Skip to content

Commit 683e34e

Browse files
kh4sh3ikh4sh3i
committed
add more switch
1 parent 41992fc commit 683e34e

File tree

2 files changed

+37
-17
lines changed

2 files changed

+37
-17
lines changed

README.md

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,10 @@ sudo ./smartrecon.sh -d domain.com <option>
99
option:
1010
-a | --alt : Additionally permutate subdomains
1111
-b | --brute : Basic directory bruteforce
12-
-f | --fuzz : SSRF/XSS/nuclei fuzzing
12+
-f | --fuzz : SSRF/XSS/Nuclei fuzzing
13+
-s | --ssrf : SSRF fuzzing
14+
-x | --xss : XSS fuzzing
15+
-n | --nuclei: Nuclei fuzzing
1316
1417
```
1518

smartrecon.sh

Lines changed: 33 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,10 @@ usage() {
2121
option:
2222
-a | --alt : Additionally permutate subdomains
2323
-b | --brute : Basic directory bruteforce
24-
-f | --fuzz : SSRF/LFI/SQLi fuzzing " 1>&2; exit 1;
24+
-f | --fuzz : SSRF/XSS/Nuclei fuzzing
25+
-s | --ssrf : SSRF fuzzing
26+
-x | --xss : XSS fuzzing
27+
-n | --nuclei: Nuclei fuzzing " 1>&2; exit 1;
2528
}
2629

2730

@@ -42,7 +45,10 @@ checkargs(){
4245
case $1 in
4346
-a | --alt ) alt="1";;
4447
-b | --brute ) brute="1";;
45-
-f | --fuzz ) fuzz="1";;
48+
-f | --fuzz ) ssrf="1" xss="1" nuclei="1" ;;
49+
-s | --ssrf ) ssrf="1";;
50+
-x | --xss ) xss="1";;
51+
-n | --nuclei) nuclei="1";;
4652
esac
4753
shift
4854
done
@@ -190,11 +196,13 @@ directory_bruteforce(){
190196
}
191197

192198

193-
vulnscanner(){
199+
NucleiScanner(){
194200
echo -e "${green}Starting vuln scanner with nuclei...${reset}"
195201
cat ./$domain/$foldername/urllist.txt | nuclei -tags exposure,unauth,cache -o ./$domain/$foldername/nuclei.txt -silent; notify -bulk -data ./$domain/$foldername/nuclei.txt -silent
202+
}
196203

197204

205+
SSRF_Scanner(){
198206
echo -e "${green}Starting up listen server...${reset}"
199207
interactsh-client -v &> ./$domain/$foldername/listen_server.txt & SERVER_PID=$!
200208
sleep 5 # to properly start listen server
@@ -209,29 +217,32 @@ vulnscanner(){
209217

210218
# kill listen server
211219
kill_listen_server
220+
}
212221

213222

223+
XSS_Scanner(){
214224
echo -e "${green}find Xss vulnerability ...${reset}"
215225
python3 $paramspider -d $domain -s TRUE -e jpg,jpeg,gif,css,js,tif,tiff,png,ttf,woff,woff2,ico,pdf,svg,txt,eot -q -o ./$domain/$foldername/xss_result.txt
216226
cat ./$domain/$foldername/xss_result.txt | qsreplace -a | httpx -silent -threads 500 -mc 200 | dalfox pipe -S | tee ./$domain/$foldername/xss_raw_result.txt
217227
cat ./$domain/$foldername/xss_raw_result.txt | cut -d ' ' -f2 | tee ./$domain/$foldername/xss_result.txt; notify -bulk -data ./$domain/$foldername/xss_result.txt -silent
228+
}
218229

219-
# echo -e "${green}find sql injection with wayback ...${reset}"
220-
# python3 paramspider.py -d $domain -s TRUE -e woff,ttf,eot,css,js,png,svg,jpg | deduplicate --sort | httpx -silent | sqlmap
230+
# echo -e "${green}find sql injection with wayback ...${reset}"
231+
# python3 paramspider.py -d $domain -s TRUE -e woff,ttf,eot,css,js,png,svg,jpg | deduplicate --sort | httpx -silent | sqlmap
221232

222-
# echo -e "${green}find open redirect vulnerability ...${reset}"
223-
# cat ./$domain/$foldername/waybackurls.txt | gf redirect | qsreplace -a | httpx -silent | while read domain; do python3 oralyzer.py -u $domain; done
233+
# echo -e "${green}find open redirect vulnerability ...${reset}"
234+
# cat ./$domain/$foldername/waybackurls.txt | gf redirect | qsreplace -a | httpx -silent | while read domain; do python3 oralyzer.py -u $domain; done
224235

225-
# echo -e "${green}find CORS vulnerability ...${reset}"
226-
# echo https://google.com | hakrawler -u | httpx -silent | CorsMe
236+
# echo -e "${green}find CORS vulnerability ...${reset}"
237+
# echo https://google.com | hakrawler -u | httpx -silent | CorsMe
227238

228-
# echo -e "${green}find Prototype Pollution vulnerability ...${reset}"
229-
# echo https://google.com | hakrawler -u | httpx -silent | ppmap
239+
# echo -e "${green}find Prototype Pollution vulnerability ...${reset}"
240+
# echo https://google.com | hakrawler -u | httpx -silent | ppmap
241+
242+
# echo -e "${green}find dom xss with parameter pollution vulnerability ...${reset}"
243+
# cat ./$domain/$foldername/waybackurls.txt | httpx -silent | ppmap
230244

231-
# echo -e "${green}find dom xss with parameter pollution vulnerability ...${reset}"
232-
# cat ./$domain/$foldername/waybackurls.txt | httpx -silent | ppmap
233245

234-
}
235246

236247

237248
kill_listen_server(){
@@ -417,8 +428,14 @@ fi
417428
if [[ -n "$brute" ]]; then
418429
directory_bruteforce $domain
419430
fi
420-
if [[ -n "$fuzz" ]]; then
421-
vulnscanner $domain
431+
if [[ -n "$nuclei" ]]; then
432+
NucleiScanner $domain
433+
fi
434+
if [[ -n "$ssrf" ]]; then
435+
SSRF_Scanner $domain
436+
fi
437+
if [[ -n "$xss" ]]; then
438+
XSS_Scanner $domain
422439
fi
423440
master_report $domain
424441
echo "${green}Scan for $domain finished successfully${reset}" | notify -silent

0 commit comments

Comments
 (0)