Sharingan is a recon multitool for offensive security/bug bounty
This is very much a work in progress and I'm relatively new to offensive security in general so if you see something that can be improved please open an issue or PR with suggested changes.
Cloning for development
Outside of your Gopath
git clone https://github.com/leobeosab/sharingan
go get github.com/leobeosab/sharingan/cmd/sharingancli
Order matters when it comes to flags it must be
sharingancli [globalflags] command [commandflags] if this isn't a wanted feature I can change it but I like how clean it is.
DNS busts the target with a wordlist you provide
sharingancli --target targetname dns --dns-wordlist ~/path/to/wordlist --root-domain target.com
Adds subdomains to the program's storage from stdin using pipes:
cat subs | sharingancli --target targetname dns addsubs
Scans all hosts available that were stored in target using nmap:
sharingancli --target target scan
Scan a single host from the list of subdomains stored in the target:
sharingancli --target target scan interactive
Outputs all domains as a list in stdout
sharingancli --target target info domains
Features to come
- Dir brute-forcing -- Currently being worked on
- JSON and regular file exports
- Automated scans through a daemon?
- add a way to do SYN / -sS scanning [ must be root so it presents a challenge ]
- Possible Web UI / HTML export
- Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
- Blog2022.12.13What are the Common Security Weaknesses of Cloud Based Networks?
- Blog2022.10.12Vulnerability management with Wazuh open source XDR
- Blog2022.08.29Deception Technologies: Improving Incident Detection and Response by Alex Vakulov
- Blog2022.08.25Exploring the Heightened Importance of Cybersecurity in Mobile App Development by Jeff Kalwerisky