This repo aims to be used as a baseline for automating some tedious jobs related to BB automation for when you want to have a quick sneak of your targets.
By default I've added the following tools and uploaded a set of configfiles that can be used for this purpose, but this idea can be extended for other use cases.
By default the only dependency is to have docker installed in your computer. There's a case when trying to run this from a Mac with Apple silicon chip where you might need to adapt the compose workflow. Please uncomment those lines to have it working there.
There's a folder under config called custom-nuclei-templates, that folder is going to be mounted inside the nuclei templates folder at runtime so those are going to be available such as the common ones. There's a github action that updates Nuclei Templates from it's base repo once a day.
That's barely a copy of golang base image with some tools that I've used to parse the information and present it from one step to the other correctly.
Once you have downloaded the repo, consider checking the configfiles before running any workflow.
If you want to trigger only one particular step please run a command like:
docker compose run --no-deps --rm --quiet-pull nucleiWhere we specify compose only to run that particular step without deps and to remove the container when it finishes. Please consider in each of the cases having the input files setted up correctly
On another hand if you want to run the whole workflow as described in the image above, run the following command
docker compose up --remove-orphansThis would run the whole workflow and cleanup the resultant containers when they are done. Please also consider filling up in this case the subfinder-input file with the domains you want to scan
- Add filter to only pass to next steps assets that were part from the initial.
- Add news from dnsx and nuclei.
- Add support to import data to a DB.
- Feature scans in different folders to emulate different programs so it would be easy to manage scopes.