A collection of Bash and Python scripts to automate the reconnaissance phase in web application security testing. This toolkit covers subdomain enumeration, port scanning, HTTP probing, directory bruteforcing, vulnerability scanning, JavaScript file analysis, endpoint discovery, and subdomain takeover checks — all in one streamlined workflow.

• Features
• Prerequisites
• Installation
• Usage
  • 1. Installation Script
  • 2. Running Automated Recon
• Project Structure
• Detailed Scripts Overview
  • install_tools.sh
  • auto_recon.sh
  • Sub-Scripts
• License

• Operating System: Linux-based OS (Kali, Parrot, Ubuntu, etc.)
• Go Language: Required to install some tools like assetfinder, httprobe, etc.
• Python 3.x: Used by some scripts and for the JS Analyzer.
• Wordlists: This toolkit references SecLists paths. Adjust paths to your environment as needed.

1. Clone the Repository

   git clone https://github.com/kdairatchi/bashauto.git
   cd bashauto

2. Make the Installation Script Executable

   chmod +x install_tools.sh

3. Run the Installation Script

   ./install_tools.sh

   This installs all necessary packages and reconnaissance tools. Adjust if you’re using a different distro or package manager.

A comprehensive collection of Bash and Python scripts designed to automate the reconnaissance phase in web application security testing. This toolkit encompasses subdomain enumeration, port scanning, HTTP probing, directory bruteforcing, vulnerability scanning, JavaScript file analysis, endpoint discovery, subdomain takeover checks, origin IP discovery, and automated reporting — all integrated into a streamlined workflow.

• Features
• Prerequisites
• Installation
• Usage
  • 1. Installation Script
  • 2. Running Automated Recon
• Project Structure
• Detailed Scripts Overview
  • install_tools.sh
  • multitool.sh
  • Sub-Scripts
• License

1. Tool Installation: Automatically installs all the required tools (Sublist3r, Assetfinder, Amass, Subfinder, httprobe, Gowitness, Nmap, etc.) on supported Linux systems.
2. Subdomain Enumeration: Utilizes multiple tools (Sublist3r, Assetfinder, Amass, Subfinder) to consolidate results into a comprehensive subdomain list.
3. Port Scanning: Performs quick scans of common web ports using Nmap.
4. HTTP Probing & Screenshotting: Identifies live subdomains and captures screenshots for visual inspection.
5. Directory & File Bruteforcing: Discovers hidden directories/files using dirsearch and curated wordlists from SecLists.
6. Vulnerability Scanning: Conducts checks with Nuclei for known CVEs and misconfigurations.
7. JavaScript File Collection & Analysis: Collects and analyzes JavaScript files for potential credentials, API keys, or secrets.
8. Endpoint Discovery: Employs WaybackURLs and gau to gather archived endpoints and parameters.
9. Subdomain Takeover Detection: Checks unclaimed subdomains with Subjack to detect takeover possibilities.
10. Origin IP Discovery: Identifies the origin IP addresses of web applications, bypassing CDNs.
11. Automated Reporting: Generates structured HTML reports with integrated screenshots and sends notifications via Slack, Telegram, and Discord.
12. Continuous Recon Mode: Allows for automated scans at specified intervals to ensure up-to-date reconnaissance.

• Operating System: Linux-based OS (Kali, Parrot, Ubuntu, etc.)
• Go Language: Required to install some tools like assetfinder, httprobe, etc.
• Python 3.x: Used by some scripts and for the JS Analyzer.
• Wordlists: This toolkit references SecLists paths. Adjust paths to your environment as needed.

1. Make All Recon Scripts Executable

   chmod +x multitool.sh \
            subdomain_enum.sh \
            port_scan.sh \
            http_probe.sh \
            dir_bruteforce.sh \
            vuln_scan.sh \
            js_collection.sh \
            endpoint_discovery.sh \
            subdomain_takeover.sh \
            originip.sh

2. Launch Automated Recon

   ./multitool.sh <target-domain>

   For example:

   ./multitool.sh example.com

3. Check Results

   • All data is stored in the results_<target-domain> directory.
   • Review subdomain lists, Nmap scans, screenshots, JS analysis, directory brute-forcing reports, etc.

automated-web-recon/
├── install_tools.sh           # Installs all required tools
├── multitool.sh               # Master script to run the entire workflow
├── subdomain_enum.sh          # Subdomain enumeration
├── port_scan.sh               # Port scanning
├── http_probe.sh              # HTTP probing & screenshotting
├── dir_bruteforce.sh          # Directory & file brute-forcing
├── vuln_scan.sh               # Vulnerability scanning
├── js_collection.sh           # Collect JS files
├── endpoint_discovery.sh      # Discover endpoints from archived URLs
├── subdomain_takeover.sh      # Check for subdomain takeover
├── originip.sh                # Discover origin IP addresses
├── js_analyzer.py             # Python script to scan JS files for secrets
└── README.md                  # This README

A one-stop installation script that sets up all the required tools (Sublist3r, Assetfinder, Amass, Subfinder, httprobe, Gowitness, dirsearch, ffuf, nikto, nuclei, getJS, waybackurls, gau, qsreplace, subjack, etc.).

• Run:

  ./install_tools.sh

The master script that chains all individual scripts in the correct order:

1. Subdomain Enumeration
2. Port Scanning
3. HTTP Probing & Screenshotting
4. Directory Brute