Perform reconnaissance on web applications by taking advantages of github CI/CD workflow. The tool basically allows user to perform initial reconnaissance on a web application like Subdomain Enumeration, port scanning, Javascript reconnaissance, Directory bruteforce, Misconfiguration Scanner by using various opensource tools. The tool basically do the following things :
- Generate github CI/CD yml template according to the user input and scan type
- Create a remote github repo
- Push the workflow files into repo
- Trigger the workflow, and Monitor the workflow run
- After finishing, clone remote repo with scan results
- Delete the remote repo
- Need to provide Github Personal Access Token and github username in config.py file.
- Also when generating token select/enable repo, workflow and delete_repo controls, then generate tokens.
- With free Github account, it gives 2000 min/month CI/CD action times for free for public repos.
- Run setup.sh to configure everything.
- OR
- Install python3, pip3 and run command
pip3 install -r requirements.txt
SubDomain passive enumeration :
./gwfrecon.py SubDomainEnum -d google.com -p
SubDomain Active enumeration :
./gwfrecon.py SubDomainEnum -d google.com
Portscanning using massdns generated result file :
./gwfrecon.py PortAndServices --mdfile massdnsResult.txt
Perform Javascript Reconnaissance :
./gwfrecon.py JSScan -d facebook.com
Perform Directory Bruteforce on a single domain :
./gwfrecon.py DirBruteforce -d facebook.com
Perform Directory Bruteforce on a multiple domain in a file :
./gwfrecon.py DirBruteforce --subdfile subdomains.txt --wordlist wordlist.txt
Perform Misconfiguration scan :
./gwfrecon.py MisConfigScan --subdfile subdomains.txt
Continiously using this tool may lead to disable Github CI/CD workflow on your github account, so i advice you to do not use the script on your main github account. and also use this tool for Educational/Testing purpose only. The Developer of this tool is not responsible for any kind of harmful activity done by users.
Tools used : ffuf, jq, httpx, gau, subjs, hakrawler, linkfindner, secretfinder, nuclei, nmap, masscan.