nahamsec / bbht Goto Github PK
View Code? Open in Web Editor NEWA script to set up a quick Ubuntu 17.10 x64 box with tools I use.
A script to set up a quick Ubuntu 17.10 x64 box with tools I use.
what does this mean - One last time: don't forget to set up AWS credentials in ~/.aws/!
the folder is not located in root..
stuck at massdns step. ran it for more than 20 hours still the same.
it had a issue before where after complete scan when you open master report.html you see no urls in that report.
like the urls which shows you directory search results. these it just shows blank.
my pc is a beast and i have tired doing it in vbox,vmware, kali subsytem, ubuntu subsystem, and now finally tried 10 times in kali dual boot in seperate ssd.
please help and fix this. the script is really nice to automate when i sleep.
hi,
just tried the install script on kali or ubuntu, and got this error
install.sh 35: install.sh syntax error: "(" unexpected (expecting "fi")
hope it ll help
thxx for the great work
Hi there
I modified this script to work for ZSH
https://github.com/NetanMangal/bbht
When i run it on kali linux, everything works fine as far as the script goes.
But when I do ls -lah
in ~/tools
folder, it shows only 3 tools installed...
However it works perfect on Ubuntu
What are the other changes that I need to do to make it run on ZSH kali
Line 82 in b3fca3a
This script is very specific to Ubuntu and potentially even a specific Ubuntu version.
This is in part due to snapd
being used but also relying on apt
as packet manager.
To make this more portable adding a containerized version can go a long way.
Instead of having to adjust the script, the packet manager and tweak the settings, just running it in a container can be significantly easier.
I am currently using kali in vmware. never faced this problem before but today when i install bbht i am getting error while using dirsearch.
xray is an excellent security assessment tool. It supports lots of web vulnerability detection and very fast.
Check it in https://github.com/chaitin/xray
sudo apt-get -y upgrade
That wasn't funny at all...
Installed the scriptfile on a fresh Debuan VPS,(not running Kali)
Box on Vultr
Linux vultr.guest 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5 (2019-06-19) x86_64 GNU/Linux
Getting this.
Listing subdomains using sublister...
Checking certspotter...
Checking http://crt.sh
Starting Massdns Subdomain discovery this may take a while
Massdns finished...
Started dns records check...
Looking into CNAME Records...
Starting discovery...
Probing for live hosts...
./lazyrecon.sh: line 74: httprobe: command not found
cat: ./greenpilled.com/recon-2019-07-30/urllist.txt: No such file or directory
Total of 1 live subdomains were found
Taking screenshots...
[+] 0 URLs to be screenshot
[+] 0 actual URLs screenshot
[+] 0 error(s)
Scraping wayback for data...
./lazyrecon.sh: line 49: waybackurls: command not found
./lazyrecon.sh: line 50: unfurl: command not found
Starting dirsearch..
Traceback (most recent call last):
File "/usr/local/bin/interlace", line 11, in
load_entry_point('Interlace==1.5.3', 'console_scripts', 'interlace')()
File "/usr/local/lib/python3.7/dist-packages/Interlace-1.5.3-py3.7.egg/Interlace/interlace.py", line 24, in main
File "/usr/local/lib/python3.7/dist-packages/Interlace-1.5.3-py3.7.egg/Interlace/interlace.py", line 10, in build_queue
File "/usr/local/lib/python3.7/dist-packages/Interlace-1.5.3-py3.7.egg/Interlace/lib/core/input.py", line 199, in process_commands
Exception: No target provided, or empty target list
Scan for xxx.com finished successfully
Scan completed in : 3 minutes and 13 seconds.
Not fully working, no screenshots for instance
Why making bash_profile function when make script on /usr/local/bin is more linux standard?? if you want i can make a pull request.
And 2nd, before hitting me lol i dont try to run lazyrecon, but it is odd to see on this bash_profile you make a cd to /tools/sqlmap or /tools/dirsearch when your install directory is ~/tools so wtf ??
and i can make a pull request to check if tools are already installed and making a symlink to ~/tools directory.
I dont hope answer because i saw the past issue/pull request lol but for those who are interested say it and i will fork this repo and make appropriate change. HF and thanks for this script man
echo "installing bash_profile aliases from recon_profile"
git clone https://github.com/nahamsec/recon_profile.git
cd recon_profile
cat bash_profile >> ~/.bash_profile <<<<< shouldnt this be cat .bash_profile >> ~/.bash_profile?
source ~/.bash_profile
cd ~/tools/
echo "done"
is there any alternative tool?
I had to load a very old snapshot amd reinstall almost everything, one thing is this, but the big problem is, when I install bbht at one point it says that I don't have go installed (even if I install go beforehand) and at one point theres a promo with something about grup and when I restart I just get a blackscreen
Lines 22 to 24 in 40d7253
In the repo https://github.com/nahamsec/recon_profile there is no file called bash_profile. The file is named .bash_profile.
Fix: change cat bash_profile >> ~/.bash_profile
to cat .bash_profile >> ~/.bash_profile
thanks, explane in readme, i dont understand
Dear Sir,
Current version does not install gf, gau, waybackurls Ubuntu Or Kali Linux. It does not show installation path to add API, or other keys for censys, shodan based scripts or tools.
Second thing, please make it world no.01 web bug hunting installer by adding these top notch bug hunting tools.
Subdomains enumeration:
Amass
Assetfinder
Crobat
Findomain
Github-subdomains
Subfinder
Sudomy
subdomainizer
sublister
findomain
Subdomain Takeover:
Subover
Autosubtakeover
Tko-subs
Subjack
Cloud Workflow: AWS_Recon
festin
lazys3
s3brute
flumberboozle
slurp
DNS resolver
dnsx
MassDNS
PureDNS
ShuffleDNS
DNSvalidator
Visual Inspection - Screenshots
Aquatone
Gowitness
httpscreenshot
HTTP probe
httprobe
httpx
Web crawler / Content Discovery
Gospider
Hakrawler
ParamSpider
gau
waybackurls
paramspider
GF
GF_Pattern
Photon
Network scanner
Rustscan
Masscan
Naabu
Nmap
Brutespray
HTTP Parameter
Arjun
x8 *
Fuzzing tools
Ffuf
Gobuster
Wfuzz
Gobuster
Dirsearch
Dirb
LFI/RFI tools
LFISuite
Fimap
XPR1M3 / sqli-lfi-xss-rce-dorker-and-auto-exploiter-Python
https://github.com/XPR1M3/sqli-lfi-xss-rce-dorker-and-auto-exploiter-Python-.git
Spring4Shell:
redhuntlabs / Hunt4Spring | https://github.com/redhuntlabs/Hunt4Spring.git
Log4j:
log4jscan for Linux | https://github.com/intezer/log4jscan.git
SSRF tools
SSRFmap
Gopherus
Interactsh
SSTI tools
tplmap *
API hacking tools
Kiterunner + API routes
Wordlists
SecLists
Vulns - XSS
Dalfox
Bxss
XSpear
kxss
XSStrike
Gxss
FinDOM-XSS
X5S
Xenotix XSS Exploit Framework
Vulns - SQL Injection
SQLbit
BSQL hacker
SQLMap
SQLninja
Safe3 SQL injector
SQLSus
Mole
NoSQLMap
SQLmate
ATLAS (WAF Bypass Suggester for SQLmap)
SQLiScanner
AutoSQLi
Bypass-WAF-SQLMAP
KhetaguriDimitri/SQL-Injection
Agressiv1njector/psqli-pro
AngelSecurityTeam/SQLiDumper-AngelSecurityTeam
JohnTroony/Blisqy
quadcoreside/QuadCore-Web-SQLi-Injecter-DB-Dumper
enjoiz/BSQLinjector
lanmaster53/sqli-exploiter
Sqliv
Havij
BBQSQL
Leviathan
WhiteWidow
jSQL Injection
CMS Scanner
WPscan
droopescan
AEM-Hacker
Drupwn
Wig
Vulns - Scanner
Jaeles
Nikto **
Nuclei
JavaScript hunting
LinkFinder
SecretFinder
subjs
GetJS
Find_Web_Technologies
Wappalyzer CLI
Git Hunting / GIT Enum Tools:
GitDorker *
gitGraber *
GitHacker *
GitTools *
Githound
Trufflehog
Gitscanner
Sensitive Stuff Finding
DumpsterDiver *
EarlyBird *
Ripgrep
Useful tools
anew
anti-burl
getallurls
gron
Interlace
jq *
qsreplace
Tmux
unfurl
Uro *
Web Exploitation Frameworks:
Sn1per
Vajra
Jok3r v3 beta
osmedeus
cobra
Arachni
TIDoS Framework
sudomy
Grabber
Vega
Zed Attack Proxy
Wapiti
W3af
WebScarab
Skipfish
Ratproxy
Wfuzz
Grendel-Scan
Watcher
JS Enumeration Tools:
jsscanner
jsparser
linkfinder
Fingerprint & CVE Tools:
nuclei
webtech
waf
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.