Automate Your Recon Process and Uncover More Vulnerabilities

-

As a hacker, your reconnaissance process is critical for finding vulnerabilities in your target's infrastructure. However, the traditional recon process can be time-consuming and repetitive. In this blog post, we will show you how to automate your recon process and discover more vulnerabilities using tools like Xray, Nuclei, and Cent.

The traditional recon process involves finding subdomains, getting live subs, and testing them for vulnerabilities. To make the process more efficient, we recommend using tools like Subfinder, Assetfinder, Amass, Github-subdomains, and Sublist3r.

Here is an example script to help you get started

  • subfinder -d $1 -silent | anew /root/$1/subs.txt
  • assetfinder -subs-only $1 | anew /root/$1/subs.txt
  • amass enum -passive -d $1 | anew /root/$1/subs.txt
  • python sublist3r.py -d $1| anew /root/$1/subs.txt
  • github-subdomains -t <github token> -d $1 | anew /root/$1/subs.txt

Once you have the subdomains, you need to check for open ports and get live hosts using tools like Naabu and Httpx.

Here is an example script

  • cat /root/$1/subs.txt | naabu -p — -silent | anew open-ports.txt
  • cat open-ports.txt | httpx -silent | anew alive.txt

Once you have identified the live hosts, you can start testing for vulnerabilities. There are two types of vulnerabilities you can test for - CVEs and misconfigurations, and generic vulnerabilities.

For CVEs and misconfigurations, you can use Nuclei, a powerful tool that can detect a wide range of vulnerabilities. You can create custom templates for Nuclei or use existing ones from the Project Discovery templates.

To test all Nuclei templates on GitHub, we recommend using Cent, a tool that collects all templates of Nuclei from other repositories on GitHub and combines them into one repository.

Here is an example script

  • cat alive.txt | nuclei -t /path/to/cent/ -es info | anew nuclei-results.txt

For generic vulnerabilities, we recommend using Xray, a fantastic tool to test for vulnerabilities with a crawler built-in. Xray can crawl every host and test generic vulnerabilities for all params on the URL and Body request.

Here is an example script

  • for i in $(cat /root/$1/alive.txt); do xray_linux_amd64 ws — basic-crawler $i — plugins xss,sqldet,xxe,ssrf,cmd-injection,path-traversal — ho $(date +”%T”).html ; done

With these tools, you can automate your bug hunting process and focus on other things. You can use the above scripts to create an automated workflow and run it periodically to stay up-to-date on any vulnerabilities.

Automating your recon process can save you a lot of time and effort. With tools like Xray, Nuclei, and Cent, you can discover more vulnerabilities and stay ahead of the curve. 


Comments

Post a Comment

Popular posts from this blog

Most Important Linux commands that Nobody Teaches You

-
Image
Linux is a powerful operating system with a vast array of tools and utilities available to users. These tools make Linux an attractive option for system administrators, developers, and power users who require a flexible and customizable environment. In this article, we will look at some essential Linux tools and utilities that can help you manage your system more efficiently. Rsync Rsync is a popular command-line utility that is used for file synchronization and data backup. It allows users to copy files and directories to a destination, similar to the cp command, but with some added features. One of the key benefits of using Rsync is that it allows you to copy files to remote locations, making it an excellent choice for backup purposes. Example usage : $ rsync -vap --ignore-existing <source_file> <destination_file> Key flags: v = verbose r = recursive p = preserve permissions g = group o = owner a = archive --progress = progress bar Mkpasswd Mkpasswd is a simple but useful
Read more

Unleashing Bug Bounty Success: Subdomain Enumeration, Content Discovery, and Vulnerability Scanning Approach

-
Image
Subdomain Enumeration  Subdomain enumeration is a critical aspect of robust cybersecurity practices. By employing effective tools and techniques, professionals can enhance their ability to identify potential vulnerabilities and uncover valuable information. In this article, we will explore recommended tools and methodologies for subdomain enumeration to optimize your security efforts. Knockpy, an exceptional subdomain enumeration tool, provides valuable insights into response codes and server details. To leverage its capabilities, execute the following command using Python3: python3 knockpy example.com While encountering response codes such as 404 or 403 may initially appear discouraging, it is crucial to thoroughly investigate these subdomains. Hidden within these seemingly unremarkable sites, valuable discoveries may await. For comprehensive subdomain enumeration, we highly recommend the utilization of "assetfinder." This powerful tool can be executed using the following co
Read more

Enhance Your Bug Bounty Journey with the Tools and Binaries of Bughunt3r Virtual Machine

-
Bug bounty hunting requires a comprehensive toolkit to uncover vulnerabilities and secure web applications. In this blog post, we will explore the top 20 tools and binaries that can supercharge your bug bounty efforts. These powerful tools cover a wide range of functionalities, from web vulnerability scanning to subdomain enumeration and source code analysis. We will focus on how these tools can be leveraged to optimize your bug bounty workflow, with specific examples targeting the domain *.example.com. Let's dive in! A virtual machine (.ova) file where almost all bug bounty tools are installed; specially burpsuite pro with license :) OS: Kali-Linux Version: 2022.1 Download link: https://drive.google.com/file/d/1Tkj3jKOvL7M08zG5JGVoqhZh50VMyM3X/view File size: 6 GB Installed top 20 tools and binaries [1]burpsuite professional [2]zaproxy [3]crlfuzz [4]ffuf [5]kite [6]dalfox [7]nuclei [8]rustscan [9]sqlmap [10]nmap [11]waybackurls [12]subfinder [13]xsstrike [14]nosqlmap [15]gitdu
Read more