fvcker-tool/fvcker.sh at master · sincevoid/fvcker-tool · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
#!/bin/sh

clear

printf "\e[1;32m \n\n"

echo "Installing resources..."
echo "Requesting permission..."

printf "\n"

sudo apt install httpx-toolkit
sudo apt install subfinder
sudo apt install assetfinder

go install -v github.com/PentestPad/subzy@latest
go install github.com/projectdiscovery/katana/cmd/katana@latest

sudo cp ~/go/bin/katana/bin/
sudo cp ~/go/bin/subzy/bin/

clear

sep="#===#===#===#===#===#===#===#===#===#===#===#===#===#===#===#===#===#===#===#===#"
clr="\n"

printf "\e[1;31m


      █████▒██▒   █▓ ▄████▄   ██ ▄█▀▓█████  ██▀███
    ▓██   ▒▓██░   █▒▒██▀ ▀█   ██▄█▒ ▓█   ▀ ▓██ ▒ ██▒
    ▒████ ░ ▓██  █▒░▒▓█    ▄ ▓███▄░ ▒███   ▓██ ░▄█ ▒
    ░▓█▒  ░  ▒██ █░░▒▓▓▄ ▄██▒▓██ █▄ ▒▓█  ▄ ▒██▀▀█▄
    ░▒█░      ▒▀█░  ▒ ▓███▀ ░▒██▒ █▄░▒████▒░██▓ ▒██▒
     ▒ ░      ░ ▐░  ░ ░▒ ▒  ░▒ ▒▒ ▓▒░░ ▒░ ░░ ▒▓ ░▒▓░
     ░        ░ ░░    ░  ▒   ░ ░▒ ▒░ ░ ░  ░  ░▒ ░ ▒░
     ░ ░        ░░  ░        ░ ░░ ░    ░     ░░   ░
                 ░  ░ ░      ░  ░      ░  ░   ░         v1.0.0
                ░   ░
"

echo $sep
echo $sep

printf "\n\e[1;0m"
echo "Hello $USER, Welcome to FVCKER."
echo "Tool developed to speed up large-scale pentests."
echo "We are not responsible for misuse or damage caused by the tool."
printf "\e[1;31m"

printf "\nTarget Name: (example: google): "

printf "\e[1;0m"
read -r nomedoalvo
printf "\e[1;31m"

printf "\nTarget URL: (example: google.com): "
printf "\e[1;0m"
read -r url;
printf "\e[1;31m"

echo $sep
echo $sep

mkdir "$nomedoalvo"
cd "$nomedoalvo" || exit

clear
echo $clr

printf "Finding Subdomains..."
subfinder -d "$url" -o subfinder.txt
assetfinder --subs-only "$url" | tee -a assetfinder.txt

clear

# Junta os resultados.
sort -u subfinder.txt subfinder.txt > domains.txt

printf "Filtering alive domains..."
httpx-toolkit -l domains.txt -o alive.txt

clear

printf "Looking for endpoints..."
katana -list alive.txt > endpoints.txt

clear

printf "Finding vulnerable subdomains..."
subzy run --targets alive.txt --hide_fails > subzy.txt

clear

printf "Finished!"
clear

printf "Do you want to see the subdomains? (y/n): "
read -r showSubzy;

clear

printf "Do you want to see the endpoints? (y/n): "
read -r showEndpoints;

clear

if [ "$showSubzy" = "y" ]; then
    printf "\e[1;0m"
    cat subzy.txt
    printf "\n"
fi

if [ "$showEndpoints" = "y" ]; then
    printf "\e[1;32m"
    cat endpoints.txt
    printf "\n"
fi

echo
echo
printf "\e[1;31m"

printf "Do you want to clear the results? (y/n): "
read -r delete;

if [ "$delete" = "y" ]; then
    clear
    cd ..
    rm -rf "$nomedoalvo"
fi