jhaddix / domain Goto Github PK

Setup script for Regon-ng

Python 73.68% Shell 26.32%

domain's Introduction

Info

Recon-ng and Alt-DNS are awesome. This script combines the power of these tools with the ability to run multiple domains within the same session.

TLDR; I just want to do my subdomain discovery via ONE command and be done with it.

Only 1 module needs an api key (/api/google_site) find instructions for that on the recon-ng wiki.

Script to enumerate subdomains, leveraging recon-ng. Uses google scraping, bing scraping, baidu scraping, yahoo scraping, netcraft, and bruteforces to find subdomains. Plus resolves to IP.

Pre-Requisites

Installation recon-ng from Source

Clone the Recon-ng repository

git clone https://[email protected]/LaNMaSteR53/recon-ng.git
Change into the Recon-ng directory.

cd recon-ng
Install dependencies.

pip install -r REQUIREMENTS
Eventually link the installation directory to /usr/share/recon-ng

ln -s /$recon-ng_path /usr/share/recon-ng
Optionally (highly recommended) download:
- Alt-DNS (https://github.com/infosec-au/altdns)
- and a good subdomain bruteforce list (https://github.com/danielmiessler/SecLists/blob/master/Discovery/DNS/sorted_knock_dnsrecon_fierce_recon-ng.txt)
Create config.py file and specify the path to recon-ng and allDNS as it showed in config_sample.py

Basic Usage

./enumall.py domain.com

also supports:

-w to run a custom wordlist with recon-ng
-a to use alt-dns
-p to feed a custom permutations list to alt-dns (requires -a flag)
-i to feed a list of domains (can also type extra domains into the original command)

Advanced Usage

./enumall.py domain1.com domain2.com domain3.com -i domainlist.txt -a -p permutationslist.txt -w wordlist.com

Output from recon-ng will be in .lst and .csv files, output from alt-dns will be in a .txt file

by @jhaddix and @leifdreizler

domain's People

Contributors

Stargazers

Watchers

Forkers

synackme infosec-au marengz codecor mccabe615 dipsec em616 movingname facelesspotato the-st0rm dhayalan96 marpie fadidxb ch33kyf3ll0w getmrahul tamiral shobhitsinghal624 nyxgeek lucabongiorni eniac888 nullkaos izogain edeirme-zz t3xtm0d3 maxon3 chutch01 sandeepl337 iamtutu bhafsec kant5t1km3 absolutebreeze secforks anshumanbh happypixel coreb1t mrdoel n0z3r0 furusiyya infosecsecurity atulshedage mahmoud1337 ray123454321 michalkoczwara yehgdotnet nahidupa securitywarrior toysweet meliht olivierh59500 13337 swagnetow fredyfx thedevappsecguy yindeming jeroencorthout mgcfish clownsonyou 0patch magnologan jack51706 ladyleet1337 noorqureshi 5up3rc minkione siowcy kbahaxor 0x13337 pythonmaster41 security-geeks vnhacker1337 cs24 tigerwhite volodymyr-rudyk romannamor9 methane712 selfevo hax0rg1rl sonahri zshell sumlac wyousquared dradford bigttys0 toxydose bbhunter iamr0b0t atezcann mehrdad-shokri demonknight94 vishal2232 bberastegui gableroux nsalimova jlcnate dr1276 xxtherockxx hybridious hsis007 0xgerard ykankaya

domain's Issues

"Invalid module name" when trying to load 'google_site_web'

There is an issue when trying to load the 'google_site_web' module when running enumall.py. Interestingly, Bing works correctly in enumall.py and 'google_site_web' also works within recon-ng. This is what is occurring when trying to go through the code in pdb:

(Pdb) l
 30     pdb.set_trace()
 31     if altDnsPath:
 32             sys.path.insert(1, altDnsPath)
 33
 34     def run_module(reconBase, module, domain):
 35  ->     x = reconBase.do_load(module)
 36         x.do_set("SOURCE " + domain)
 37         x.do_run(None)
 38
 39
 40     def run_recon(domains, bruteforce):
(Pdb) module
'recon/domains-hosts/google_site_web'
(Pdb) n
[!] Invalid module name.
> /home/miqlae/domain/enumall.py(36)run_module()
-> x.do_set("SOURCE " + domain)

By the way, for testing purposes, I removed all the modules, except for Google. I also had to change the paths in the reconPath, altDnsPath variables to the correct paths, but everything else seems to work okay.

I'm testing on Ubuntu 16.04, latest versions of enumall, recon-ng and altdns.

Altdns path is correct but ,Got this Error !

File "enumall.py", line 83
print "Error: no altDns path specified, please download from: https://github.com/infosec-au/altdns"
^
SyntaxError: Missing parentheses in call to 'print'. Did you mean print("Error: no altDns path specified, please download from: https://github.com/infosec-au/altdns")?

Error when running enumall script

After searching domains from Bing following error happen:

SUMMARY
-------
[*] 1 total (1 new) hosts found.
[!] Invalid module name.
Traceback (most recent call last):
  File "./enumall.py", line 98, in <module>
    run_recon(domainList, bruteforceList)
  File "./enumall.py", line 52, in run_recon
    run_module(reconb, module, domain)
  File "./enumall.py", line 37, in run_module
    x.do_set("SOURCE " + domain)
AttributeError: 'NoneType' object has no attribute 'do_set'

REQUIREMENTS NOT FOUND

Hey Jason Haddix,

I think you forgot to add REQUIREMENTS file or it's removed. Can you please check this.
In readme file it's clearly state that it's needed.

manavomev.beta

Syntax error

Traceback (most recent call last):
File "./enumall.py", line 28, in
from recon.core import base
File "/usr/share/recon-ng/recon/core/base.py", line 32
framework.Framework._spool.write(f"{args[0]}{os.linesep}")
^
SyntaxError: invalid syntax

NameError: name 'reconPath' is not defined

Error while installing REQUIREMENTS

➜  recon-ng git:(master) sudo pip install -r README.md REQUIREMENTS 

Exception:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/pip/basecommand.py", line 122, in main
    status = self.run(options, args)
  File "/usr/lib/python2.7/dist-packages/pip/commands/install.py", line 262, in run
    for req in parse_requirements(filename, finder=finder, options=options, session=session):
  File "/usr/lib/python2.7/dist-packages/pip/req.py", line 1632, in parse_requirements
    req = InstallRequirement.from_line(line, comes_from, prereleases=getattr(options, "pre", None))
  File "/usr/lib/python2.7/dist-packages/pip/req.py", line 173, in from_line
    return cls(req, comes_from, url=url, prereleases=prereleases)
  File "/usr/lib/python2.7/dist-packages/pip/req.py", line 71, in __init__
    req = pkg_resources.Requirement.parse(req)
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2667, in parse
    reqs = list(parse_requirements(s))
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2605, in parse_requirements
    line, p, specs = scan_list(VERSION,LINE_END,line,p,(1,2),"version spec")
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2573, in scan_list
    raise ValueError("Expected "+item_name+" in",line,"at",line[p:])
ValueError: ('Expected version spec in', 'Recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.', 'at', ' is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open source web-based reconnaissance can be conducted quickly and thoroughly.')

Storing debug log for failure in /home/<snip>/.pip/pip.log

Any ideas?

Add description for recon-ng version

The master branch of recon-ng does not work with this project. Adding description for compatible releases of recon-ng would be nice

ImportError: No module named recon.core

I was trying to install enumall.py but failed.
root@kali:~/Desktop/tools/domain-master# ./enumall.py google.com
Traceback (most recent call last):
File "./enumall.py", line 26, in
from recon.core import base
ImportError: No module named recon.core

path is correct but stil got this error:

root@kali:~/h4ck/enum-all/domain# ./enumall.py
Traceback (most recent call last):
File "./enumall.py", line 27, in
sys.path.insert(0,reconPath)
NameError: name 'reconPath' is not defined

Code requires baidu_site, yahoo_domain recon-ng modules which are no longer part of LaNMaSteR53/recon-ng

https://github.com/jhaddix/domain/blob/master/enumall.py#L45

enumall.py tries to load recon/domains-hosts/{baidu_site,yahoo_domain} which have been removed from LaNMaSteR53/recon-ng since April 22, 2016, commit d23da13.

I suggest removing the modules from the list, or suggesting a different, more specific fork of recon-ng which contains the baidu & yahoo plugins.

Files saved to root by default

Hey there,
I know you are going off the assumption that the user is using Kali but for those who are not, can I suggest the results are saved to a local folder such as "reports"?

echo "set FILENAME /root/Desktop/$domain$stamp.csv" >> $domain$stamp.resource
echo "set FILENAME /root/Desktop/$domain$stamp.lst" >> $domain$stamp.resource

Yo

Update to support python3 and recon-ng v5

No longer compatible with main branch of recon-ng as recon-ng has moved to python3 and has updated their code, which breaks some references in enumall.py.

Some improvments will be great

As discussed, I have to say that enumall is the best thing i used till now .. i am finding assets didn't find with other tools, would suggest if it can check sudomains also from crt.sh and http://threatcrowd.org .. it will be great :) thank you.

./recon-ng error

Hey, I encountered this error at the last stage of running recon-ng in git bash. If someone understands, please help me solve it

$ ./recon-ng

Traceback (most recent call last):
  File "C:\Users\User\recon-ng\recon-ng", line 8, in <module>
    from recon.core import base
  File "C:\Users\User\recon-ng\recon\core\base.py", line 7, in <module>
    import imp
ModuleNotFoundError: No module named 'imp'

Recon-ng on Github

Key not set

[!] 'shodan_api' key not set. shodan_hostname module will likely fail at runtime. See 'keys add'.
[!] 'bing_api' key not set. bing_domain_api module will likely fail at runtime. See 'keys add'.
[!] 'builtwith_api' key not set. builtwith module will likely fail at runtime. See 'keys add'.
[!] 'shodan_api' key not set. shodan_ip module will likely fail at runtime. See 'keys add'.

how to fix this

Error While running AIG.py

raceback (most recent call last):
File "AIG.py", line 60, in
main()
File "AIG.py", line 58, in main
portScan(Host, Ports)
File "AIG.py", line 45, in portScan
t = Thread(target = connection, args=(Host, int(Port)))
ValueError: invalid literal for int() with base 10: 'None'

Invalid Module Name

In the following example the module name is wrong. It should be yahoo_domain.

[recon-ng][example.com08_10_2015][google_site_api] > use recon/domains-hosts/yahoo_site
[!] Invalid module name.