v1.1.0

Dockerfile

@@ -3,7 +3,7 @@ FROM kalilinux/kali-rolling:latest
 
 LABEL "project"="kali-d"
 LABEL "author"="f0nzy"
-LABEL "version"="v1.0.0"
+LABEL "version"="v1.1.0"
 LABEL "website"="https://r0land-sec.com"
 
 ENV DEBIAN_FRONTEND noninteractive
@@ -26,15 +26,30 @@ WORKDIR /home/kali/
 
 USER kali
 
-ADD sources/ /tmp/sources
+RUN mkdir .logs && mkdir .local && mkdir tools && mkdir -p /home/kali/.config/tmuxp
 
-RUN sudo chown -R kali:kali /tmp/sources
+ADD sources/0-base.sh /tmp/sources/0-base.sh
 
-RUN mkdir .logs && mkdir .local && mkdir tools && mkdir -p /home/kali/.config/tmuxp
+RUN sudo chmod +x /tmp/sources/0-base.sh && /tmp/sources/0-base.sh
+
+ADD sources/1-tools.sh /tmp/sources/1-tools.sh
+
+RUN sudo chmod +x /tmp/sources/1-tools.sh &&  /tmp/sources/1-tools.sh
+
+ADD sources/2-tools.sh /tmp/sources/2-tools.sh
+
+RUN sudo chmod +x /tmp/sources/2-tools.sh && /tmp/sources/2-tools.sh
+
+RUN sudo chown -R kali:kali /tmp/sources/*
+
+ADD sources/hakrawler /tmp/sources/hakrawler
+
+ADD sources/jsleak /tmp/sources/jsleak
+
+RUN cp /tmp/sources/hakrawler /home/kali/.local/hakrawler \
+  && chmod +x /home/kali/.local/hakrawler && \
+  cp /tmp/sources/jsleak /home/kali/.local/jsleak && chmod +x /home/kali/.local/jsleak
 
-RUN sudo chmod +x /tmp/sources/*.sh && \
-  /tmp/sources/0-base.sh && \
-  /tmp/sources/1-tools.sh
 
 ADD resources /home/kali/resources/
 
@@ -43,6 +58,7 @@ RUN sudo chown -R kali:kali /home/kali/resources
 RUN cp /home/kali/resources/tmux.conf /home/kali/.tmux.conf \
   && cp -r /home/kali/resources/.BurpSuite /home/kali/.BurpSuite \
   && cp /home/kali/resources/ctf.yaml /home/kali/.config/tmuxp/ctf.yaml \
+  && cp /home/kali/resources/bounty.yaml /home/kali/.config/tmuxp/bounty.yaml \
   && cp -r /home/kali/resources/bloodhound /home/kali/.config/bloodhound \
   && cp -r /home/kali/resources/shell-upgrade.sh /home/kali/tools/shell-upgrade.sh \
   && cp -r /home/kali/resources/recon.sh /home/kali/.local/recon.sh && chmod +x /home/kali/.local/recon.sh

resources/bounty.yaml

@@ -0,0 +1,30 @@
+session_name: bounty
+windows:
+- window_name: recon
+  layout: tiled
+  panes:
+   -
+   -
+
+- window_name: target
+  layout: tiled
+  panes:
+    -
+    -
+
+- window_name: foothold_pivot
+  layout: tiled
+  panes:
+    - mkdir www/ && cd www/
+    - ssh-keygen -t ed25519 -C "bounty" -N '' -f bounty
+    -
+    -
+
+- window_name: privesc
+  layout: tiled
+  panes:
+    -
+    -
+    -
+    -
+

resources/recon.sh

@@ -1,16 +1,96 @@
 #!/bin/bash
 
-IP=$1
-NAME=$2
+########################################
+# My first bug bounty script
+# Tools used: subfinder, httprobe, naabu, httpx, hakrawler, meg
+# I highly reccommend API keys where posssible to ensure more accurate results.
+########################################
 
-whatweb -a 1 -U=$AGENT -t 10 --wait=0.2 http://$IP/ >whatweb.txt
+project=$1
+file=$2
 
-mkdir -p $NAME-nmap/$NAME
+RED="31"
+BOLDRED="\e[1;${RED}m"
+GREEN="32"
+BOLDGREEN="\e[1;${GREEN}m"
+YELLOW="33"
+BOLDYELLOW="\e[1;${YELLOW}m"
+ENDCOLOR="\e[0m"
 
-nmap -sC -sV -oA $NAME-nmap/$NAME -p- $IP
+while getopts "p:f:?" opt; do
+	case "$opt" in
+	p) project="$OPTARG" ;;
+	f) file="$OPTARG" ;;
+	?) Usage ;;
+	esac
+done
 
-ffuf -c -t 30 -p 0.1 \
-	-r -rate 100 -recursion -recursion-depth 3 \
-	-H "User-Agent:$AGENT"
--mc 200,302,403 -w /usr/share/seclists/Discovery/Web-Content/raft-small-words.txt \
-	-u http://$IP/FUZZ
+Usage() {
+	figlet recon.sh | lolcat
+	echo -e "Usage: ./recon.sh -p PROJECT_NAME -f root.txt \n"
+	echo -e "-p Project name or target"
+	echo -e "-f list of root domains"
+	exit 1
+}
+
+if [ -z "$project" ]; then
+	echo $red"[-]" "Project name required"
+	Usage
+fi
+
+if [ -z "$file" ]; then
+	echo $red"[-]" "Domain file required"
+	Usage
+fi
+
+main_banner() {
+	figlet recon.sh | lolcat
+}
+
+tool_banner() {
+	echo -e "${BOLDGREEN}+------------------------------------------+"
+	printf "| %-40s |\n" "$(date)"
+	echo -e "|                                          |"
+	printf "${BOLDGREEN}|$(tput bold) %-40s $(tput sgr0)${BOLDGREEN}|\n" "$@"
+	echo -e "${BOLDGREEN}+------------------------------------------+"
+}
+
+http_probe() {
+	echo -e "${BOLDRED}searching for live hosts on $project...${ENDCOLOR}\n"
+	cat $project-domains.txt | httprobe >$project-live-hosts.txt
+}
+
+httpx_live_hosts() {
+	echo -e "${BOLDRED}probing hosts on $project...${ENDCOLOR}\n"
+	http-x -list $project-live-hosts.txt -silent -probe -tech-detect -status-code -t 3 -H "User-Agent: $AGENT" -o $project-probed-hosts.txt
+}
+file_format_1() {
+	echo -e "${BOLDYELLOW}Formatting httpx results${ENDCOLOR}\n"
+	cat $project-probed-hosts.txt | grep 'SUCCESS' | cut -d '[' -f 1 | cut -d ' ' -f 1 >$project-targets.txt
+}
+
+main_banner
+
+tool_banner "Running chaos"
+chaos -key $CHAOS_KEY -dL root.txt -silent -o chaos-$project-domains.txt
+tool_banner "Running subfinder"
+subfinder -dL $file -all -cs -rl 100 -t 20 -timeout 10 -max-time 5 >$project-main.txt
+cat $project-main.txt | cut -d "," -f 1 >$project-domains.txt
+tool_banner "Running dnsx"
+dnsx -l root.txt -t 50 -rl 100 -o dnsx-$project-domains.txt -r resolvers.txt
+tool_banner "subdomain enumeration complete"
+tool_banner "Running httprobe"
+http_probe
+tool_banner "Httprobe complete"
+tool_banner "Running httpx"
+httpx_live_hosts
+tool_banner "Formatting httpx results"
+file_format_1
+tool_banner "Looking for links and secrets"
+cat $project-targets.txt | jsleak -l -l -c 5 >$project-links-secrets.txt
+tool_banner "links and secrets search complete"
+tool_banner "Running hakrawler"
+cat $project-targets.txt | hakrawler \
+	-h "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36;;X-Bug-Bounty: r0land" \
+	-d 4 -t 2 -timeout 5 -u >$project-endpoints.txt
+tool_banner "Recon on $project Finished"

resources/tmux.conf

@@ -68,8 +68,8 @@ set -g visual-activity on
 set -g @plugin 'tmux-plugins/tpm'
 set -g @plugin 'tmux-plugins/tmux-sensible'
 set -g @plugin 'tmux-plugins/tmux-logging'
-set -g @plugin 'egel/tmux-gruvbox'
-set -g @tmux-gruvbox 'dark' # or 'light'
-
+#set -g @plugin 'egel/tmux-gruvbox'
+#set -g @tmux-gruvbox 'dark' # or 'light'
+set -g @plugin "janoamaral/tokyo-night-tmux"
 
 run '~/.tmux/plugins/tpm/tpm'

resources/zsh/zshrc

@@ -56,7 +56,7 @@ source $ZSH/oh-my-zsh.sh
 #Custom ENV
 export EDITOR=vim
 export AGENT='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36'
-export PATH=$PATH:/home/kali/bin:/usr/local/go/bin:/home/kali/.local
+export PATH=$PATH:$HOME/bin:/usr/local/go/bin:$HOME/.local
 
 #daily drivers for day to day tasks
 alias http='python3 -m http.server 80'
@@ -65,6 +65,7 @@ alias update='sudo apt-get update -y'
 alias t='tmux -f ~/.tmux.conf'
 alias t-session='tmux new -f ~/.tmux.conf -s $1'
 alias ctf='tmuxp load ~/.config/tmuxp/ctf.yaml'
+alias bounty='tmuxp load ~/.config/tmuxp/bounty.yaml'
 alias i='sudo apt-get install -y'
 alias public='curl wtfismyip.com/text'
 alias py='python3'

sources/0-base.sh

@@ -20,26 +20,16 @@ active_directory() {
 		powershell ldap-utils
 }
 
-web() {
-	sudo apt-get install -y whatweb ffuf sqlmap \
-		exiftool default-mysql-client hurl postgresql arjun httprobe \
-		burpsuite
-}
-
-password() {
-	sudo apt-get install -y seclists crunch hashcat
-}
-
 echo -e "Installing base packages"
 base
 echo -e "Installing network packages"
 network
 echo -e "Installing AD tools"
 active_directory
-echo -e "Installing web tools"
-web
-echo -e "Installing password tools"
-password
+#echo -e "Installing web tools"
+#web
+#echo -e "Installing password tools"
+#password
 
 #sublime install
 wget -qO - https://download.sublimetext.com/sublimehq-pub.gpg |

sources/1-tools.sh

@@ -1,6 +1,14 @@
 #!/bin/bash
 
-# Installs commonly used tools in the tools subdirectory of the kali home directory
+web() {
+	sudo apt-get install -y whatweb ffuf sqlmap \
+		exiftool default-mysql-client hurl postgresql arjun \
+		burpsuite
+}
+
+password() {
+	sudo apt-get install -y seclists crunch john
+}
 
 install_go() {
 	wget https://go.dev/dl/go1.21.0.linux-amd64.tar.gz &&
@@ -9,15 +17,6 @@ install_go() {
 		rm go1.21.0.linux-amd64.tar.gz
 }
 
-waybackurls_install() {
-	wget -q -O waybackurls.tgz https://github.com/tomnomnom/waybackurls/releases/download/v0.1.0/waybackurls-linux-amd64-0.1.0.tgz &&
-		gunzip waybackurls.tgz &&
-		tar -C /home/kali/.local -xf waybackurls.tar &&
-		chmod +x /home/kali/.local/waybackurls &&
-		rm /home/kali/tools/waybackurls.tar
-
-}
-
 httpx_install() {
 	wget -q https://github.com/projectdiscovery/httpx/releases/download/v1.3.4/httpx_1.3.4_linux_amd64.zip &&
 		unzip httpx_1.3.4_linux_amd64.zip -d ./httpx &&
@@ -74,10 +73,11 @@ privesc() {
 }
 
 echo -e "Installing tools..."
+web
+password
 payload
 active_directory
 pivot
 privesc
 install_go
-waybackurls_install
 httpx_install

sources/2-tools.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+sudo apt-get install amass -y
+
+httprobe_install() {
+	wget -q https://github.com/tomnomnom/httprobe/releases/download/v0.2/httprobe-linux-amd64-0.2.tgz -O httprobe.tgz &&
+		tar -xzf httprobe.tgz && chmod +x httprobe && mv httprobe $HOME/.local/httprobe && rm httprobe.tgz
+}
+
+go-dorks_install() {
+	wget -q https://github.com/dwisiswant0/go-dork/releases/download/v1.0.2/go-dork_1.0.2_linux_amd64 -O go-dork &&
+		mv go-dork $HOME/.local/go-dork &&
+		chmod +x $HOME/.local/go-dork
+}
+
+rush_install() {
+	wget https://github.com/shenwei356/rush/releases/download/v0.5.2/rush_linux_amd64.tar.gz -O rush.tar.gz &&
+		gunzip rush.tar.gz && tar -xf rush.tar && rm rush.tar && mv rush $HOME/.local/rush && chmod +x $HOME/.local/rush
+
+katana_install() {
+	wget https://github.com/projectdiscovery/katana/releases/download/v1.0.3/katana_1.0.3_linux_amd64.zip -O katana.zip &&
+		unzip katana.zip && chmod +x katana && mv katana $HOME/.local/. && rm katana.zip
+}
+
+chaos_install() {
+	wget https://github.com/projectdiscovery/chaos-client/releases/download/v0.5.1/chaos-client_0.5.1_linux_amd64.zip \
+		-O chaos.zip && unzip chaos.zip chaos-client && chmod +x chaos-client && mv chaos-client $HOME/.local/chaos &&
+		rm chaos.zip
+}
+
+dnsx_install() {
+	wget https://github.com/projectdiscovery/dnsx/releases/download/v1.1.4/dnsx_1.1.4_linux_amd64.zip -O dnsx.zip &&
+		unzip dnsx.zip dnsx && chmod +x dnsx && mv dnsx $HOME/.local/dnsx && rm dnsx.zip
+}
+
+waybackurls_install() {
+	wget -q -O waybackurls.tgz https://github.com/tomnomnom/waybackurls/releases/download/v0.1.0/waybackurls-linux-amd64-0.1.0.tgz &&
+		gunzip waybackurls.tgz &&
+		tar -C $HOME/.local -xf waybackurls.tar &&
+		chmod +x $HOME/.local/waybackurls &&
+		rm $HOME/waybackurls.tar
+
+}
+
+unfurl_install() {
+	wget https://github.com/tomnomnom/unfurl/releases/download/v0.4.3/unfurl-linux-amd64-0.4.3.tgz \
+		-O unfurl.tgz && tar -xzf unfurl.tgz && mv unfurl $HOME/.local/unfurl && rm unfurl.tgz
+}
+
+subfinder_install() {
+	wget https://github.com/projectdiscovery/subfinder/releases/download/v2.6.2/subfinder_2.6.2_linux_amd64.zip \
+		-O subfinder.zip && unzip subfinder.zip && chmod +x subfinder && mv subfinder $HOME/.local/subfinder && rm subfinder.zip
+}
+
+notify_install() {
+	wget https://github.com/projectdiscovery/notify/releases/download/v1.0.5/notify_1.0.5_linux_amd64.zip \
+		-O notify.zip && unzip -o notify && mv notify $HOME/.local/notify && rm notify.zip && rm LICENSE.md README.md
+}
+
+httprobe_install
+go-dorks_install
+rush_install
+katana_install
+chaos_install
+dnsx_install
+waybackurls_install
+unfurl_install
+subfinder_install
+notify_install