-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathIterateThruKeywordsOnWWWTarget.sh
161 lines (141 loc) · 3.45 KB
/
IterateThruKeywordsOnWWWTarget.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
Populate the following in keywords.txt:
[root@XeninOSX]# cat keywords.txt
password
secret
api_key
ConsumerKey
ConsumerSecret
DB_USERNAME
HEROKU_API_KEY
HOMEBREW_GITHUB_API_TOKEN
JEKYLL_GITHUB_TOKEN
PT_TOKEN
SESSION_TOKEN
SF_USERNAME
SLACK_BOT_TOKEN
access-token
access_token
access_token_secret
accesstoken
admin
api-key
api_key
api_secret_key
api_token
auth_token
authkey
authorization
authorization_key
authorization_token
authtoken
aws_access_key_id
aws_secret_access_key
bearer
bot_access_token
bucket
client-secret
client_id
client_key
client_secret
clientsecret
consumer_key
consumer_secret
dbpasswd
email
encryption-key
encryption_key
encryptionkey
id_dsa
irc_pass
key
oauth_token
pass
password
private_key
private-key
privatekey
secret
secret-key
secret_key
secret_token
secretkey
secretkey
session_key
session_secret
slack_api_token
slack_secret_token
slack_token
ssh-key
ssh_key
sshkey
token
username
Create secFW.sh:
---------------
secFW.sh
#!/bin/bash
# Function to search keywords in the content of a given URL and log results
search_keywords_in_url() {
local keywords_file="keywords.txt"
local -a goldKW=() # Array to hold keywords
local domain="$1"
local url="https://$domain"
local tempfile=$(mktemp)
local js_dir="${domain}.data"
local js_file="${js_dir}/scripts.txt"
# ANSI colors via tput
local red=$(tput setaf 1)
local green=$(tput setaf 2)
local yellow=$(tput setaf 3)
local reset=$(tput sgr0)
# Check if keywords file exists
if [[ ! -f "$keywords_file" ]]; then
echo "${red}Keywords file ($keywords_file) not found!${reset}"
return 1
fi
# Ensure directory for .js files exists
mkdir -p "$js_dir"
> "$js_file" # Clear the JS file list before starting
# Fetch content from URL
curl -sL "$url" > "$tempfile"
# Extract .js files and save to scripts.txt
grep -oE '<script[^>]+src="([^"]+\.js)"' "$tempfile" | sed -E 's/.*src="([^"]+)".*/\1/' > "$js_file"
echo "JavaScript files from ${yellow}$url${reset} saved to ${yellow}$js_file${reset}"
# Read keywords into the array
while IFS= read -r line; do
goldKW+=("$line")
done < "$keywords_file"
echo "Searching in: ${yellow}$url${reset}"
> out.log # Clear the log file before writing
# Check each keyword in the fetched content
for kw in "${goldKW[@]}"; do
local count=$(grep -oic "$kw" "$tempfile")
if [ "$count" -ne "0" ]; then
echo "${green}Found keyword '${kw}' ${count} times in ${url}${reset}"
echo "Found keyword '${kw}' ${count} times in ${url}" >> out.log
fi
done
# Clean up
rm "$tempfile"
}
# Main execution path
if [[ $# -eq 0 ]]; then
echo "Usage: $0 <domain-name>"
exit 1
fi
search_keywords_in_url "$1"
----
chmod +x secFW.sh
/secFW.sh www.msn.com
JavaScript files from https://www.msn.com saved to www.msn.com.data/scripts.txt
Searching in: https://www.msn.com
Found keyword 'access_token' 1 times in https://www.msn.com
Found keyword 'accesstoken' 1 times in https://www.msn.com
Found keyword 'admin' 1 times in https://www.msn.com
Found keyword 'authorization' 1 times in https://www.msn.com
Found keyword 'authtoken' 1 times in https://www.msn.com
Found keyword 'bearer' 1 times in https://www.msn.com
Found keyword 'client_id' 1 times in https://www.msn.com
Found keyword 'key' 3 times in https://www.msn.com
Found keyword 'pass' 1 times in https://www.msn.com
Found keyword 'token' 1 times in https://www.msn.com