@@ -17,7 +17,17 @@ NORMAL="\e[0m"
1717GREEN=" \e[92m"
1818
1919# ########SUBDOMAIN ENUMERATIONS#########
20- echo -e " ${BOLD}${GREEN} [+] Starting Subdomain Enumeration"
20+ echo -e " ${BOLD}${GREEN} [+] Welcome to MagicRecon"
21+ echo -e " "
22+ echo -e " ${BOLD}${GREEN} [+] MagicRecon has 5 steps: "
23+ echo -e " ${BOLD}${GREEN} [+] STEP 1: Subdomain Enumeration"
24+ echo -e " ${BOLD}${GREEN} [+] STEP 2: JavaScript files and Hidden Endpoints"
25+ echo -e " ${BOLD}${GREEN} [+] STEP 3: Find directories and hidden files"
26+ echo -e " ${BOLD}${GREEN} [+] STEP 4: Port scan for alive domains"
27+ echo -e " ${BOLD}${GREEN} [+] STEP 5: Subdomain headers and response bodies"
28+
29+ echo -e " "
30+ echo -e " ${BOLD}${GREEN} [+] STEP 1: Starting Subdomain Enumeration"
2131
2232# Amass
2333echo -e " ${GREEN} [+] Starting Amass"
@@ -56,6 +66,11 @@ cat domains.txt | ~/go/bin/httprobe | tee -a alive.txt
5666
5767sort alive.txt | uniq -u
5868
69+ # Corsy
70+ echo -e " "
71+ echo -e " ${GREEN} [+] Starting Corsy to find CORS missconfigurations"
72+ python3 ~ /Corsy/corsy.py -i alive.txt -o CORS.txt
73+
5974# Aquatone
6075echo -e " "
6176echo -e " ${BOLD}${GREEN} [+] Starting Aquatone to take screenshots"
@@ -72,25 +87,9 @@ cat alive.txt | python -c "import sys; import json; print (json.dumps({'domains'
7287
7388cat domains.txt | python -c " import sys; import json; print (json.dumps({'domains':list(sys.stdin)}))" > domains.json
7489
75- # ########SUBDOMAIN HEADERS#########
76- echo -e " "
77- echo -e " ${BOLD}${GREEN} [+] Storing subdomain headers and response bodies"
78-
79- mkdir headers
80- mkdir responsebody
81-
82- CURRENT_PATH=$( pwd)
83-
84- for x in $( cat alive.txt)
85- do
86- NAME=$( echo $x | awk -F/ ' {print $3}' )
87- curl -X GET -H " X-Forwarded-For: evil.com" $x -I > " $CURRENT_PATH /headers/$NAME "
88- curl -s -X GET -H " X-Forwarded-For: evil.com" $x > " $CURRENT_PATH /responsebody/$NAME "
89- done
90-
9190# ########JAVASCRIPT FILES#########
9291echo -e " "
93- echo -e " ${BOLD}${GREEN} [+] Collecting JavaScript files and Hidden Endpoints"
92+ echo -e " ${BOLD}${GREEN} [+] STEP 2: Collecting JavaScript files and Hidden Endpoints"
9493
9594mkdir scripts
9695mkdir scriptsresponse
162161
163162 cd ..
164163done
164+
165165# ########FILES AND DIRECTORIES#########
166166echo -e " "
167- echo -e " ${BOLD}${GREEN} [+] Starting Gobuster to find directories and hidden files"
167+ echo -e " ${BOLD}${GREEN} [+] STEP 3: Starting Gobuster to find directories and hidden files"
168168
169169mkdir directories
170170
178178 rm directories/$NAME
179179 fi
180180done
181+
181182# ########NMAP#########
182183echo -e " "
183- echo -e " ${BOLD}${GREEN} [+] Starting Nmap Scan for alive domains"
184+ echo -e " ${BOLD}${GREEN} [+]STEP 4: Starting Nmap Scan for alive domains"
184185
185186mkdir nmapscans
186187
187188for domain in $( cat domains.txt)
188189do
189190 nmap -sC -sV -v $domain | tee nmapscans/$domain
190191done
192+
193+ # ########SUBDOMAIN HEADERS#########
194+ echo -e " "
195+ echo -e " ${BOLD}${GREEN} [+] STEP 5: Storing subdomain headers and response bodies"
196+
197+ mkdir headers
198+ mkdir responsebody
199+
200+ CURRENT_PATH=$( pwd)
201+
202+ for x in $( cat alive.txt)
203+ do
204+ NAME=$( echo $x | awk -F/ ' {print $3}' )
205+ curl -X GET -H " X-Forwarded-For: evil.com" $x -I > " $CURRENT_PATH /headers/$NAME "
206+ curl -s -X GET -H " X-Forwarded-For: evil.com" $x > " $CURRENT_PATH /responsebody/$NAME "
207+ done
208+
0 commit comments