reconscan v1

binderlabs · May 9, 2022 · 2d75ddb · 2d75ddb
commit 2d75ddb
Show file tree

Hide file tree

Showing 199 changed files with 834,188 additions and 0 deletions.
diff --git a/.DS_Store b/.DS_Store
diff --git a/.editorconfig b/.editorconfig
@@ -0,0 +1,18 @@
+root = true
+
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+indent_style = space
+indent_size = 4
+trim_trailing_whitespace = true
+
+[*.md]
+trim_trailing_whitespace = false
+
+[*.{yml,yaml}]
+indent_size = 2
+
+[docker-compose.yml]
+indent_size = 4
diff --git a/.env.example b/.env.example
@@ -0,0 +1,52 @@
+APP_NAME=Laravel
+APP_ENV=local
+APP_KEY=
+APP_DEBUG=true
+APP_URL=http://localhost
+
+LOG_CHANNEL=stack
+LOG_DEPRECATIONS_CHANNEL=null
+LOG_LEVEL=debug
+
+DB_CONNECTION=mysql
+DB_HOST=127.0.0.1
+DB_PORT=3306
+DB_DATABASE=reconscan
+DB_USERNAME=root
+DB_PASSWORD=
+
+BROADCAST_DRIVER=log
+CACHE_DRIVER=file
+FILESYSTEM_DRIVER=local
+QUEUE_CONNECTION=sync
+SESSION_DRIVER=file
+SESSION_LIFETIME=120
+
+MEMCACHED_HOST=127.0.0.1
+
+REDIS_HOST=127.0.0.1
+REDIS_PASSWORD=null
+REDIS_PORT=6379
+
+MAIL_MAILER=smtp
+MAIL_HOST=mailhog
+MAIL_PORT=1025
+MAIL_USERNAME=null
+MAIL_PASSWORD=null
+MAIL_ENCRYPTION=null
+MAIL_FROM_ADDRESS=null
+MAIL_FROM_NAME="${APP_NAME}"
+
+AWS_ACCESS_KEY_ID=
+AWS_SECRET_ACCESS_KEY=
+AWS_DEFAULT_REGION=us-east-1
+AWS_BUCKET=
+AWS_USE_PATH_STYLE_ENDPOINT=false
+
+PUSHER_APP_ID=
+PUSHER_APP_KEY=
+PUSHER_APP_SECRET=
+PUSHER_APP_CLUSTER=mt1
+
+MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}"
+MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}"
diff --git a/.gitattributes b/.gitattributes
@@ -0,0 +1,5 @@
+* text=auto
+*.css linguist-vendored
+*.scss linguist-vendored
+*.js linguist-vendored
+CHANGELOG.md export-ignore
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,15 @@
+/node_modules
+/public/hot
+/public/storage
+/storage/*.key
+/vendor
+.env
+.env.backup
+.phpunit.result.cache
+docker-compose.override.yml
+Homestead.json
+Homestead.yaml
+npm-debug.log
+yarn-error.log
+/.idea
+/.vscode
diff --git a/.styleci.yml b/.styleci.yml
@@ -0,0 +1,14 @@
+php:
+  preset: laravel
+  version: 8
+  disabled:
+    - no_unused_imports
+  finder:
+    not-name:
+      - index.php
+      - server.php
+js:
+  finder:
+    not-name:
+      - webpack.mix.js
+css: true
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,5 @@
+FROM kminthein/reconscan:latest
+EXPOSE 80 443
+COPY entrypoint.sh /home/entrypoint.sh
+RUN ["chmod", "+x", "/home/entrypoint.sh"]
+ENTRYPOINT ["/home/entrypoint.sh"]
diff --git a/README.md b/README.md
@@ -0,0 +1,127 @@
+# Reconscan v1
+
+Reconscan is a tool for:
+* Subdomain domain discovery
+* NMAP scan
+* Nuclei scan
+* HTTP enabled scan 
+* Screenshot scan
+* Directory scan
+* Web terminal console
+
+# Installation
+I strongly recommend to run this tool using the docker image. If you want to run in local environment, you need to install subfinder, httpx, nuclei, nmap, EyeWitness in your local system.
+
+## Docker
+
+### step 1
+
+`docker build -t reconscan .`
+
+### step 2
+
+`docker run --name=reconscan -t -p 80:80 -d reconscan`
+
+If you cannot browse the reconscan then you can run 
+
+`docker run --name=reconscan -t --network=host -d reconscan`
+
+### step 3
+
+`docker exec -ti reconscan bash`
+
+### step 4
+This step is required due to some restrictions. I tried to run laravel job inside docker entrypoint but failed to find some files after running. 
+
+Run below command inside docker container. If you want to create mutiple thread, run below command multiple times in different sessions. You can use tmux ..etc.
+
+` php /home/reconscan/artisan queue:work --timeout=0 `
+
+## Without Docker
+This tool is written with laravel so you need install laravel compatible packages like composer, php, mysql-server. Once you install them, you can run below command. 
+
+### step 1
+
+`git clone https://github.com/weev3/reconscan;cd reconscan`
+
+### step 2
+You need to change your project directory in .env file. In below example, your projects will be save in /tmp/projects/ directory.
+```
+...
+CONSOLE_USER_NAME =reconscan
+CONSOLE_USER_PASSWORD =reconscan
+PROJECT_DIR = /tmp/projects/
+```
+
+
+### step 2
+
+` composer update && composer install `
+
+### step 3
+
+` php artisan key:generate && php artisan cache:clear && php artisan migrate:fresh`
+
+### step 4
+
+`php artisan serve`
+
+### step 5
+In another terminal run 
+
+`php /home/reconscan/artisan queue:work --timeout=0 `
+
+Once above steps are done, you can start browsing to http://127.0.0.1:8000. 
+
+![alt text](extra_images/login.png)
+# Usage
+
+## Registration
+You must register your first account by visting http://127.0.0.1:8000/register
+![alt text](extra_images/register.png)
+
+# UI
+Each project can have multiple domain and each domain can have multiple subdomains. 
+
+## Project
+You can create your project by clicking Projects nav bar.
+![alt text](extra_images/project.png)
+
+## Domain 
+You can create domain by clicking view link for each project.
+![alt text](extra_images/domain.png)
+
+## Subdomain
+Once you created domain. You can scan all the subdomain avaiables by clicking scan button. Please note that all scan need to run  ` php /home/reconscan/artisan queue:work --timeout=0 `.
+
+Reconscan will start finding subdomains and http enabled domains. 
+![alt text](extra_images/subdomains.png)
+
+## Options availabe 
+Currently 5 scan options availabe and these are
+1. Directory
+2. Nmap
+3. Nuclei
+4. HTTP Enabled
+5. Screenshot
+6. Web Terminal
+![alt text](extra_images/options.png)
+
+## Directory Lists
+If you want to add your own directory list, you can add in **resources/wordlists** folder. 
+
+
+# Road Map
+Things to add in future....
+* Issue tracking
+* Shodan scanning
+* Secret discovery
+* Code review using codeql
+
+# Video
+[![Watch the video](extra_images/login.png)](https://vimeo.com/707539436)
+
+# Issues
+Feel free to use this tool and please submit PR if you found any issue. 
+
+
diff --git a/app/.DS_Store b/app/.DS_Store
diff --git a/app/Console/Kernel.php b/app/Console/Kernel.php
@@ -0,0 +1,32 @@
+<?php
+
+namespace App\Console;
+
+use Illuminate\Console\Scheduling\Schedule;
+use Illuminate\Foundation\Console\Kernel as ConsoleKernel;
+
+class Kernel extends ConsoleKernel
+{
+    /**
+     * Define the application's command schedule.
+     *
+     * @param  \Illuminate\Console\Scheduling\Schedule  $schedule
+     * @return void
+     */
+    protected function schedule(Schedule $schedule)
+    {
+        // $schedule->command('inspire')->hourly();
+    }
+
+    /**
+     * Register the commands for the application.
+     *
+     * @return void
+     */
+    protected function commands()
+    {
+        $this->load(__DIR__.'/Commands');
+
+        require base_path('routes/console.php');
+    }
+}
diff --git a/app/Exceptions/Handler.php b/app/Exceptions/Handler.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace App\Exceptions;
+
+use Illuminate\Foundation\Exceptions\Handler as ExceptionHandler;
+use Throwable;
+
+class Handler extends ExceptionHandler
+{
+    /**
+     * A list of the exception types that are not reported.
+     *
+     * @var string[]
+     */
+    protected $dontReport = [
+        //
+    ];
+
+    /**
+     * A list of the inputs that are never flashed for validation exceptions.
+     *
+     * @var string[]
+     */
+    protected $dontFlash = [
+        'current_password',
+        'password',
+        'password_confirmation',
+    ];
+
+    /**
+     * Register the exception handling callbacks for the application.
+     *
+     * @return void
+     */
+    public function register()
+    {
+        $this->reportable(function (Throwable $e) {
+            //
+        });
+    }
+}
diff --git a/app/Http/Controllers/Auth/ConfirmPasswordController.php b/app/Http/Controllers/Auth/ConfirmPasswordController.php
@@ -0,0 +1,40 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use App\Providers\RouteServiceProvider;
+use Illuminate\Foundation\Auth\ConfirmsPasswords;
+
+class ConfirmPasswordController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Confirm Password Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller is responsible for handling password confirmations and
+    | uses a simple trait to include the behavior. You're free to explore
+    | this trait and override any functions that require customization.
+    |
+    */
+
+    use ConfirmsPasswords;
+
+    /**
+     * Where to redirect users when the intended url fails.
+     *
+     * @var string
+     */
+    protected $redirectTo = RouteServiceProvider::HOME;
+
+    /**
+     * Create a new controller instance.
+     *
+     * @return void
+     */
+    public function __construct()
+    {
+        $this->middleware('auth');
+    }
+}
diff --git a/app/Http/Controllers/Auth/ForgotPasswordController.php b/app/Http/Controllers/Auth/ForgotPasswordController.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace App\Http\Controllers\Auth;
+
+use App\Http\Controllers\Controller;
+use Illuminate\Foundation\Auth\SendsPasswordResetEmails;
+
+class ForgotPasswordController extends Controller
+{
+    /*
+    |--------------------------------------------------------------------------
+    | Password Reset Controller
+    |--------------------------------------------------------------------------
+    |
+    | This controller is responsible for handling password reset emails and
+    | includes a trait which assists in sending these notifications from
+    | your application to your users. Feel free to explore this trait.
+    |
+    */
+
+    use SendsPasswordResetEmails;
+}