recon methodology - tripmine253/pentest-book GitHub Wiki

Recon Methodology (WiP)

# Full subdomain enum
./sub.sh -a example.com
./chomp-scan.sh -u example.com

# Take snapshots of every subdomainy
cat subdomains.txt | aquatone -out ~/aquatone/whatever
eyewitness -file subs.txt --prepend-https

# Get unique IPs alive hosts and port scan
nmap -iL subs.txt -Pn -n -sn -oG - | awk '/Up$/{print $2}' > subs_ip_alive.txt
masscan -iL subs_alive.txt -p7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157 --max-rate 10000

# Check for every github repository
gitrob githubaccount

# Check for wayback urls and robots
waybackurls example.com
python3 waybackrobots.py
python3 waybackurls.py

# Check passwords leaks
python3 pwndb.py --target @example.com
python3 pwndb.py --target [email protected]
Add a custom footer
⚠️ **GitHub.com Fallback** ⚠️