C99 Recon

client_name=""
if [ $user_name == ""]; then
    echo -n "What's your name? "; read user_name
fi

if [ $domain_name == ""]; then 
    echo -n "what's the attacking domain (eg. example)? "; read domain_name
fi
#############################################################
webhook="[slackHook]"
key="[c99 API key]"
ips=$(cat < ip.txt)
domains=$(cat < domains.txt)
#############################################################

subdomainFinder() {
    echo "Starting SubDomain finder on $domain_name...";echo
    for i in $domain_name; do curl "https://api.c99.nl/subdomainfinder?key=$key&domain=$domain_name&json" |grep -o '"subdomain":"[^"]*' |cut -d '"' -f 4 |tee -a subdomains.txt;done
    for i in $(cat < subdomains.txt); do curl "https://api.c99.nl/subdomainfinder?key=$key&domain=$domain_name&json" |tee -a jsonSubdomains;done
    cat jsonSubdomains | grep -o '"ip":"[^"]*' |cut -d '"' -f 4 |grep -v none |tee -a discoveredIPs.txt
    sort discoveredIPs.txt |uniq > ip.txt
}

ip2domain() {
    echo "resolving ip to domains" ;echo
    for i in $ips; do curl "https://api.c99.nl/ip2domains?key=$key&ip=$i&json" |tee -a ip2domains.txt;done
}

basicNMAP() {
    echo "basic nmap" ;echo
    for i in $ips; do curl "https://api.c99.nl/nmap?key=$key&host=$i&json" |tee -a basicNMAP.txt;done
}

domainHistory() {
    echo "discovering domain history" ;echo
    for i in $(cat subdomains.txt); do curl "https://api.c99.nl/domainhistory?key=$key&domain=$i&json" |tee -a domainHistory.txt;done
}

finishrecon(){
    curl -X POST -H 'Content-type: application/json' --data '{"text":"finished c99 recon for '$user_name' on '$domain_name'.", "icon_emoji":"fire", "username":"c99 recon"}' $webhook
}

recon() {

        subdomainFinder
        ip2domain   
        basicNMAP
        domainHistory
        finishrecon
}
recon

PreviousReconnaissance NextDNS

Last updated 4 years ago

Was this helpful?

C99 Recon

client_name=""
if [ $user_name == ""]; then
    echo -n "What's your name? "; read user_name
fi

if [ $domain_name == ""]; then 
    echo -n "what's the attacking domain (eg. example)? "; read domain_name
fi
#############################################################
webhook="[slackHook]"
key="[c99 API key]"
ips=$(cat < ip.txt)
domains=$(cat < domains.txt)
#############################################################

subdomainFinder() {
    echo "Starting SubDomain finder on $domain_name...";echo
    for i in $domain_name; do curl "https://api.c99.nl/subdomainfinder?key=$key&domain=$domain_name&json" |grep -o '"subdomain":"[^"]*' |cut -d '"' -f 4 |tee -a subdomains.txt;done
    for i in $(cat < subdomains.txt); do curl "https://api.c99.nl/subdomainfinder?key=$key&domain=$domain_name&json" |tee -a jsonSubdomains;done
    cat jsonSubdomains | grep -o '"ip":"[^"]*' |cut -d '"' -f 4 |grep -v none |tee -a discoveredIPs.txt
    sort discoveredIPs.txt |uniq > ip.txt
}

ip2domain() {
    echo "resolving ip to domains" ;echo
    for i in $ips; do curl "https://api.c99.nl/ip2domains?key=$key&ip=$i&json" |tee -a ip2domains.txt;done
}

basicNMAP() {
    echo "basic nmap" ;echo
    for i in $ips; do curl "https://api.c99.nl/nmap?key=$key&host=$i&json" |tee -a basicNMAP.txt;done
}

domainHistory() {
    echo "discovering domain history" ;echo
    for i in $(cat subdomains.txt); do curl "https://api.c99.nl/domainhistory?key=$key&domain=$i&json" |tee -a domainHistory.txt;done
}

finishrecon(){
    curl -X POST -H 'Content-type: application/json' --data '{"text":"finished c99 recon for '$user_name' on '$domain_name'.", "icon_emoji":"fire", "username":"c99 recon"}' $webhook
}

recon() {

        subdomainFinder
        ip2domain   
        basicNMAP
        domainHistory
        finishrecon
}
recon

PreviousReconnaissance NextDNS

Last updated 4 years ago

Was this helpful?