A script which utilizes Discord as front-end to help with Recon Stuff
It will scan the target at regular intervals and message the user if
- any new domain is found => New Domain = More attack vectors
- a older domain becomes vulnerable for subdomain takeover
This bot should be run on a VPS(or either you are among the ones whose system runs 24/7)
Run the script and leave it running in background.Once the script runs it will send a message to you through discord to check whether everything is set up correctly.
You can message the bot commands by replying to the bot.
- Clone the repo.
- Head over to Discord Developer and create a new application.
- Go to Bot menu and click add bot.
- Allow both Privileged Gateway Intents.
- Copy the TOKEN and store it, this would be your DISCORD_TOKEN.
- Go to Oauth2 tab, copy the Client ID and complete this url https://discord.com/api/oauth2/authorize?client_id=PASTE_YOUR_CLIENTID_HERE&permissions=2048&scope=bot
- Make your own discord server and then visit the above URL to bring bot in the server.
- Open Discord app and allow developer mode in your account.
- Right click on your server icon and Copy ID which would be the GUILD ID, similarly right click on your avatar and copy your User ID(named ME in .env file).
- Create a file named .env inside the cloned directory with entries as
DISCORD_TOKEN="NzY4NzcwMTk2MTgxMDkwMzM***************************"
GUILD="73449262195041****"
ME="65595694492*****"
DELAY="16"
Here Delay is the number of hours after which the scan would take place.You can modify to fit it according to your needs.
Install all python dependencies
pip3 install -r requirements.txt
Currently, there are only 4 commands for the bot,
Track add domain DOMAIN_NAME
Ex: Track add domain twitter.com
Track add command COMMAND_NAME
Ex: Track add command amass enum -d
Track rm domain DOMAIN_NAME
Ex: Track rm domain twitter.com
Track rm command COMMAND_NAME
Ex: Track rm command amass enum -d
You can add more than 1 subdomain enumeration tool's command(as far as that tool is installed on the system and set up correctly).
All the command and domains are fetched from REPO_DIRECTORY/tmp/domains_list and REPO_DIRECTORY/tmp/commands_list which can be cross checked and edited manually.
The Bot script will run each command given in ~/tmp/commands_list at regular specified intervals with all the domains specified in ~/tmp/domains_list to check for new subdomains under the specified domain and alerts through a message of any new subdomain found.
It also runs subjack at every 12 hours to check if any present subdomain becomes vulnerable to subdomain takeover and alerts accordingly.
If you found any error while running the script do let me know through raising an issue on github, I'll try to help as much as I can.
Do let me know if aything else that can be added.
- Do check that subjack is correctly installed and GO directory is present in the PATH variable.