mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-26 21:00:16 +00:00
139 lines
4.8 KiB
Python
139 lines
4.8 KiB
Python
#!/usr/bin/env python3
|
|
# A script to perform a quick OSINT recon for a given domains
|
|
# This is an example and work in progress
|
|
|
|
import os , sys , time , requests , random
|
|
from googlesearch import search
|
|
from termcolor import colored, cprint
|
|
from http import cookiejar
|
|
from urllib.parse import urlparse
|
|
from plugins import pasting
|
|
|
|
Subdomains = []
|
|
|
|
def SubdomainFilter(URL):
|
|
Parsed = urlparse(URL); Scheme = Parsed.scheme; Host = Parsed.netloc; URL = Scheme + "://" + Host + "/"
|
|
if URL not in Subdomains:
|
|
print(URL); Subdomains.append(URL)
|
|
|
|
if os.path.exists("alpha.txt"):
|
|
print("")
|
|
Qupdate = requests.get('https://raw.githubusercontent.com/The-Art-of-Hacking/h4cker/osint/quick_recon/qrecon_update.txt') #Quantom
|
|
Qupdate.status_code
|
|
if Qupdate.status_code == 200:
|
|
print(colored ('Cheking Update...' ,'white'))
|
|
print(colored(Qupdate.text , 'green'))
|
|
time.sleep(3) #
|
|
elif Qupdate.status_code == 404:
|
|
print(colored ('Cheking Update...' ,'white'))
|
|
print(colored ('Update Available ' ,'red'))
|
|
print(colored ('See https://github.com/The-Art-of-Hacking/h4cker/tree/master/osint' ,'red'))
|
|
print(colored ('Resuming...' ,'red'))
|
|
print("")
|
|
time.sleep(3) #
|
|
|
|
f = open('alpha.txt', 'r')
|
|
alpha = f.read()
|
|
print(colored (alpha,'yellow'))
|
|
|
|
|
|
else:
|
|
print("")
|
|
print(colored ('Please Run the quick_recon Script in the Main Directory' ,'red'))
|
|
print(colored ('First: cd quick_recon ' ,'red'))
|
|
print(colored ('Then : python3 quick_recon.py' ,'red'))
|
|
print(colored ('Exiting...' ,'red'))
|
|
time.sleep(5)
|
|
exit()
|
|
|
|
banner1 = """
|
|
Quick OSINT Recon of a given domain
|
|
̿з=(◕_◕)=ε
|
|
"""
|
|
print (banner1)
|
|
|
|
#--------------------------------------------------------------------------------#
|
|
class BlockAll(cookiejar.CookiePolicy):
|
|
return_ok = set_ok = domain_return_ok = path_return_ok = lambda self, *args, **kwargs: False
|
|
netscape = True
|
|
rfc2965 = hide_cookie2 = False
|
|
TLD = ["com","com.tw","co.in"]
|
|
beta = random.choice(TLD)
|
|
s = requests.Session()
|
|
s.cookies.set_policy(BlockAll())
|
|
|
|
#--------------------------------------------------------------------------------#
|
|
|
|
key = input (colored('[+] Set Target (site.com) : ', 'white' ))#Key
|
|
file = open("quick_recon.config", "w")
|
|
file.write(key)
|
|
file.close()
|
|
#V2
|
|
#V2
|
|
print("")
|
|
print(colored ('[>] Looking For Subdomains...' ,'green'))
|
|
query = "site:" + key + " -www." + key #SubTech1
|
|
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
|
|
SubdomainFilter(URL=gamma)
|
|
query = "site:*." + key #SubTech2
|
|
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
|
|
SubdomainFilter(URL=gamma)
|
|
print("")
|
|
|
|
if os.path.exists(".google-cookie"):
|
|
os.remove(".google-cookie")
|
|
|
|
print(colored ('[>] Looking For Sub-Subdomains...' ,'green'))
|
|
query = "site:*.*." + key
|
|
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
|
|
SubdomainFilter(URL=gamma)
|
|
print("")
|
|
|
|
if os.path.exists(".google-cookie"):
|
|
os.remove(".google-cookie")
|
|
|
|
|
|
print(colored ('[>] Looking For Login/Signup Pages...' ,'green'))
|
|
query = "inurl:login site:" + key #LogTech1
|
|
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
|
|
print("" + gamma)
|
|
query = "site:" + key + " inurl:signup | inurl:register | intitle:Signup" #LogTech2
|
|
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
|
|
print("" + gamma)
|
|
print ("")
|
|
if os.path.exists(".google-cookie"):
|
|
os.remove(".google-cookie")
|
|
|
|
# Sleeping for 60s to Avoid Google Block
|
|
print(colored ('[!] 20s Sleep to avoid Google Block' ,'yellow'))
|
|
time.sleep(21) # ; )
|
|
print(colored ('[!] Switching Google TLDs...' ,'yellow'))
|
|
TLD = ["co.ma","dz","ru","ca"]
|
|
zolo = random.choice(TLD)
|
|
print("")
|
|
#ok
|
|
|
|
print(colored ('[>] Looking For Directory Listing...' ,'green')) #DirListing
|
|
query = "site:" + key + " intitle:index of"
|
|
for gamma in search(query, tld=zolo, num=10 , stop=60 , pause=2):
|
|
print("" + gamma)
|
|
print ("")
|
|
if os.path.exists(".google-cookie"):
|
|
os.remove(".google-cookie")
|
|
|
|
print(colored ('[>] Looking For Public Exposed Documents...' ,'green')) #Docs
|
|
query = "site:" + key + " ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv"
|
|
for gamma in search(query, tld=zolo, num=30 , stop=60 , pause=2):
|
|
print("" + gamma)
|
|
print ("")
|
|
if os.path.exists(".google-cookie"):
|
|
os.remove(".google-cookie")
|
|
|
|
|
|
print(colored ('[>] Looking For WordPress Entries...' ,'green')) #WP
|
|
query = "site:" + key + " inurl:wp- | inurl:wp-content | inurl:plugins | inurl:uploads | inurl:themes | inurl:download"
|
|
for gamma in search(query, tld=zolo, num=30 , stop=60 , pause=2):
|
|
print("" + gamma)
|
|
print ("")
|
|
if os.path.exists(".google-cookie"):
|
|
os.remove(".google-cookie")
|