C99 Recon
client_name=""
if [ $user_name == ""]; then
echo -n "What's your name? "; read user_name
fi
if [ $domain_name == ""]; then
echo -n "what's the attacking domain (eg. example)? "; read domain_name
fi
#############################################################
webhook="[slackHook]"
key="[c99 API key]"
ips=$(cat < ip.txt)
domains=$(cat < domains.txt)
#############################################################
subdomainFinder() {
echo "Starting SubDomain finder on $domain_name...";echo
for i in $domain_name; do curl "https://api.c99.nl/subdomainfinder?key=$key&domain=$domain_name&json" |grep -o '"subdomain":"[^"]*' |cut -d '"' -f 4 |tee -a subdomains.txt;done
for i in $(cat < subdomains.txt); do curl "https://api.c99.nl/subdomainfinder?key=$key&domain=$domain_name&json" |tee -a jsonSubdomains;done
cat jsonSubdomains | grep -o '"ip":"[^"]*' |cut -d '"' -f 4 |grep -v none |tee -a discoveredIPs.txt
sort discoveredIPs.txt |uniq > ip.txt
}
ip2domain() {
echo "resolving ip to domains" ;echo
for i in $ips; do curl "https://api.c99.nl/ip2domains?key=$key&ip=$i&json" |tee -a ip2domains.txt;done
}
basicNMAP() {
echo "basic nmap" ;echo
for i in $ips; do curl "https://api.c99.nl/nmap?key=$key&host=$i&json" |tee -a basicNMAP.txt;done
}
domainHistory() {
echo "discovering domain history" ;echo
for i in $(cat subdomains.txt); do curl "https://api.c99.nl/domainhistory?key=$key&domain=$i&json" |tee -a domainHistory.txt;done
}
finishrecon(){
curl -X POST -H 'Content-type: application/json' --data '{"text":"finished c99 recon for '$user_name' on '$domain_name'.", "icon_emoji":"fire", "username":"c99 recon"}' $webhook
}
recon() {
subdomainFinder
ip2domain
basicNMAP
domainHistory
finishrecon
}
reconLast updated
Was this helpful?