ctfautomate.sh

#!/bin/bash

ip=$1

echo “[+] Looking for open ports with nmap.”

nmap -A -p- -Pn -T4 $ip > ctf.txt

if (cat ctf.txt | grep open | grep ‘http\|https’); then

        # Create domain name variable from nmap results

        cat ctf.txt | grep ‘htb\|thm’ | cut -d ” ” -f 7 | cut -d “/” -f 3 > results.txt

        url=”$(cat results.txt)”

        # Take the IP address and url and combine them into a file to add them to the /etc/hosts file

        echo $ip    $url > results1.txt && cat results1.txt | sudo tee -a /etc/hosts

        # Create file variables.

        file=”$(cat ctf.txt |  grep open | grep http | cut -d ” ” -f 1 | cut -d / -f 1)”

        file1=”$(cat ctf.txt |  grep open | grep https | cut -d ” ” -f 1 | cut -d / -f 1)”

        echo ——————————————————— >> ctf.txt

        echo “Subdomain results from ffuf” >> ctf.txt

        echo “[+] Looking for subdomains with ffuf.”

        ffuf -u http://$url -H “Host: FUZZ.$url” -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt -mc 200  >> ctf.txt

        echo “[+] Looking for directories with gobuster.”

        gobuster dir -u $url -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt >> ctf.txt

        echo “[+] Running web vulnerability scans with nikto.”

        nikto -host $ip -p $file -ask no >> ctf.txt

        nikto -host $ip -p $file1 -ssl -ask no >> ctf.txt

        rm results1.txt results.txt

fi