forked from screetsec/Sudomy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sudomy.conf
222 lines (188 loc) · 6.77 KB
/
sudomy.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
### TEMPORARY PATH OUTPUT PASSIVE
#PATH="$( pwd )/"
OUT="$(pwd)/output"
TMP="$(pwd)/tmp"
TMP_BUFFER=${OUTPUT:-${TMP}/Buffer.err}
TMP_SHODAN=${OUTPUT:-${OUT}/Shodan.tmp}
TMP_RISKIQ=${OUTPUT:-${OUT}/RiskIQ.tmp}
OUT_SHODAN=${OUTPUT:-${OUT}/Shodan.log}
OUT_VIRUSTOTAL=${OUTPUT:-${OUT}/Virustotal.log}
OUT_CERTSPOTTER=${OUTPUT:-${OUT}/Certspotter.log}
OUT_BINARYEDGE=${OUTPUT:-${OUT}/Binaryedge.log}
OUT_HACKERTARGET=${OUTPUT:-${OUT}/Hackertarget.log}
OUT_THREATMINER=${OUTPUT:-${OUT}/Threatminer.log}
OUT_CRTSH=${OUTPUT:-${OUT}/crtsh.log}
OUT_BUFFEROVER=${OUTPUT:-${OUT}/Bufferover.log}
OUT_ENTRUST=${OUTPUT:-${OUT}/Entrust.log}
OUT_FINDSUBDOMAIN=${OUTPUT:-${OUT}/Findsubdomain.log}
OUT_THREATCROWD=${OUTPUT:-${OUT}/ThreatCrowd.log}
OUT_DNSDUMPSTER=${OUTPUT:-${OUT}/Dnsdumpster.log}
OUT_RIDDLER=${OUTPUT:-${OUT}/Riddler.log}
OUT_FRIDDLER=${OUTPUT:-${OUT}/FRiddler.log} #FILTER
OUT_WEBARCHIVE=${OUTPUT:-${OUT}/Webarchive.log}
OUT_STRAILS=${OUTPUT:-${OUT}/SecurityTrails.log}
OUT_CENSYS=${OUTPUT:-${OUT}/Censys.log}
OUT_RAPIDDNS=${OUTPUT:-${OUT}/Rapiddns.log}
OUT_ALIENVAULT=${OUTPUT:-${OUT}/AlienVault.log}
OUT_COMMONCRAWL=${OUTPUT:-${OUT}/CommonCrawl.log}
OUT_URLSCAN=${OUTPUT:-${OUT}/UrlScan.log}
OUT_DNSDB=${OUTPUT:-${OUT}/Dnsdb.log}
OUT_RISKIQ=${OUTPUT:-${OUT}/RiskIQ.log}
OUT_SPYSE=${OUTPUT:-${OUT}/Spyse.log}
OUT_FBCERT=${OUTPUT:-${OUT}/FBCert.log}
# Outfile
OUT_NAME="Sudomy-Output"
# Engine (Third-party sites,) Path
# PEN = PATH ENGINE
PEN="$(pwd)/engine"
Engine_Shodan=${ENGINE:-${PEN}/Shodan.my}
Engine_VirusTotal=${ENGINE:-${PEN}/VirusTotal.my}
Engine_Censys=${ENGINE:-${PEN}/Censys.my}
Engine_Certspotter=${ENGINE:-${PEN}/Certspotter.my}
Engine_BinaryEdge=${ENGINE:-${PEN}/BinaryEdge.my}
Engine_Hackertarget=${ENGINE:-${PEN}/Hackertarget.my}
Engine_Threatminer=${ENGINE:-${PEN}/Threatminer.my}
Engine_CrtSH=${ENGINE:-${PEN}/CrtSH.my}
Engine_BufferOver=${ENGINE:-${PEN}/BufferOver.my}
Engine_Findsubdomains=${ENGINE:-${PEN}/Findsubdomains.my}
Engine_Threatcrowd=${ENGINE:-${PEN}/Threatcrowd.my}
Engine_Dnsdumpster=${ENGINE:-${PEN}/Dnsdumpster.my}
Engine_Riddler=${ENGINE:-${PEN}/Riddler.my}
Engine_Entrust=${ENGINE:-${PEN}/Entrust.my}
Engine_Webarchive=${ENGINE:-${PEN}/Webarchive.my}
Engine_SecurityTrails=${ENGINE:-${PEN}/SecurityTrails.my}
Engine_RapidDNS=${ENGINE:-${PEN}/RapidDNS.my}
Engine_AlienVault=${ENGINE:-${PEN}/AlienVault.my}
Engine_CommonCrawl=${ENGINE:-${PEN}/CommonCrawl.my}
Engine_UrlScan=${ENGINE:-${PEN}/UrlScan.my}
Engine_DNSDB=${ENGINE:-${PEN}/DNSDB.my}
Engine_RiskIQ=${ENGINE:-${PEN}/RiskIQ.my}
Engine_Spyse=${ENGINE:-${PEN}/Spyse.my}
Engine_FBCert=${ENGINE:-${PEN}/FBCert.my}
### TEMPORARY PATH OUTPUT ACTIVE
OUT_GOBUSTER=${OUTPUT:-${OUT}/Bruteforce.log}
RESULT_GOBUSTER=${OUTPUT:-${OUT}/Gobuster.log}
OUT_RAW_WEBARCHIVE=${OUTPUT:-${OUT}/Webarchive.raw}
OUT_RAW_COMMONCRAWL=${OUTPUT:-${OUT}/CommonCrawl.raw}
OUT_RAW_URLSCAN=${OUTPUT:-${OUT}/UrlScan.raw}
OUT_JUICY_URL_RAW=${OUTPUT:-${OUT}/JuicyURL_FULL.raw}
OUT_PARAM_URL_PARSING=${OUTPUT:-${OUT}/Full_URL_Parsing.raw}
## RESULT_NAME ${DATE}${DOMAINS}/
RESULT_SUBDOMAIN=subdomain.txt
RESULT_HTTPROBE=httprobe_subdomain.txt
RESULT_PINGSWEEP=pingsweep.txt
RESULT_IP_RESOLVER=ip_resolver.txt
RESULT_SUB_TABLE=subdomain_resolver_all.txt
RESULT_HTTP_CODE=http_code.txt
RESULT_HTTP_CODE_CSV=http_code.csv
RESULT_NMAP_HOSTS=nmap_top_ports.txt
RESULT_WAPPALYZER=wappalyzer.txt
RESULT_DB_PORT=ip_dbport.txt
RESULT_DB_ASN=ip_dbasn.txt
RESULT_HTTPX=httpx_status_title.txt
RESULT_DNSX=dnsx_subdomain.txt
RESULT_WEBANALYZE=webanalyze.txt
RESULT_CFCHECK=cf_ipresolv.txt
# RESULT IN YAML FOR GRAPH
RESULT_SUB_RESOLVER=vHost_subdomain.yaml
#TAKEOVER
RESULT_CNAME_RESOLV=CNAME-resolv.txt
RAW_RESULT_TAKEOVER=TakeOver.raw
RESULT_TAKEOVER=TakeOver.txt
RESULT_DNSLOOKUP=TakeOver-Lookup.txt
RESULT_NXDOMAIN=TakeOver-nxdomain.txt
#OUT FINAL COLLECTING FULL URL PASSIVE
RESULT_EXTRACT_PARAM=Passive_Collecting_URLParamter.txt
RESULT_JUICY_URL_FULL=Passive_Collect_URL_Full.txt
#URI PARAMETER
RESULT_EXTRACT_PARAM_UNIQ=Passive_Collecting_URLParamter_Uniq.txt
RESULT_EXTRACT_PARAM_FULL=Passive_Collecting_URLParamter_Full.txt
#INTEREST URI
INTERESTURI_PARAM=interesturi-param-full.out
INTERESTURI_PARAM_UNIQ=interesturi-paramsuniq.out
INTERESTURI_JS=interesturi-js.out
INTERESTURI_NODE=interesturi-nodemodule.out
INTERESTURI_PATH=interesturi-allpath.out
INTERESTURI_OTF=interesturi-otherfile.out
INTERESTURI_DOC=interesturi-doc.out
#OUT WORDLIST FINAL RESULTS
WORDLIST_PATH=wordlist-pathurl.lst
WORDLIST_PARM=wordlist-parameter.lst
## FINAL_RESULT, MAKE MORE PRETTY
FINAL_HTTP_CODE=httpstatus_code.txt
FINAL_PINGSWEEP=Live_hosts_pingsweep.txt
FINAL_SUBDOMAIN_REV_ALL=Subdomain_Resolver.txt
## USE SPESIFIC SOURCE
SOURCE=false
verbose=false
# PLUGINS DEFAULT VALUE FALSE
PLU="$(pwd)/plugin"
APP_HTTPROBE=${PLUGIN:-${PLU}/exec_httprobe}
APP_GOBUSTER=${PLUGIN:-${PLU}/exec_gobuster}
APP_PINGSWEEP=${PLUGIN:-${PLU}/exec_pingsweep}
APP_RESOLVER=${PLUGIN:-${PLU}/exec_resolver}
APP_TAKEOVER=${PLUGIN:-${PLU}/exec_takeover}
APP_HTTPSTATUS=${PLUGIN:-${PLU}/exec_httpstatus}
APP_NMAPTOP=${PLUGIN:-${PLU}/exec_nmaptop}
APP_DBPORT=${PLUGIN:-${PLU}/exec_dbport}
APP_EXTRACT_PARAMS=${PLUGIN:-${PLU}/exec_extract_params}
APP_WAPPALYZER=${PLUGIN:-${PLU}/exec_wappalyzer}
APP_HTTPX=${PLUGIN:-${PLU}/exec_httpx}
APP_DNSX=${PLUGIN:-${PLU}/exec_dnsx}
APP_WEBSOCKET=${PLUGIN:-${PLU}/exec_websocket}
APP_WEBANALYZE=${PLUGIN:-${PLU}/exec_webanalyze}
APP_CFCHECK=${PLUGIN:-${PLU}/exec_cfcheck}
APP_GOWITNESS=${PLUGIN:-${PLU}/exec_gowitness}
APP_WORDLISTS=${PLUGIN:-${PLU}/exec_wordlists}
APP_GRAPH=${PLUGIN:-${PLU}/exec_ngraph}
APP_AQUATONE=${PLUGIN:-${PLU}/exec_aquatone.sh}
# PlUGIN STATUS
PLUGIN_PING_SWEEP=false
PLUGIN_RESOLV_SD=false
PLUGIN_STATUS_CODE=false
PLUGIN_NMAP_PORTS=false
PLUGIN_TAKEOVER=false
PLUGIN_GOBUSTER=false
PLUGIN_HTTPROBE=true
PLUGIN_DB_PORT=false
PLUGIN_EXTRACT_PARAMS=false
PLUGIN_HTTPX=false
PLUGIN_DNSX=false
PLUGIN_WEBSOCKET=false
PLUGIN_WEBANALYZE=false
PLUGIN_CFCHECK=false
PLUGIN_GOWITNESS=false
PLUGIN_AQUATONE=false
PLUGIN_WORDLISTS=false
## TEMPLATE
REPORTS=0
TEMPLATE_REPORT="templates/report/"
CHART2=report/assets/app/js/dashboard.js
## WORDLIST_ALL_TOP
## You can change the wordlist, just replace file/path
_GOWORDLIST="$(pwd)/wordlist/All_SubdomainTOP_Seclist.txt"
## 3rd Package Depends Path Default Binary is 32 bit
PKG_HTTPROBE="lib/bin/httprobe"
PKG_HTTPX="lib/bin/httpx"
PKG_DNSX="lib/bin/dnsx"
PKG_GOBUSTER="lib/bin/gobuster"
PKG_WEBANALYZE="lib/bin/webanalyze"
PKG_CFCHECK="lib/bin/cf-check"
PKG_GOWITNESS="lib/bin/gowitness"
PKG_AQUATONE="lib/bin/aquatone"
PKG_UNFURL="lib/bin/unfurl"
PKG_SUBJACK="lib/bin/subjack"
# Lib Apps Identifider
LIB_APPS="lib/apps.json"
LIB_SJACK="lib/fingerprints.json"
## Binary Execution
_HTTPROBE=httprobe
_HTTPX=httpx
_DNSX=dnsx
_GOBUSTER=gobuster
_WEBANALYZE=webanalyze
_CFCHECK=cf-check
_GOWITNESS=gowitness
_UNFURL=unfurl
_SUBJACK=subjack
_AQUATONE=aquatone