|
1 | | -# MagicRecon |
2 | | - |
3 | | -# Description |
4 | | -Recon is an essential element of any penetration testing. This repository contain a powerful shell script to maximize the recon and data collection process of an objective. With this script you can easily find: |
| 1 | +# MagicRecon |
| 2 | +MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats. |
| 3 | +The new version of MagicRecon has a large number of new tools to automate as much as possible the process of collecting data from a target and searching for vulnerabilities. It also has a menu where the user can select which option he wants to execute. |
| 4 | +This new version also has the option of "Install dependencies" with which the user can easily install all the tools and dependencies that are needed to run MagicRecon. The script code has been made in a modular way so that any user can modify it to their liking. |
| 5 | +With MagicRecon you can easily find: |
5 | 6 |
|
6 | 7 | * Sensitive information disclosure. |
7 | 8 | * Missing HTTP headers. |
8 | | -* Heartbleed Bug. |
9 | 9 | * Open S3 buckets. |
10 | 10 | * Subdomain takeovers. |
11 | | -* Bugs in TLS/SSL ciphers, protocols and cryptographic flaws. |
| 11 | +* SSL/TLS bugs. |
12 | 12 | * Open ports and services. |
13 | 13 | * Email spoofing. |
14 | 14 | * Endpoints. |
15 | 15 | * Directories. |
| 16 | +* Juicy files. |
16 | 17 | * Javascript files with senstive info. |
17 | 18 | * CORS missconfigurations. |
18 | | -* Other quick bugs. |
19 | | - |
| 19 | +* Cross-site scripting (XSS). |
| 20 | +* Open Redirect. |
| 21 | +* SQL Injection. |
| 22 | +* Server-side request forgery (SSRF). |
| 23 | +* CRLF Injection. |
| 24 | +* Remote Code Execution (RCE). |
| 25 | +* Other bugs. |
20 | 26 |
|
21 | 27 | # Disclaimer :warning: |
22 | 28 | **The author of this document take no responsibility for correctness. This project is merely here to help guide security researchers towards determining whether something is vulnerable or not, but does not guarantee accuracy.** |
23 | 29 | **Warning: This code was originally created for personal use, it generates a substantial amount of traffic, please use with caution.** |
24 | 30 |
|
25 | | -# Tools needed |
26 | | -* [Amass](https://github.com/OWASP/Amass) |
27 | | -* [Certsh.py](https://github.com/ghostlulzhacks/CertificateTransparencyLogs) |
28 | | -* [Gobuster](https://github.com/OJ/gobuster) |
29 | | -* [Assetfinder](https://github.com/tomnomnom/assetfinder) |
30 | | -* [Subjack](https://github.com/haccer/subjack) |
31 | | -* [httprobe](https://github.com/tomnomnom/httprobe) |
| 31 | +# Requirements |
| 32 | +To run the project, you will need to install the following tools: |
| 33 | +* [Subfinder](https://github.com/projectdiscovery/subfinder) |
| 34 | +* [Httpx](https://github.com/projectdiscovery/httpx) |
| 35 | +* [Notify](https://github.com/projectdiscovery/notify) |
| 36 | +* [Nuclei](https://github.com/projectdiscovery/nuclei) |
| 37 | +* [Nuclei-templates](https://github.com/projectdiscovery/nuclei-templates) |
| 38 | +* [SecLists](https://github.com/danielmiessler/SecLists) |
32 | 39 | * [Corsy](https://github.com/s0md3v/Corsy) |
| 40 | +* [Securityheaders](https://github.com/koenbuyens/securityheaders) |
| 41 | +* [Ssl-checker](https://github.com/narbehaj/ssl-checker) |
| 42 | +* [Secretfinder](https://github.com/m4ll0k/SecretFinder) |
| 43 | +* [Wfuzz](https://github.com/xmendez/wfuzz) |
33 | 44 | * [Aquatone](https://github.com/michenriksen/aquatone) |
34 | | -* [securityheaders](https://github.com/koenbuyens/securityheaders) |
35 | | -* [testssl.sh](https://github.com/drwetter/testssl.sh) |
| 45 | +* [Html-tool](https://github.com/tomnomnom/hacks/tree/master/html-tool) |
| 46 | +* [Waybackurls](https://github.com/tomnomnom/waybackurls) |
| 47 | +* [Kxss](https://github.com/Emoe/kxss) |
| 48 | +* [Anew](https://github.com/tomnomnom/anew) |
| 49 | +* [Qsreplace](https://github.com/tomnomnom/qsreplace) |
| 50 | +* [Urlprobe](https://github.com/1ndianl33t/urlprobe) |
| 51 | +* [Anew](https://github.com/tomnomnom/anew) |
| 52 | +* [Gf](https://github.com/tomnomnom/gf) |
| 53 | +* [Gobuster](https://github.com/OJ/gobuster) |
| 54 | +* [Findomain](https://github.com/Findomain/Findomain) |
36 | 55 | * [spoofcheck](https://github.com/BishopFox/spoofcheck) |
37 | | -* [relative-url-extractor](https://github.com/jobertabma/relative-url-extractor) |
38 | 56 | * [linkfiner](https://github.com/GerbenJavado/LinkFinder) |
39 | 57 | * [Nmap](https://nmap.org/) |
40 | | -* [SecLists](https://github.com/danielmiessler/SecLists) |
41 | | - |
42 | | -### IMPORTANT: YOU NEED TO INSTALL ALL THE TOOLS IN YOUR HOME FOLDER. |
43 | | - |
44 | | -# How does it work? |
45 | | -The script has 6 phases: |
46 | 58 |
|
47 | | -1. Subdomain enumeration: Amass, Certsh.py, Gobuster DNS and Assetfinder tools are used to find the maximum possible number of subdomains. httprobe is used to probe for working http and https servers. Then Subjack is used to quickly check if it exists subdomains takeover. Corsy tool is used to find CORS missconfigurations. Finally, Aquatone takes screenshots of each subdomain. |
48 | | - |
49 | | -2. Scan for missing headers and bugs in SSL/TLS protocols: securityheaders is used to check quickly and easily the security of HTTP response headers and testssl.sh is used to check the TLS/SSL ciphers, protocols and cryptographic flaws. |
50 | | - |
51 | | -3. Scan if a domain can be spoofed: spoofcheck is used to check SPF and DMARC records for weak configurations that allow spoofing. |
52 | | - |
53 | | -4. JavaScript files and hidden endpoints: LinkFinder is used to discover endpoints and their parameters in JavaScript files. |
54 | | - |
55 | | -5. Find directories and hidden files: Gobuster DIR is used to collect hidden files and directories through a dictionary. You can change the dictionary in the script configuration. |
56 | | - |
57 | | -6. Nmap: Nmap is used to scan ports and services quiclky. |
58 | 59 |
|
| 60 | +### IMPORTANT: YOU NEED TO INSTALL MAGICRECON IN YOUR HOME FOLDER. |
59 | 61 | ### All the data generated in the different processes are saved in different files and directories in different formats. |
60 | | - |
61 | 62 |
|
62 | 63 | # Usage |
63 | 64 | ``` |
64 | | -./magicRecon.sh [DOMAIN] |
65 | | -
|
66 | | -Parameters: |
67 | | -
|
68 | | --h: Show the help message. |
| 65 | +./magicRecon.sh |
| 66 | +
|
| 67 | +Output: |
| 68 | +
|
| 69 | + __ __ _ ____ |
| 70 | +| \/ | __ _ __ _(_) ___| _ \ ___ ___ ___ _ __ |
| 71 | +| |\/| |/ _` |/ _` | |/ __| |_) / _ \/ __/ _ \| '_ \ |
| 72 | +| | | | (_| | (_| | | (__| _ < __/ (_| (_) | | | | |
| 73 | +|_| |_|\__,_|\__, |_|\___|_| \_\___|\___\___/|_| |_| |
| 74 | + |___/ |
| 75 | +
|
| 76 | +MENU |
| 77 | +1) Install dependencies |
| 78 | +2) Massive vulnerability analysis with notifications via Discord, Telegram or Slack |
| 79 | +3) Subdomain enumeration |
| 80 | +4) Subdomain enumeration and vulnerability scanning with nuclei |
| 81 | +5) Subdomain enumeration with common vulnerabilities scanning |
| 82 | +6) Scan for javascript files |
| 83 | +7) Scan for files and directoires |
| 84 | +8) All in one! (original MagicRecon) |
| 85 | +q) Exit |
| 86 | +Choose a option: |
69 | 87 | ``` |
70 | | -# Thanks |
| 88 | +# Special thanks |
71 | 89 | * Special Thanks to Mohd Shibli for his great contributions in the article [Fasten your Recon process using Shell Scripting](https://medium.com/bugbountywriteup/fasten-your-recon-process-using-shell-scripting-359800905d2a#id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImRiMDJhYjMwZTBiNzViOGVjZDRmODE2YmI5ZTE5NzhmNjI4NDk4OTQiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJuYmYiOjE1NzQxODIxNTUsImF1ZCI6IjIxNjI5NjAzNTgzNC1rMWs2cWUwNjBzMnRwMmEyamFtNGxqZGNtczAwc3R0Zy5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjEwNjQzNTQ3NTE5MTA1NzIzOTYzOSIsImVtYWlsIjoicm9ib3RzaGVsbGRAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF6cCI6IjIxNjI5NjAzNTgzNC1rMWs2cWUwNjBzMnRwMmEyamFtNGxqZGNtczAwc3R0Zy5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsIm5hbWUiOiJSb2JvdCBTaGVsbCIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS0vQUF1RTdtQnhZZklJNndVLXQ5OVNxbzFlaElpc1E4dzY4a2VJbWZrbE4yOD1zOTYtYyIsImdpdmVuX25hbWUiOiJSb2JvdCIsImZhbWlseV9uYW1lIjoiU2hlbGwiLCJpYXQiOjE1NzQxODI0NTUsImV4cCI6MTU3NDE4NjA1NSwianRpIjoiODYzMTNhZTQ3YTQ5NjJiNTdhMTBlZDA0NGJhYWUyMGQwZWM2Y2FlNCJ9.obOev9FLt7DWW2NbSIbFwPoUC-vNFrf5nru--6uL6knW1S6CjjqXAP_D0sedfukNC0DcJnqQDz88Yh48ECppB4wEv0ozgunc9Yx24m5OiNaEKvWr0D2WJsMsV9yN7Vxt7gJxTeVIstCLvWDYCl_1JBrDvJ2eXF4V9yamk61KCqmwoAJMjXEpwaDuzITFPIZM9V-nTpIgnsBh-BCERYqAcUc7Si0IpRAlyM9YG78va7o0Pe_zYrt4NbV8Cl--BzAzrFOfhIOxvk3CYWRfc9lrSz09TJRCEn4q-rR9v7LVIboKJAedhbkr8ShClMru8xRsdfne3fRIzV1iZxNn4GuW6A) |
| 90 | +* Special Thanks to @KingOfBugbounty for his great contributions in the repository [KingOfBugBountyTips](https://github.com/KingOfBugbounty/KingOfBugBountyTips) |
| 91 | +* @TomNomNom |
| 92 | +* @pdiscoveryio |
| 93 | +* @NahamSec |
| 94 | +* @s0md3v |
72 | 95 |
|
73 | 96 | # About me |
74 | 97 | [Twitter](https://twitter.com/robotshelld) |
75 | 98 |
|
76 | 99 |
|
77 | 100 | # Donation |
78 | | -* If you've earned a bug bounty using this tool, please consider donating to support it's development. You can help me to develop more useful tools. Thanks :heart_eyes: |
| 101 | +* If you've earned a bug bounty using this tool, please consider donating to support it's development. You can help me to develop more useful scripts and tools. Thanks :heart_eyes: |
79 | 102 |
|
80 | 103 | [<img src="https://www.paypalobjects.com/en_US/ES/i/btn/btn_donateCC_LG.gif">](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=F4YABU5AH3NTQ&source=url) |
81 | 104 |
|
|
0 commit comments