-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathenum-http
57 lines (48 loc) · 2.85 KB
/
enum-http
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
#!/bin/bash
cyan='\033[1;32m'
red='\033[1;31m'
yellow='\033[0;33m'
none='\033[0m'
mkdir http 2>/dev/null
touch ./http/nmap$2
echo -e "${cyan}==========( NMAP scripts $1:$2 )==========" 2>&1 | tee -a ./http/nmap$2
echo -e "${red}nmap -sS -sC -sV -T4 -A -v -Pn -p $2 --script vuln $1" 2>&1 | tee -a ./http/nmap$2
echo -e "${yellow}" 2>&1 | tee -a ./http/nmap$2
$(which nmap) -sS -sC -sV -T4 -A -v -Pn -p $2 --script vuln $1 2>&1 | tee -a ./http/nmap$2
echo -e "${none}" 2>&1 | tee -a ./http/nmap$2
touch ./http/http$2_davt
echo -e "${cyan}==========( DavTest on $1:$2 )==========" 2>&1 | tee -a ./http/http$2_davt
echo -e "${red}davtest -url http://$1:$2" 2>&1 | tee -a ./http/http$2_davt
echo -e "${yellow}" 2>&1 | tee -a ./http/http$2_davt
$(which davtest) -url http://$1:$2 | tee -a ./http/http$2_davt
echo -e "${none}" 2>&1 | tee -a ./http/http$2_davt
touch ./http/http$2_nikto
echo -e "${cyan}==========( Nikto on $1:$2 )==========" 2>&1 | tee -a ./http/http$2_nikto
echo -e "${red}nikto -h http://$1:$2/ -C all" 2>&1 | tee -a ./http/http$2_nikto
echo -e "${yellow}" 2>&1 | tee -a ./http/http$2_nikto
$(which nikto) -h http://$1:$2/ -C all 2>&1 | tee -a ./http/http$2_nikto
echo -e "${none}" 2>&1 | tee -a ./http/http$2_nikto
iswp=$(curl http://$1:$2/wp-content -i --silent | head -n 1 | cut -d ' ' -f 2)
if [ "$iswp" = "301" ]
then
touch ./http/http$2_wp
echo -e "${cyan}==========( WPScan $1:$2 )==========" 2>&1 | tee -a ./http/http$2_wp
echo -e "${red}wpscan --url http://$1:$2/ -e ap,at,cb,tt,dbe,u,m" 2>&1 | tee -a ./http/http$2_wp
echo -e "${yellow}" 2>&1 | tee -a ./http/http$2_wp
$(which wpscan) --url http://$1:$2/ -e ap,at,cb,tt,dbe,u,m 2>&1 | tee -a ./http/http$2_wp
echo -e "${none}" 2>&1 | tee -a ./http/http$2_wp
fi
touch ./http/http$2_gob
EXTS="/,.aspx,.asp,.txt,.js,.css,.html,.htm,.pl,.py,.cgi,.bin,.exe,.md,.sh,.bat,.ps1,.bak,.old,.cfm,.jsp,.php,.inc,.sql,.pdf,.ini"
echo -e "${cyan}==========( FFUF 10k on $1:$2 )==========" 2>&1 | tee -a ./http/http$2_gob
echo -e "${red}ffuf -w /home/baguette/wordlist/top10k.txt -u http://$1:$2/FUZZ -mc 200,204,301,302,307,401,403 -e $EXTS -c" 2>&1 | tee -a ./http/http$2_gob
echo -e "${yellow}" 2>&1 | tee -a ./http/http$2_gob
$(which ffuf) -w /home/baguette/wordlist/top10k.txt -u http://$1:$2/FUZZ -mc 200,204,301,302,307,401,403 -e $EXTS -c 2>&1 | tee -a ./http/http$2_gob
echo -e "${none}" 2>&1 | tee -a ./http/http$2_gob
touch ./http/http$2_full
echo -e "${cyan}==========( FFUF on $1:$2 )==========" 2>&1 | tee -a ./http/http$2_full
echo -e "${red}ffuf -w /home/baguette/wordlist/medlow.txt -u http://$1:$2/FUZZ -mc 200,204,301,302,307,401,403 -e / -c" 2>&1 | tee -a ./http/http$2_full
echo -e "${yellow}" 2>&1 | tee -a ./http/http$2_full
$(which ffuf) -w /home/baguette/wordlist/medlow.txt -u http://$1:$2/FUZZ -mc 200,204,301,302,307,401,403 -e / -c 2>&1 | tee -a ./http/http$2_full
echo -e "${none}" 2>&1 | tee -a ./http/http$2_full
exit