| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 |
- #!/bin/bash
- subdom () {
- SUBDOM="$1"
- [[ "$SUBDOM" = "" ]] && return
- randomize="$RANDOM"
- for sites in `cat $log`; do
- [[ $(echo ${DNS[@]}|grep $sites) = "" ]] && DNS+=($sites)
- [[ $(echo ${DNS[@]}|grep $sites) != "" ]] && cat $log|grep -v "$sites" > $log
- done
- while true; do
- [[ "$(pidof lynx | wc -w)" -lt "20" ]] && break
- done
- (
- HOST[$randomize]="$SUBDOM"
- curl -sSL "${HOST[$randomize]}"|grep -Eoi '<a [^>]+>'|grep -Eo 'href="[^\"]+"'|grep -Eo '(http|https)://[a-zA-Z0-9./*]+'|sort -u|awk -F "://" '{print $2}' >> $log
- ) > /dev/null 2>&1 &
- }
- scan_funtion () {
- #INICIA SCRIPT
- clear
- echo -e "\033[1;32mINICIALIZANDO PROCEDIMENTOS (SCAN) \033[0m"
- echo ""
- #INICIA SCRIPT
- unset hostcaptura
- while [[ ${hostcaptura} = "" ]]; do
- echo -ne "\033[1;37m Digite o dominio: " && read hostcaptura
- tput cuu1 && tput dl1
- done
- unset limitecaptura
- while [[ ${limitecaptura} != +([0-9]) ]]; do
- echo -ne "\033[1;37m Limite de captura: " && read limitecaptura
- tput cuu1 && tput dl1
- done
- SUB_DOM=$hostcaptura
- limite=$limitecaptura
- [[ ${limite} -gt "500" ]] && limite="500"
- #CRIA LOG
- log="./loog" && touch $log
- #INICIA PRIMEIRA BUSCA
- _DOM=$(curl -sSL "$SUB_DOM"|grep -Eoi '<a [^>]+>'|grep -Eo 'href="[^\"]+"'|grep -Eo '(http|https)://[a-zA-Z0-9./*]+'|sort -u|awk -F "://" '{print $2}')
- for _DOMS in `echo $_DOM`; do
- [[ $(echo ${DNS[@]}|grep ${_DOMS}) = "" ]] && DNS+=(${_DOMS})
- done
- #INICIA THREADS
- i=0
- while true; do
- DOMAIN=$(echo "${DNS[$i]}")
- [[ $DOMAIN = "" ]] && break
- if [[ $(echo -e "${PESQ[@]}"|grep "$DOMAIN") = "" ]]; then
- subdom "$DOMAIN"
- echo -e " \033[1;31m(Scan\033[1;32m $((${#PESQ[@]}+1))\033[1;31m de \033[1;32m${#DNS[@]}\033[1;31m) - Escaneando ---> \033[1;36mhttp://$DOMAIN\033[1;37m"
- PESQ+=($DOMAIN)
- fi
- [[ "$(echo ${#DNS[@]})" -gt "$limite" ]] && break
- i=$(($i+1))
- sleep 1s
- done
- rm $log
- echo -e "\n\033[1;32mScan Finalizado!, Iniciando Coleta de IPs"
- [[ -e $HOME/subresult ]] && rm $HOME/subresult
- [[ ! -e $HOME/subresult ]] && touch $HOME/subresult
- [[ -e $HOME/result_tmp ]] && rm $HOME/result_tmp
- [[ ! -e $HOME/result_tmp ]] && touch $HOME/result_tmp
- for result in $(echo "${DNS[@]}"); do
- (
- rand="$RANDOM"
- dns[rand]="$result"
- scan[rand]=$(echo ${result}|cut -d'/' -f1)
- IP[rand]=$(nslookup "${scan[rand]}"|grep -Eo 'Address: [0-9.]+'|grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'|tail -1) > /dev/null 2>&1
- echo " DNS: ${dns[rand]} -> IP: ${IP[rand]}" >> $HOME/subresult
- echo -e "\033[1;31mDNS: \033[1;36m${dns[rand]} \033[1;31m--> \033[1;31mIP: \033[1;33m${IP[rand]}" >> $HOME/result_tmp
- unset IP
- ) &
- done
- while true; do
- [[ $(pidof nslookup|wc -w) -lt "1" ]] && break
- done
- RSLT=$(($(cat $HOME/subresult|wc -l)/4)) && echo -e "\n\033[1;32m$RSLT Hosts Capturados\n \033[0m"
- if [ $RSLT = 0 ];then
- return 0
- fi
- echo -ne " \033[1;33mDeseja Imprimir os Resultados? \033[1;37m[S/N]: "; read yn
- [[ $yn = @(s|S|y|Y) ]] && {
- tput cuu1 && tput dl1
- cat $HOME/result_tmp|grep -v =
- [[ -e $HOME/result_tmp ]] && rm -rf $HOME/result_tmp
- echo -e "\033[0m"
- echo -e "\033[1;32mLog Gerado no Arquivo \033[1;33m$HOME/subresult"
- echo -e "\033[0m"
- return 0
- }
- tput cuu1 && tput dl1
- return 0
- }
- scan_funtion
|
