Skip to content

Ajaytekam/GWFRecon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits

enumlibs

enumlibs

 
 

libs

libs

 
 

src

src

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

config.py

config.py

 
 

gwfrecon.py

gwfrecon.py

 
 

requirements.txt

requirements.txt

 
 

setup.sh

setup.sh

 
 

Repository files navigation

GWFRecon

Perform reconnaissance on web applications by taking advantages of github CI/CD workflow. The tool basically allows user to perform initial reconnaissance on a web application like Subdomain Enumeration, port scanning, Javascript reconnaissance, Directory bruteforce, Misconfiguration Scanner by using various opensource tools. The tool basically do the following things :

  • Generate github CI/CD yml template according to the user input and scan type
  • Create a remote github repo
  • Push the workflow files into repo
  • Trigger the workflow, and Monitor the workflow run
  • After finishing, clone remote repo with scan results
  • Delete the remote repo

Requirements

  • Need to provide Github Personal Access Token and github username in config.py file.
  • Also when generating token select/enable repo, workflow and delete_repo controls, then generate tokens.


  • With free Github account, it gives 2000 min/month CI/CD action times for free for public repos.

Installation :

  • Run setup.sh to configure everything.
  • OR
  • Install python3, pip3 and run command pip3 install -r requirements.txt

Usage :

SubDomain passive enumeration :

./gwfrecon.py SubDomainEnum -d google.com -p

SubDomain Active enumeration :

./gwfrecon.py SubDomainEnum -d google.com

Portscanning using massdns generated result file :

./gwfrecon.py PortAndServices --mdfile massdnsResult.txt

Perform Javascript Reconnaissance :

./gwfrecon.py JSScan -d facebook.com

Perform Directory Bruteforce on a single domain :

./gwfrecon.py DirBruteforce -d facebook.com

Perform Directory Bruteforce on a multiple domain in a file :

./gwfrecon.py DirBruteforce --subdfile subdomains.txt --wordlist wordlist.txt

Perform Misconfiguration scan :

./gwfrecon.py MisConfigScan --subdfile subdomains.txt

Warning

Continiously using this tool may lead to disable Github CI/CD workflow on your github account, so i advice you to do not use the script on your main github account. and also use this tool for Educational/Testing purpose only. The Developer of this tool is not responsible for any kind of harmful activity done by users.

Tools used : ffuf, jq, httpx, gau, subjs, hakrawler, linkfindner, secretfinder, nuclei, nmap, masscan.

About

Perform Reconnaissance on webapps using Github CI/CD

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages