| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081 |
- #!/bin/bash
- subdom () {
- SUBDOM="$1"
- [[ "$SUBDOM" = "" ]] && return
- randomize="$RANDOM"
- for sites in `cat $log`; do
- [[ $(echo ${DNS[@]}|grep $sites) = "" ]] && DNS+=($sites)
- [[ $(echo ${DNS[@]}|grep $sites) != "" ]] && cat $log|grep -v "$sites" > $log
- done
- while true; do
- [[ "$(pidof lynx | wc -w)" -lt "20" ]] && break
- done
- (
- HOST[$randomize]="$SUBDOM"
- curl -sSL "${HOST[$randomize]}"|grep -Eoi '<a [^>]+>'|grep -Eo 'href="[^\"]+"'|grep -Eo '(http|https)://[a-zA-Z0-9./*]+'|sort -u|awk -F "://" '{print $2}' >> $log
- ) > /dev/null 2>&1 &
- }
- iniciar () {
- SUB_DOM=$1
- limite=$2
- [[ ${SUB_DOM} = "" ]] && read -p "Site Alvo: " SUB_DOM
- [[ ${limite} = "" ]] && limite="300"
- #CRIA LOG
- log="./loog" && touch $log
- #INICIA PRIMEIRA BUSCA
- _DOM=$(curl -sSL "$SUB_DOM"|grep -Eoi '<a [^>]+>'|grep -Eo 'href="[^\"]+"'|grep -Eo '(http|https)://[a-zA-Z0-9./*]+'|sort -u|awk -F "://" '{print $2}')
- for _DOMS in `echo $_DOM`; do
- [[ $(echo ${DNS[@]}|grep ${_DOMS}) = "" ]] && DNS+=(${_DOMS})
- done
- #INICIA THREADS
- i=0
- while true; do
- DOMAIN=$(echo "${DNS[$i]}")
- [[ $DOMAIN = "" ]] && break
- if [[ $(echo -e "${PESQ[@]}"|grep "$DOMAIN") = "" ]]; then
- subdom "$DOMAIN"
- echo -e "\033[1;31m(Scan\033[1;32m $((${#PESQ[@]}+1))\033[1;31m de \033[1;32m${#DNS[@]}\033[1;31m) - Escaneando ---> \033[1;36mhttp://$DOMAIN\033[1;37m"
- PESQ+=($DOMAIN)
- fi
- [[ "$(echo ${#DNS[@]})" -gt "$limite" ]] && break
- i=$(($i+1))
- sleep 1s
- done
- rm $log
- echo -e "\033[1;31m====================================\n\033[1;32mScan Finalizado!, Iniciando Coleta de IPs\033[1;31m\n====================================\033[0m"
- [[ -e $HOME/subresult ]] && rm $HOME/subresult
- [[ ! -e $HOME/subresult ]] && touch $HOME/subresult
- for result in $(echo "${DNS[@]}"); do
- (
- rand="$RANDOM"
- dns[rand]="$result"
- scan[rand]=$(echo ${result}|cut -d'/' -f1)
- IP[rand]=$(nslookup "${scan[rand]}"|grep -Eo 'Address: [0-9.]+'|grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'|tail -1) > /dev/null 2>&1
- echo -e "====================================\nDNS: ${dns[rand]}\nIP: ${IP[rand]}\n====================================" >> $HOME/subresult
- unset IP
- ) &
- done
- while true; do
- [[ $(pidof nslookup|wc -w) -lt "1" ]] && break
- done
- RSLT=$(($(cat $HOME/subresult|wc -l)/4)) && echo -e "\033[1;31m====================================\n\033[1;32m$RSLT Hosts Capturados\n\033[1;31m====================================\033[0m"
- echo -ne "Desea Imprimir los Resultados? [S/N]: "; read yn
- [[ $yn = @(s|S|y|Y) ]] && {
- echo -ne "\033[1;32m"
- cat $HOME/subresult|grep -v =
- echo -e "\033[1;31m====================================\033[0m"
- }
- return 0
- }
- #INICIA SCRIPT
- echo -e "\033[1;31m====================================\033[0m"
- echo -e "\033[1;33m INICIALIZANDO PROCEDIMENTOS (SCAN)"
- echo -e "\033[1;31m====================================\033[0m"
- iniciar $1 $2
- [[ $? = "0" ]] &&
- echo -e "\033[1;32mRegistro Generado en : $HOME/subresult\033[0m" &&
- echo -e "\033[1;31m====================================\033[0m"
|
