EchoPwn

This is a recon tool which allows you to discover the subdomains used by a target web application on both client and server side. Afterwards, it runs dirsearch on the resulted text file. It can also scan for open ports using NMAP and finds hidden parameters on every live Host.

Usage

./EchoPwn.sh domain.com                 	      //For Default Scan
./EchoPwn.sh domain.com -nmap            	      //To run nmap on your results
./EchoPwn.sh domain.com -arjun   		      //To run arjun on your results
./EchoPwn.sh domain.com -photon          	      //To run photon on each subdomain
./EchoPwn.sh domain.com -knock                	      //To bruteforce subdomain using knockpy
./EchoPwn.sh domain.com -nmap -arjun -photon -kncok   //For Full Scan

Output will be saved in EchoPwn/domain.com/ directory

Workflow:

install.sh makes environment to run EchoPwn.sh EchoPwn.sh creates a directory EchoPwn/domain_name in current working directory.

Subdomain Enumeration
- Sublist3r
- crt.sh
- amass
- subfinder
- assetfinder
- aquatone-discover
- findomain
- github-subdomains
- custom bruteforcer with subdomains.txt as input file.
- Optional: knockpy
Checking for live subdomains
- httprobe
Screenshots
- aquatone
Directory Bruteforce
- dirsearch
Optional
- -nmap Probe open ports to determine service/version info
- -arjun Scans for hidden parameters on live hosts
- -photon Crawls all live hosts [takes time and creates lots of files]
- -knock Bruteforce subdomains [takes time and saves output in current working directory (in json format)]
Slack Notification
- WebHook URL placed in tokens.txt will be used to notify the user once the script has finished running.

Final list of subdomains will be present in EchoPwn/domain_name directory. Outputs corresponding to the tools will also be present in the same directory.

Installation and Requirements:

Only for MacOS and Linux

Prerequisites

Then run:

./install.sh

Some Tools require manual downloading of pre-built binaries (or build them yourself):

Download (or build) and place these binaries in the EchoPwn directory.

Apart from the tokens required by individual tools, this script requires 4 additional values:

FaceBook Token
Github Token
Spyse Token
VirusTotal Token
Slack WebHook URL

Place these values in tokens.txt before running EchoPwn.sh

NOTE

If you face Import error (Queue) while running altdns, you have to manually change main.py file mentioned in the error. Do the following change Before: Import Queue from Queue as Queue After: Import queue from Queue as Queue
To set GOPATH, use the following command: export $GOPATH=~/go/bin

Coming Soon

Gitrob & more...

Suggestions are welcomed. Mail us at: [email protected]

Thanks

This script uses tools which are developed by the following people

OWASP, ProjectDiscovery, Tom Hudson, Michael Henriksen, Gwendal Le Coguic, Eduard Tolosa, B. Blechschmidt, ProjectAnte, Somdev Sangwan, Mauro Soria, Gianni Amato, Ahmed Aboul-Ela

rajaneeshs / echopwn Goto Github PK

echopwn's Introduction

EchoPwn

This is a recon tool which allows you to discover the subdomains used by a target web application on both client and server side. Afterwards, it runs dirsearch on the resulted text file. It can also scan for open ports using NMAP and finds hidden parameters on every live Host.

Usage

Workflow:

Installation and Requirements:

Only for MacOS and Linux

Prerequisites

Coming Soon

Thanks

This script uses tools which are developed by the following people

echopwn's People

Contributors

Stargazers

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent