitoring, if match the keyword of Port tech then alert(Slack API)
- Extracting valuable info to .txt
- .zip file, unzip to Web Python SimpleHTTPServer
Don't be a dick.
Kuruma(Armored)
part_1="https://hooks.sla" ; part_2="ck.com/services/TM26L9ZEE/BR1F5" ; part_3="JF96/ENPsUGGJr" ; part_4="9LLyTqZ4WitEOLA" ; url=$part_1$part_2$part_3$part_4
curl -X POST -H "Content-type:application/json" --data '{"text":"MESSAGE"}' $url
I don't believe in License.