Skip to content

/htrace.sh

Permalink
Browse files

#68 - replaced Sublist3r to SubFinder 

- signed-off-by: trimstray <trimstray@gmail.com>
  • Loading branch information...
@trimstray
trimstray committed Mar 10, 2019
1 parent aec86b4 commit 969d0b3b3fc4fec604430b635ae1abfe5ed0cbd4
Unified Split
Showing with 70 additions and 79 deletions.
  1. +1 −1 README.md
  2. +2 −7 build/Dockerfile
  3. +13 −17 dependencies.sh
  4. +43 −0 lib/DomainScanSubFinder
  5. +0 −43 lib/DomainScanSublist3r
  6. +8 −8 src/__init__
  7. +1 −1 src/helpers
  8. +1 −1 src/import
  9. +1 −1 static/man8/htrace.sh.8
View file
2 README.md
@@ -115,7 +115,7 @@ Provides the following options:
--mixed-content scan website for non-secure resources (mixed-content-scan)
--nse scan website and domain (nmap nse library)
--waf detect and bypass web application firewalls (whatwaf)
--dns enumerate subdomains of website (sublist3r)
--dns enumerate subdomains of website (subfinder)
--all-scans use all external security tools
Extended:
View file
9 build/Dockerfile
@@ -48,6 +48,7 @@ FROM golang:alpine AS golang
RUN apk update && apk add --no-cache git
RUN go get github.com/ssllabs/ssllabs-scan
RUN go get github.com/maxmind/geoipupdate/cmd/geoipupdate
RUN go get github.com/subfinder/subfinder

FROM drwetter/testssl.sh:stable AS testssl

@@ -106,15 +107,9 @@ RUN \
cp ~/.whatwaf/.install/bin/whatwaf /usr/bin/whatwaf && \
./setup.sh uninstall

RUN \
git clone https://github.com/aboul3la/Sublist3r.git /opt/Sublist3r && \
cd /opt/Sublist3r && \
chmod +x sublist3r.py && \
pip install -r requirements.txt && \
ln -s /opt/Sublist3r/sublist3r.py /usr/bin/sublist3r.py

COPY --from=golang /go/bin/ssllabs-scan /usr/bin/ssllabs-scan
COPY --from=golang /go/bin/geoipupdate /usr/bin/geoipupdate
COPY --from=golang /go/bin/subfinder /usr/bin/subfinder
COPY --from=testssl /usr/local/bin/testssl.sh /usr/bin/testssl.sh
COPY --from=testssl /home/testssl/etc/ /etc/testssl/etc/

View file
30 dependencies.sh
@@ -16,6 +16,10 @@ function _tread() {
"os_name" "$_os_name" \
"os_id" "$_os_id"

printf ' Please check golang variables or set them before start:\n'
printf ' GOROOT: %s\n GOPATH %s\n\n' \
"$GOROOT" "$GOPATH"

printf ' %s: ' "Please enter (Y) to continue"

read _kvar
@@ -94,14 +98,11 @@ fi
# Global variables.
readonly _tmp="${_dir}/.tmp"

export GOROOT="/usr/lib/go"
export GOPATH="/opt/go"

mkdir -p "${_tmp}" && cd "${_tmp}"

printf "%s" "
Before start please read all communication on the screen!
Before start please read all on the screen!
"

@@ -113,7 +114,7 @@ if [[ "$_os_name" == "darwin" ]] || \

# System tools.
brew install coreutils gnu-getopt gnu-sed openssl curl bc jq php72 \
libmaxminddb geoipupdate python rsync
libmaxminddb geoipupdate python rsync go

brew install node composer

@@ -141,12 +142,9 @@ if [[ "$_os_name" == "darwin" ]] || \
cp ~/.whatwaf/.install/bin/whatwaf /usr/bin/whatwaf
./setup.sh uninstall

# For Sublist3r
git clone https://github.com/aboul3la/Sublist3r.git /opt/Sublist3r
cd /opt/Sublist3r
chmod +x sublist3r.py
pip install -r requirements.txt
ln -s /opt/Sublist3r/sublist3r.py /usr/bin/sublist3r.py
# For SubFinder
go get github.com/subfinder/subfinder && \
ln -s "${GOPATH}/bin/subfinder" /us/bin/subfinder

geoipupdate

@@ -175,6 +173,7 @@ elif [[ "$_os_name" == "debian" ]] || \
apt-get install -y nodejs
npm install -g observatory-cli

go get github.com/subfinder/subfinder
# For Ssllabs API.
apt-get install -y golang
go get github.com/ssllabs/ssllabs-scan
@@ -227,12 +226,9 @@ elif [[ "$_os_name" == "debian" ]] || \
cp ~/.whatwaf/.install/bin/whatwaf /usr/bin/whatwaf
./setup.sh uninstall

# For Sublist3r
git clone https://github.com/aboul3la/Sublist3r.git /opt/Sublist3r
cd /opt/Sublist3r
chmod +x sublist3r.py
pip install -r requirements.txt
ln -s /opt/Sublist3r/sublist3r.py /usr/bin/sublist3r.py
# For SubFinder
go get github.com/subfinder/subfinder && \
ln -s "${GOPATH}/bin/subfinder" /us/bin/subfinder

geoipupdate

View file
43 lib/DomainScanSubFinder
@@ -0,0 +1,43 @@
#!/usr/bin/env bash

# shellcheck shell=bash

# ``````````````````````````````````````````````````````````````````````````````
# Function name: DomainScanSubFinder()
#
# Description:
# Subdomains enumeration with subfinder.
#
# Usage:
# DomainScanSubFinder domain
#
# Examples:
# DomainScanSubFinder example.com
#

function DomainScanSubFinder() {

# shellcheck disable=SC2034
local _FUNCTION_ID="DomainScanSubFinder"
local _STATE=0

local _host="$1"

# shellcheck disable=SC2034
_scan_type="passive"

# shellcheck disable=SC2034
_destination_host="$_host"

local _subfinder_desc="Subdomains enumeration:https://github.com/subfinder/subfinder"
local _subfinder_cmd="eval subfinder -d \"$_host\" --silent -t 10 -no-color | grep -v \"canceled\|error\|warning\|fail\|timeout\""

_msg_args+=(\
"$_subfinder_desc")

_cmd_args+=(\
"$_subfinder_cmd")

return $_STATE

}
View file
43 lib/DomainScanSublist3r

This file was deleted.

Oops, something went wrong.
View file
16 src/__init__
@@ -115,8 +115,8 @@ function __main__() {
# Default 'waf' variable.
local waf_state="0"

# Default 'sublist3r' variable.
local sublist3r_state="0"
# Default 'subfinder' variable.
local subfinder_state="0"

# Default 'cache-bypass' variable.
local cache_bypass_state="0"
@@ -148,8 +148,8 @@ function __main__() {
# unnecessarily run.
readonly commands=(basename dirname stat ps date grep cut sed awk chown \
chmod mkdir curl openssl dig mmdblookup bc jq \
testssl.sh observatory ssllabs-scan mixed-content-scan \
nmap python whatwaf)
python go testssl.sh observatory ssllabs-scan \
mixed-content-scan nmap whatwaf subfinder)

# If you intend to specify the full path to the command we do it like:
# readonly exec_gzip="/bin/gzip"
@@ -330,7 +330,7 @@ function __main__() {

--dns)

export sublist3r_state=1
export subfinder_state=1

shift ;;

@@ -421,7 +421,7 @@ function __main__() {
export mixed_content_state=1
export nse_state=1
export waf_state=1
export sublist3r_state=1
export subfinder_state=1

fi

@@ -1161,12 +1161,12 @@ function __main__() {

fi

if [[ "$sublist3r_state" -eq 1 ]] ; then
if [[ "$subfinder_state" -eq 1 ]] ; then

DomainStrip "$_http_last"

# shellcheck disable=SC2154
_init_function "DomainScanSublist3r \"${_domain_name}\""
_init_function "DomainScanSubFinder \"${_domain_name}\""

_fstate="$?"

View file
2 src/helpers
@@ -742,7 +742,7 @@ function _help_() {
--mixed-content scan website for non-secure resources (mixed-content-scan)
--nse scan website and domain (nmap nse library)
--waf detect and bypass web application firewalls (whatwaf)
--dns enumerate subdomains of website (sublist3r)
--dns enumerate subdomains of website (subfinder)
Extended:
View file
2 src/import
@@ -17,7 +17,7 @@ readonly _fd_stack=(DomainStrip DomainTrace DomainGeo PrintfHeaders \
DomainSslCheck DomainCertCheck DomainScanTestssl \
DomainScanObservatory DomainScanSsllabs \
DomainScanMixedContent DomainScanNmapNse DomainResolve \
DomainScanWhatWaf DomainScanSublist3r)
DomainScanWhatWaf DomainScanSubFinder)

if [[ "${#_fd_stack[@]}" -ne 0 ]] ; then

View file
2 static/man8/htrace.sh.8
@@ -57,7 +57,7 @@ htrace.sh is a shell script for http/https troubleshooting and profiling. It's a
detect and bypass web application firewalls (whatwaf)

--dns
enumerate subdomains of website (sublist3r)
enumerate subdomains of website (subfinder)

--cache-bypass <value>
try (proxy) cache bypass

0 comments on commit 969d0b3

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.