-
Notifications
You must be signed in to change notification settings - Fork 1
/
collector.cfg
111 lines (103 loc) · 5 KB
/
collector.cfg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
# Configuration file of collector script
# Colours
red="\e[31m"
green="\e[32m"
yellow="\e[33m"
reset="\e[0m"
# Letters
bold=$(tput bold)
normal=$(tput sgr0)
# Get date
date_recon=$(date +%Y%m%d)
# output dir
output_dir="${PWD}"
# List of directories
pentest_dir=""
web_tools_dir="${pentest_dir}/web"
wordlists_dir="${pentest_dir}/wordlists"
exploits_dir="${pentest_dir}/exploits"
# Parameters
# aquatone
aquatone_threads=5
# amass
# Determines the time in minutes of the execution of the amass our default is 5 minutes
amass_timeout_execution="5"
# curl
curl_agent="\"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36\""
curl_timeout="3"
curl_options=(-A "${curl_agent}" -k -s --max-time "${curl_timeout}" --connect-timeout "${curl_timeout}")
# dirsearch
dirsearch_threads=50
# filters
IPv4_regex='((25[0-5]|2[0-4][0-9]|[01][0-9][0-9]|[0-9]{1,2})[.]){3}(25[0-5]|2[0-4][0-9]|[01][0-9][0-9]|[0-9]{1,2})'
IPv6_regex='([0-9a-fA-F]{0,4}:){1,7}'
# gobuster
gobuster_threads=50
# katana
# Determines the time in minutes of the execution of the katana our default is 3 minutes
katana_timeout=180
katana_threads=50
# massdns
massdns_resolvers_file="${wordlists_dir}/resolvers.txt"
# nmap
nmap_default_options="-n --stats-every 3m --max-retries 1 --max-scan-delay 20 --max-rate 30 --defeat-rst-ratelimit -sS -Pn -p-"
nmap_furtive_options="-f --mtu 1400 -g53 -Ddecoy-ip1,decoy-ip2,your-own-ip,decoy-ip3,decoy-ip4"
# notify
notify_recon_channel="recon"
notify_files_channel="files"
notify_high_channel="high"
notify_critical_channel="critical"
# nuclei
nuclei_agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
# Trying to avoid anoying requests and not get block by VPS Provider, excluding some nuclei templates
nuclei_exclude_types="ssl"
nuclei_exclude_templates="network/detection/esmtp-detect.yaml,network/detection/smtp-detect.yaml,network/enumeration/smtp"
nuclei_fuzzing_templates_dir="${web_dir}/fuzzing-templates/"
nuclei_templates_dir="${exploits_dir}/nuclei-templates"
nuclei_threads=50
# web discovery
# controls the total number of processes running to search for files and directories
web_data_total_processes=10
# defining the extensions used for searches with dirsearch and gosbuter
web_extensions="7z,asp,asp~,aspx,aspx~,backup,bak,bkp,cache,cgi,conf,config,csv,db,html,htmlx,inc,jar,js,json,jsp,jsp~,lock,log,old,php,php~,py,py~,rar,rb,rb~,shtml,sql,sql~,sql.gz,sql.tar.gz,sql.zip,swp,swp~,tar,tar.bz2,tar.gz,txt,wadl,xml,zip"
web_get_status=(200 301 302 401 403 500)
web_port_short_detection=(80 443 8080 8443)
web_port_long_detection=(80 81 300 443 591 593 832 981 1010 1099 1311 2082 2083 2087 2095 2096 2480 3000 3128 3333 4243 4567 4711 4712 4993 5000 5001 5104 5108 5280 5281 5601 5800 6543 7000 7001 7002 7003 7004 7005 7006 7007 7008 7009 7010 7080 7230 7396 7443 7474 8000 8001 8002 8003 8004 8005 8006 8007 8008 8009 8010 8011 8012 8013 8014 8040 8041 8042 8043 8044 8045 8046 8047 8048 8049 8050 8051 8052 8053 8054 8056 8057 8058 8059 8060 8061 8062 8063 8064 8065 8066 8067 8068 8069 8070 8071 8072 8073 8074 8075 8076 8077 8078 8079 8080 8081 8082 8083 8084 8085 8086 8087 8088 8089 8090 8091 8095 8172 8118 8123 8172 8181 8222 8230 8243 8280 8281 8333 8337 8443 8500 8770 8771 8772 8773 8774 8775 8776 8777 8778 8779 8780 8834 8880 8888 8983 9000 9001 9002 9043 9060 9080 9090 9091 9200 9443 9502 9610 9800 9981 9999 10000 10250 11371 12443 11371 15672 16080 17778 18091 18092 20720 32000 55440 55672)
# List of wordlists to use in this script
web_wordlists=("${web_tools_dir}/dirsearch/db/dicc.txt")
dns_wordlists=()
# APIs to emails discovery
# https://app.snov.io/
hunterio_api=""
# APIs to subdomain discovery
binaryedge_api_url="https://api.binaryedge.io/v2"
binaryedge_api_key=""
builtwith_api_url="https://api.builtwith.com"
builtwith_api_key=""
censys_api_url="https://search.censys.io/api/v1"
censys_api_id=""
censys_api_secret=""
commoncrawl_url="http://index.commoncrawl.org/collinfo.json"
# Now dnsdb.info is paid product owned by domaintools.com
#dnsdb_api_url="https://api.dnsdb.info/lookup/rrset/name"
#dnsdb_api_key=""
dnsdumpster_url="https://dnsdumpster.com"
hackertarget_url="https://api.hackertarget.com/hostsearch/?q="
riskiq_api_url="https://api.passivetotal.org/v2/enrichment/subdomains"
riskiq_api_key=""
riskiq_api_secret=""
securitytrails_api_url="https://api.securitytrails.com/v1"
securitytrails_api_key=""
shodan_use="no"
shodan_apikey=""
shodan_scan_total=1
shodan_just_scan_main_domain="yes"
# Threatcrowd looks like does not work anymore
#threatcrowd_url="https://threatcrowd.org/searchApi/v2/domain/report/?domain="
threatminer_url="https://api.threatminer.org/v2/domain.php?q="
virustotal_api_url="https://www.virustotal.com/api/v3/domains"
virustotal_api_key=""
whoisxmlapi_subdomain_url="https://domains-subdomains-discovery.whoisxmlapi.com/api/v1"
whoisxmlapi_hdc_ns_url="https://reverse-dns.whoisxmlapi.com/api/v1"
whoisxmlapi_hdc_whois_url="https://reverse-whois.whoisxmlapi.com/api/v2"
whoisxmlapi_api_key=""