BOOK THIS SPACE FOR AD
ARTICLE ADHola hackers, After receiving a request to write a separate blog on the automation and Slack alerting method I used to find an admin panel worth $500 in my previous blog, I decided to do so. In this blog, you will learn how to utilize tools, from project discovery to build your own automation for daily subdomain monitoring and find bugs with Slack alerting.
The flow of this write-up will be as follows:
We will write a small Python script utilizing subfinder to enumerate subdomainshttpx to filter out live domains.nuclei to find bugs in the subdomains using default nuclei templates.Slack webhooks to sent Slack alerts with the findings, and finally, a cronjob to trigger the script daily.Installation of Dependencies
As the script is going to use combination of different tools from Project Discovery, we will be first installing all the tools in our system/server.
To install subfinder, run below command in terminal
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latestTo install httpx, run below command in terminal
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latestTo install Nuclei, run below command in terminal
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latestSubdomain Enumeration With Subfinder
After installing all the dependencies, let’s start writing a simple Python script that will use subfinder to enumerate subdomains and save the results in a file. The script will take a top-level domain as input.
import osimport sys
target = sys.argv[1]
def subdomain_enumeration(target):
cmd1 = "subfinder -d "+target+" | tee -a "+target+".txt"
os.system(cmd1)
subdomain_enumeration(target)
The above code will append a list of subdomains to a file named target.txt (hackerone.com.txt in my case). I have used hackerone.com as the target domain.
Filter Live Domains Using httpx
After enumerating all the subdomains, our task is to filter the live subdomains. We will be using httpx for this. Let’s modify our script. After modification, the script will look like this:
import osimport sys
target = sys.argv[1]
def subdomain_enumeration(target):
cmd1 = "subfinder -d "+target+" | httpx | tee -a "+target+".txt"
os.system(cmd1)
subdomain_enumeration(target)
I have only added httpx in cmd1. The above code will append a list of live subdomains to a file named target.txt (hackerone.com.txt in my case).
Scan Subdomains Using Nuclei
Next, we will scan all the live subdomains using nuclei, and we will use community-curated nuclei templates. Make sure to clone the nuclei templates to your system/server. After adding a function to perform a scan on live domains using nuclei, the script will look like this:
import osimport sys
target = sys.argv[1]
template = '/Users/vijeta/automation/nuclei-templates/http/misconfiguration'
def subdomain_enumeration(target):
cmd1 = "subfinder -d "+target+" | httpx | tee -a "+target+".txt"
os.system(cmd1)
def nucleiScan(alive_subdomain,template):
cmd = "nuclei -l "+alive_subdomain+" -t "+template+" | tee -a "+target+"_output.txt"
os.system(cmd)
subdomain_enumeration(target)
alive_subdomain = target+".txt"
nucleiScan(alive_subdomain, template)
The function nucleiScan will take two variables: one is the list of subdomains, and the second is the template. I have used only one template to perform the scan, but you can use as many templates as you like. After running the script, all the findings will be saved to a file named target_output.txt (hackerone.com_output.txt in my case).
Slack Alerting With Findings
Now we have a list of findings in a file named final_result. Our next task is to send an alert to a Slack channel with the findings. To send a Slack alert, we will use webhooks. Make sure to create a webhook URL for your Slack workspace.
import osimport sys
from slack_sdk.webhook import WebhookClient
target = sys.argv[1]
template = '/Users/vijeta/automation/nuclei-templates/http/misconfiguration/http-missing-security-headers.yaml'
def subdomain_enumeration(target):
cmd1 = "subfinder -d "+target+" | httpx | tee -a "+target+".txt"
os.system(cmd1)
def nucleiScan(alive_subdomain,template):
cmd = "nuclei -l "+alive_subdomain+" -t "+template+" | tee -a "+target+"_output.txt"
os.system(cmd)
def notifyme(webhook_url,out_put):
out_put = out_put.replace('[36m','')
out_put = out_put.replace('[0m','')
out_put = out_put.replace('[92m','')
out_put = out_put.replace('[94m','')
out_put = out_put.replace('[96m','')
out_put = out_put.replace('[34m','')
out_put = out_put.replace('[1;92m',' ')
webhook = WebhookClient(webhook_url)
response = webhook.send(text="fallback",
blocks=[
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": " "
}
}
],
attachments=[
{
"title": out_put,
"color": "#ff3a00"
}
]
)
subdomain_enumeration(target)
alive_subdomain = target+".txt"
nucleiScan(alive_subdomain, template)
final_result = target+"_output.txt"
webhook_url = "slack_webhook_url"
out_put = open(final_result).readlines()
for issue in out_put:
notifyme(webhook_url,issue)
I have added a notifyme function to my script, which takes the file name and webhook URL as variables. By using a for loop to read the file with the findings and calling the notifyme function for each issue, we can send Slack alerts. You can also use the POST method in the Slack API if you don’t want to use the slack-sdk.
Scheduling Cronjob For Regular Scan
We will use a cronjob to schedule an automated scan that will run our script every 24 hours. To schedule a cronjob, run the following command in the terminal:
crontab -eAdd the following line to your crontab: 0 10 * * *. This specifies that your script will run at 10:00 AM every day.
0 10 * * * /opt/homebrew/bin/python3 /Users/vijeta/automation/auto.py hackerone.comMake sure to enter the full path to your script and the python3 binary. Use the command crontab -l to verify whether the cronjob has been added.
At last, I want to mention that you shouldn’t restrict yourself to the tools used in this write-up. There are many tools available to expand your attack surface. Treat this write-up as a starting point for your automation and feel free to add more tools.
Thanks for reading, hope you learned something new. Do clap and share if you like. Be fearless and Happy Hacking!
Twitter: 7he_unlucky_guy
Linkedin: Vijeta