Merge pull request #755 from lwears/main

Added --auto to script

.github/workflows/codeql.yml

@@ -0,0 +1,65 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ 'main', 'dev' ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ 'main' ]
+  schedule:
+    - cron: '46 8 * * 3'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'javascript', 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
+        # Use only 'java' to analyze code written in Java, Kotlin or both
+        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
+        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+
+    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v2
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+
+    #   If the Autobuild fails above, remove it and uncomment the following three lines.
+    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
+
+    # - run: |
+    #     echo "Run, Build Application using script"
+    #     ./location_of_script_within_repo/buildscript.sh
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2
+      with:
+        category: "/language:${{matrix.language}}"

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2023 six2dez
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

assets/potential.json

@@ -0,0 +1,55 @@
+{
+    "flags" : "-HanrE",
+    "patterns" : [
+    "callback=",
+    "jsonp=",
+    "api_key=",
+    "api=",
+    "password=",
+    "email=",
+    "emailto=",
+    "token=",
+    "username=",
+    "csrf_token=",
+    "unsubscribe_token=",
+    "p=",
+    "q=",
+    "query=",
+    "search=",
+    "id=",
+    "item=",
+    "page_id=",
+    "secret=",
+    "url=",
+    "from_url=",
+    "load_url=",
+    "file_url=",
+    "page_url=",
+    "file_name=",
+    "page=",
+    "folder=",
+    "folder_urllogin_url=",
+    "img_url=",
+    "return_url=",
+    "return_to=",
+    "next=",
+    "redirect=",
+    "redirect_to=",
+    "logout=",
+    "checkout=",
+    "checkout_url=",
+    "goto=",
+    "next_page=",
+    "file=",
+    "load_file=",
+    "cmd=",
+    "ip=",
+    "ping=",
+    "lang=",
+    "edit=",
+    "LoginId=",
+    "size=",
+    "signature=",
+    "passinfo="
+    ]
+    }

install.sh

@@ -183,71 +183,77 @@ fi
 
 
 # Display menu and wait for user input
-while true; do
-    printf "${bblue} Choose one of the following options: ${reset}\n\n"
-
-    if $rftw_installed; then
-        printf "${bblue} 1. Install/Update ReconFTW (without Web Interface)${reset}\n\n"
-        printf "${bblue} 2. Install/Update ReconFTW + Install Web Interface${reset}\n\n"
-        printf "${bblue} 3. Setup Web Interface${reset} ${yellow}(User Interaction needed!)${reset}\n\n"
-        printf "${bblue} 4. Exit${reset}\n\n"
-        printf "${bgreen}#######################################################################${reset}\n\n"
-        read -p "$(echo -e ${bblue} "Insert option: "${reset})" option
-        printf "\n\n${bgreen}#######################################################################${reset}\n\n"
-
-        case $option in
-            1)
-                web=false
-                break
-                ;;
-            2)
-                web=true
-                break
-                ;;
-            3)
-                install_webserver
-                exit 1
-                ;;
-            4)
-                printf "${bblue} Exiting...${reset}\n\n"
-                exit 1
-                ;;
-            *)
-                printf "${bblue} Invalid option. Exiting...${reset}\n\n"
-                exit 1
-                ;;
-        esac
+display_menu(){
+    while true; do
+        printf "${bblue} Choose one of the following options: ${reset}\n\n"
+
+        if $rftw_installed; then
+            printf "${bblue} 1. Install/Update ReconFTW (without Web Interface)${reset}\n\n"
+            printf "${bblue} 2. Install/Update ReconFTW + Install Web Interface${reset}\n\n"
+            printf "${bblue} 3. Setup Web Interface${reset} ${yellow}(User Interaction needed!)${reset}\n\n"
+            printf "${bblue} 4. Exit${reset}\n\n"
+            printf "${bgreen}#######################################################################${reset}\n\n"
+            read -p "$(echo -e ${bblue} "Insert option: "${reset})" option
+            printf "\n\n${bgreen}#######################################################################${reset}\n\n"
+
+            case $option in
+                1)
+                    web=false
+                    break
+                    ;;
+                2)
+                    web=true
+                    break
+                    ;;
+                3)
+                    install_webserver
+                    exit 1
+                    ;;
+                4)
+                    printf "${bblue} Exiting...${reset}\n\n"
+                    exit 1
+                    ;;
+                *)
+                    printf "${bblue} Invalid option. Exiting...${reset}\n\n"
+                    exit 1
+                    ;;
+            esac
 
-    else
-        printf "${bblue} 1. Install/Update ReconFTW${reset}\n\n"
-        printf "${bblue} 2. Install/Update ReconFTW + Install Web Interface${reset} ${yellow}(User Interaction needed!)${reset}\n\n"
-        printf "${bred} 3. Can't setup Web Interface without ReconFTW${reset}\n\n"
-        printf "${bblue} 4. Exit${reset}\n\n"
-        printf "${bgreen}#######################################################################${reset}\n\n"
-        read -p "$(echo -e ${bblue} "Insert option: "${reset})" option
-        printf "\n${bgreen}#######################################################################${reset}\n\n"
-
-        case $option in
-            1)
-                web=false
-                break
-                ;;
-            2)
-                web=true
-                break
-                ;;
-            4)
-                printf "${bblue} Exiting...${reset}\n\n"
-                exit 1
-                ;;
-            *)
-                printf "${bblue} Invalid option. Exiting...${reset}\n\n"
-                exit 1
-                ;;
-        esac
-    fi    
-done
+        else
+            printf "${bblue} 1. Install/Update ReconFTW${reset}\n\n"
+            printf "${bblue} 2. Install/Update ReconFTW + Install Web Interface${reset} ${yellow}(User Interaction needed!)${reset}\n\n"
+            printf "${bred} 3. Can't setup Web Interface without ReconFTW${reset}\n\n"
+            printf "${bblue} 4. Exit${reset}\n\n"
+            printf "${bgreen}#######################################################################${reset}\n\n"
+            read -p "$(echo -e ${bblue} "Insert option: "${reset})" option
+            printf "\n${bgreen}#######################################################################${reset}\n\n"
+
+            case $option in
+                1)
+                    web=false
+                    break
+                    ;;
+                2)
+                    web=true
+                    break
+                    ;;
+                4)
+                    printf "${bblue} Exiting...${reset}\n\n"
+                    exit 1
+                    ;;
+                *)
+                    printf "${bblue} Invalid option. Exiting...${reset}\n\n"
+                    exit 1
+                    ;;
+            esac
+        fi    
+    done
+}
 
+if [ "$1" != '--auto' ]; then
+    echo "$1"
+    display_menu
+fi
 
 printf "${yellow} This may take time. So, go grab a coffee! ${reset}\n\n"
 
@@ -339,7 +345,7 @@ fi
 
 # Installing latest Golang version
 version=$(curl -L -s https://golang.org/VERSION?m=text | head -1)
-[[ $version = g* ]] || version="go1.20.3"
+[[ $version = g* ]] || version="go1.20.7"
 
 printf "${bblue} Running: Installing/Updating Golang ${reset}\n\n"
 if [ "$install_golang" = "true" ]; then
@@ -523,7 +529,7 @@ printf "${bblue}\n Running: Downloading required files ${reset}\n\n"
 ## Downloads
 [ ! -f ~/.config/amass/config.ini ] && wget -q -O ~/.config/amass/config.ini https://raw.githubusercontent.com/owasp-amass/amass/master/examples/config.ini
 [ ! -f ~/.config/notify/provider-config.yaml ] && wget -q -O ~/.config/notify/provider-config.yaml https://gist.githubusercontent.com/six2dez/23a996bca189a11e88251367e6583053/raw
-wget -q -O - https://raw.githubusercontent.com/devanshbatham/ParamSpider/master/gf_profiles/potential.json > ~/.gf/potential.json
+#wget -q -O - https://raw.githubusercontent.com/devanshbatham/ParamSpider/master/gf_profiles/potential.json > ~/.gf/potential.json - Removed 
 wget -q -O - https://raw.githubusercontent.com/m4ll0k/Bug-Bounty-Toolz/master/getjswords.py > ${tools}/getjswords.py
 wget -q -O - https://raw.githubusercontent.com/n0kovo/n0kovo_subdomains/main/n0kovo_subdomains_huge.txt > ${subs_wordlist_big}
 wget -q -O - https://raw.githubusercontent.com/six2dez/resolvers_reconftw/main/resolvers_trusted.txt > ${resolvers_trusted}
@@ -538,6 +544,7 @@ wget -q -O - https://gist.githubusercontent.com/six2dez/6e2d9f4932fd38d84610eb85
 wget -q -O - https://raw.githubusercontent.com/NagliNagli/BountyTricks/main/ssrf.yaml > ~/nuclei-templates/extra_templates/ssrf.yaml
 wget -q -O - https://raw.githubusercontent.com/NagliNagli/BountyTricks/main/sap-redirect.yaml > ~/nuclei-templates/extra_templates/sap-redirect.yaml
 eval $SUDO chmod +x $tools/axiom_config.sh
+eval $SUDO mv ./assets/potential.json ~/.gf/potential.json
 
 ## Last check
 if [ "$double_check" = "true" ]; then