osint/quick_recon/quick_recon.py

#!/usr/bin/env python3
# A script to perform a quick OSINT recon for a given domains
# This is an example and work in progress

import os , sys , time , requests , random
from googlesearch import search
from termcolor import colored, cprint
from http import cookiejar
from urllib.parse import urlparse
from plugins import pasting

Subdomains = []

def SubdomainFilter(URL):
    Parsed = urlparse(URL); Scheme = Parsed.scheme; Host = Parsed.netloc; URL = Scheme + "://" + Host + "/"
    if URL not in Subdomains:
        print(URL); Subdomains.append(URL)

if os.path.exists("alpha.txt"):
  print("")
  Qupdate = requests.get('https://raw.githubusercontent.com/The-Art-of-Hacking/h4cker/osint/quick_recon/qrecon_update.txt') #Quantom
  Qupdate.status_code
  if Qupdate.status_code == 200:
   print(colored ('Cheking Update...' ,'white'))
   print(colored(Qupdate.text , 'green'))
   time.sleep(3) #
  elif Qupdate.status_code == 404:
   print(colored ('Cheking Update...' ,'white'))
   print(colored ('Update Available ' ,'red'))
   print(colored ('See https://github.com/The-Art-of-Hacking/h4cker/tree/master/osint' ,'red'))
   print(colored ('Resuming...' ,'red'))
   print("")
  time.sleep(3) #

  f = open('alpha.txt', 'r')
  alpha = f.read()
  print(colored (alpha,'yellow'))


else:
  print("")
  print(colored ('Please Run the quick_recon Script in the Main Directory' ,'red'))
  print(colored ('First: cd quick_recon ' ,'red'))
  print(colored ('Then : python3 quick_recon.py' ,'red'))
  print(colored ('Exiting...' ,'red'))
  time.sleep(5)
  exit()

banner1 = """
Quick OSINT Recon of a given domain
̿з=(◕_◕)=ε
                              """
print (banner1)

#--------------------------------------------------------------------------------#
class BlockAll(cookiejar.CookiePolicy):
    return_ok = set_ok = domain_return_ok = path_return_ok = lambda self, *args, **kwargs: False
    netscape = True
    rfc2965 = hide_cookie2 = False
TLD = ["com","com.tw","co.in"]
beta  = random.choice(TLD)
s = requests.Session()
s.cookies.set_policy(BlockAll())

#--------------------------------------------------------------------------------#

key  = input (colored('[+] Set Target (site.com) : ', 'white' ))#Key
file = open("quick_recon.config", "w")
file.write(key)
file.close()
#V2
#V2
print("")
print(colored ('[>] Looking For Subdomains...' ,'green'))
query = "site:" + key + " -www." + key                            #SubTech1
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
    SubdomainFilter(URL=gamma)
query = "site:*." + key                                           #SubTech2
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
    SubdomainFilter(URL=gamma)
print("")

if os.path.exists(".google-cookie"):
 os.remove(".google-cookie")

print(colored ('[>] Looking For Sub-Subdomains...' ,'green'))
query = "site:*.*." + key
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
    SubdomainFilter(URL=gamma)
print("")

if os.path.exists(".google-cookie"):
 os.remove(".google-cookie")


print(colored ('[>] Looking For Login/Signup Pages...' ,'green'))
query = "inurl:login site:" + key                                        #LogTech1
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
    print("" + gamma)
query = "site:" + key + " inurl:signup | inurl:register | intitle:Signup" #LogTech2
for gamma in search(query, tld=beta, num=30 , stop=60 , pause=2):
    print("" + gamma)
print ("")
if os.path.exists(".google-cookie"):
 os.remove(".google-cookie")

# Sleeping for 60s to Avoid Google Block
print(colored ('[!] 20s Sleep to avoid Google Block' ,'yellow'))
time.sleep(21) # ; )
print(colored ('[!] Switching Google TLDs...' ,'yellow'))
TLD = ["co.ma","dz","ru","ca"]
zolo  = random.choice(TLD)
print("")
#ok

print(colored ('[>] Looking For Directory Listing...' ,'green')) #DirListing
query = "site:" + key + " intitle:index of"
for gamma in search(query, tld=zolo, num=10 , stop=60 , pause=2):
    print("" + gamma)
print ("")
if os.path.exists(".google-cookie"):
 os.remove(".google-cookie")

print(colored ('[>] Looking For Public Exposed Documents...' ,'green')) #Docs
query = "site:" + key + " ext:doc | ext:docx | ext:odt | ext:pdf | ext:rtf | ext:sxw | ext:psw | ext:ppt | ext:pptx | ext:pps | ext:csv"
for gamma in search(query, tld=zolo, num=30 , stop=60 , pause=2):
    print("" + gamma)
print ("")
if os.path.exists(".google-cookie"):
 os.remove(".google-cookie")


print(colored ('[>] Looking For WordPress Entries...' ,'green')) #WP
query = "site:" + key + " inurl:wp- | inurl:wp-content | inurl:plugins | inurl:uploads | inurl:themes | inurl:download"
for gamma in search(query, tld=zolo, num=30 , stop=60 , pause=2):
    print("" + gamma)
print ("")
if os.path.exists(".google-cookie"):
 os.remove(".google-cookie")