name: Recon
on:
push:
branches: [master]
jobs:
scan-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Install system dependencies
run: |
sudo apt-get update && sudo apt-get install -y wget unzip jq golang nodejs npm
- name: Install tools
run: |
wget https://github.com/projectdiscovery/httpx/releases/download/v1.3.9/httpx_1.3.9_linux_amd64.zip && unzip -o httpx_1.3.9_linux_amd64.zip && sudo mv httpx /usr/bin/ && sudo rm -rf httpx_1.3.9_linux_amd64.zip *.md
go install github.com/cybercdh/assetfinder@cybercdh && sudo mv ~/go/bin/assetfinder /usr/bin/
wget https://github.com/projectdiscovery/subfinder/releases/download/v2.6.4/subfinder_2.6.4_linux_amd64.zip && unzip subfinder_2.6.4_linux_amd64.zip && sudo mv subfinder /usr/bin/ && sudo rm -rf subfinder_2.6.4_linux_amd64.zip
go install -v github.com/webklex/wappalyzer@main && sudo mv ~/go/bin/wappalyzer /usr/bin/
- name: Prepare directories and fetch data
run: |
mkdir ~/bugbounty
cd ~/bugbounty
curl -O "https://raw.githubusercontent.com/projectdiscovery/public-bugbounty-programs/master/chaos-bugbounty-list.json"
jq -r '.programs[] | select(.bounty==true) | .domains[]' chaos-bugbounty-list.json > bounty_domains.txt
while read DOMAIN; do
folder_name=$(jq -r '.programs[] | select(.domains[] == $DOMAIN) | .name' --arg DOMAIN "$DOMAIN" chaos-bugbounty-list.json)
mkdir -p "${folder_name// /_}" -v
echo "$DOMAIN" > "${folder_name// /_}/assets.txt"
done < bounty_domains.txt
- name: Run reconnaissance
run: |
for BBP in $(ls ~/bugbounty); do
cd ~/bugbounty/$BBP
subfinder -dL assets.txt -o subdomains.txt
while read TARGET; do
echo "Finding technology for $TARGET"
HTTP_TARGET=$(echo "$TARGET" | httpx -silent | xargs)
if [ -z "$HTTP_TARGET" ]
then
echo "Target not active"
else
echo "Analyzing target: $HTTP_TARGET"
wappalyzer --target "$HTTP_TARGET" --disable-ssl --output "$(echo $HTTP_TARGET | sed -e 's/[^[:alnum:]]/_/g').tech.json --json"
fi
done < subdomains.txt
done
- name: Zip results
run: |
cd ~
zip -r bugbounty.zip ~/bugbounty
- name: Set up Git user
run: |
git config --global user.email "${{ secrets.EMAIL_ADDRESS }}"
git config --global user.name "${{ secrets.USER_NAME }}"
- name: Commit changes
run: |
git add .
git commit -m "Result scan $(date -u)" --no-verify
- name: Push changes
uses: ad-m/github-push-action@master
with:
branch: ${{ github.ref }}
github_token: ${{ secrets.GITHUB_TOKEN }}
Created
February 4, 2024 13:28
-
-
Save z0rs/dae1defc797d7898024ef353fcfaa797 to your computer and use it in GitHub Desktop.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment