cyber-security-resources/osint/quick_recon/quick_recon.py

140 lines
4.8 KiB
Python
Raw Permalink Normal View History

2021-02-14 22:18:02 -05:00
#!/usr/bin/env python3
# A script to perform a quick OSINT recon for a given domains
# This is an example and work in progress
import os , sys , time , requests , random
from googlesearch import search
from termcolor import colored, cprint
from http import cookiejar
from urllib.parse import urlparse
from plugins import pasting
Subdomains = []
def SubdomainFilter(URL):
Parsed = urlparse(URL); Scheme = Parsed.scheme; Host = Parsed.netloc; URL = Scheme + "://" + Host + "/"
if URL not in Subdomains:
print(URL); Subdomains.append(URL)
if os.path.exists("alpha.txt"):
print("")
Qupdate = requests.get('https://raw.githubusercontent.com/The-Art-of-Hacking/h4cker/osint/quick_recon/qrecon_update.txt') #Quantom
Qupdate.status_code
if Qupdate.status_code == 200:
print(colored ('Cheking Update...' ,'white'))
print(colored(Qupdate.text , 'green'))
time.sleep(3) #
elif Qupdate.status_code == 404:
print(colored ('Cheking Update...' ,'white'))
print(colored ('Update Available ' ,'red'))
print(colored ('See https://github.com/The-Art-of-Hacking/h4cker/tree/master/osint' ,'red'))
print(colored ('Resuming...' ,'red'))
print("")
time.sleep(3) #
f = open('alpha.txt', 'r')
alpha = f.read()
print(colored (alpha,'yellow'))
else:
print("")
print(colored ('Please Run the quick_recon Script in the Main Directory' ,'red'))
print(colored ('First: cd quick_recon ' ,'red'))
print(colored ('Then : python3 quick_recon.py' ,'red'))
print(colored ('Exiting...' ,'red'))
time.sleep(5)
exit()
banner1 = """
Quick OSINT Recon of a given domain
̿з=(_)=ε
"""
print (banner1)
#--------------------------------------------------------------------------------#
class BlockAll(cookiejar.CookiePolicy):
return_ok = set_ok = domain_return_ok = path_return_ok = lambda self, *args, **kwargs: False
netscape = True
rfc2965 = hide_cookie2 = False
TLD = ["com","com.tw","co.in"]
beta = random.choice(TLD)
s = requests.Session()
s.cookies.set_policy(BlockAll())
#--------------------------------------------------------------------------------#
key = input (colored('[+] Set Target (site.com) : ', 'white' ))#Key
file = open("quick_recon.config", "w")
file.write(key)
file.close()
#V2
#V2
print("")
print(colored ('[>] Looking For Subdomains...' ,'green'))
query = "site:" + key + " -www." + key #SubTech1
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
SubdomainFilter(URL=gamma)
query = "site:*." + key #SubTech2
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
SubdomainFilter(URL=gamma)
print("")
if os.path.exists(".google-cookie"):
os.remove(".google-cookie")
print(colored ('[>] Looking For Sub-Subdomains...' ,'green'))
query = "site:*.*." + key
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
SubdomainFilter(URL=gamma)
print("")
if os.path.exists(".google-cookie"):
os.remove(".google-cookie")
print(colored ('[>] Looking For Login/Signup Pages...' ,'green'))
query = "inurl:login site:" + key #LogTech1
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
print("" + gamma)
query = "site:" + key + " inurl:signup | inurl:register | intitle:Signup" #LogTech2
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
print("" + gamma)
print ("")
if os.path.exists(".google-cookie"):
os.remove(".google-cookie")
# Sleeping for 60s to Avoid Google Block
print(colored ('[!] 20s Sleep to avoid Google Block' ,'yellow'))
time.sleep(21) # ; )
print(colored ('[!] Switching Google TLDs...' ,'yellow'))
TLD = ["co.ma","dz","ru","ca"]
zolo = random.choice(TLD)
print("")
#ok
print(colored ('[>] Looking For Directory Listing...' ,'green')) #DirListing
query = "site:" + key + " intitle:index of"
for gamma in search(query, tld=zolo, num=10 , stop=60 , pause=2):
print("" + gamma)
print ("")
if os.path.exists(".google-cookie"):
os.remove(".google-cookie")
print(colored ('[>] Looking For Public Exposed Documents...' ,'green')) #Docs
query = "site:" + key + " ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv"
for gamma in search(query, tld=zolo, num=30 , stop=60 , pause=2):
print("" + gamma)
print ("")
if os.path.exists(".google-cookie"):
os.remove(".google-cookie")
print(colored ('[>] Looking For WordPress Entries...' ,'green')) #WP
query = "site:" + key + " inurl:wp- | inurl:wp-content | inurl:plugins | inurl:uploads | inurl:themes | inurl:download"
for gamma in search(query, tld=zolo, num=30 , stop=60 , pause=2):
print("" + gamma)
print ("")
if os.path.exists(".google-cookie"):
os.remove(".google-cookie")