Tools

OSINT Bash Scripting:

DIGMEUP: Bash Recon Script

https://pastebin.com/Xtacbac


https://github.com/logansdiomedi/bash-recon-project/blob/master/digmeup.sh

Usage: ./digmeup domain.com
———–

Quickest Ping Sweep (Not using NMAP)

fping -g 192.168.1.1/24

root@kalilsd:~/Desktop# fping -g 192.168.1.1/24

Sweep a single port across an entire /24 (replace the 0.0.0. with whatever values for the IP)

!/bin/bash
for ip in $(seq 1 255);do
nc -n -w 1 -zvv 0.0.0.$ip 80
done

root@kalilsd:~/Desktop/tools# ./fast_single_port_sweeper.sh

Perform a reverse DNS lookup across an entire /24

!/bin/bash
for ip in $(seq 1 254);do
host 192.168.1.$ip
done

root@kalilsd:~/Desktop/tools# ./reverse_dns_sweeper.sh

Simple Ping Sweeper – /24

!/bin/bash
for ip in $(seq 1 254);do
ping -c 1 192.168.1.$ip
done

root@kalilsd:~/Desktop/tools# ./ping_sweeper.sh

Really Fast Reverse DNS

!/bin/bash
for ip in $(seq 1 254);do
host 192.168.1.$ip >> /root/Desktop/iplist.txt &
done

root@kalilsd:~/Desktop# ./fast_reverse_dns.sh

Fast Single Port /24 Sweeper

!/bin/bash
for ip in $(seq 1 254);do
nc -n -w 1 -zv 192.168.1.$ip 80
done

root@kalilsd:~/Desktop/tools# ./fastscan.sh

Parsing Output – Quick DNS Info Example to quickly sort

./dnsreversefast.sh simply outputs the host command on each sequential IP address into a file – we then read the file, grep for a unique string indicating the domain is up, cut output using a ” ” (space) as a delimiter, and we get a nice list of unique hosts that have DNS A records pointed to them!

Here’s an example using nslookup to perform a similar task – high speed as well

#!/bin/bash
for ip in $(seq 1 254);do
nslookup 31.13.66.$ip >> /root/Desktop/diglist.txt &
done

root@kalilsd:~/Desktop# ./nslookup_fast.sh

Quick PHP Reverse Shell One Liner Backdoor (lol couldn’t copy and paste my wordpress security settings freak out)

Usage: “http://example.com/upload/cmd?=whoami”