.initpentest.sh

# _____       _ _   _____        _______        _   
#|_   _|     (_) | |  __ \      |__   __|      | |  
#  | |  _ __  _| |_| |__) |__ _ __ | | ___  ___| |_ 
#  | | | '_ \| | __|  ___/ _ \ '_ \| |/ _ \/ __| __|
# _| |_| | | | | |_| |  |  __/ | | | |  __/\__ \ |_ 
#|_____|_| |_|_|\__|_|   \___|_| |_|_|\___||___/\__|
#
# Initializes a pentest folder structure and creates two scripts: initial_scan.sh and detailed_scan.sh.
# The first script runs a full nmap scan on the specified IP address and stores the results in scans/initial.nmap.
# The second script runs a detailed nmap scan on the open ports found in scans/initial.nmap, limits the scope of the scan to the IP's subnet, and stores the results in scans/detailed.nmap.
#
# Usage: initpentest [folder] [ip_address]
#   folder      Name of the folder where the structure will be created
#   ip_address  IP address that will be written to the first line of Notes.md
#
# Credits: JF10R (https://github.com/JF10R)


initpentest() {
  # Check if the -h option was provided
  if [ "$1" == "-h" ] || [ $# -ne 2 ]; then
    display_help
    return
  fi

  # A second argument was provided, set the IP address to the specified value
  target_dir=$(readlink -f "$1")
  echo -e "Using base path $target_dir"
   
  if grep -Eq '^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$' <<< "$2"; then
    ip_address=$2
    echo -e "IP Address: $ip_address"
  else
    # Second argument is not a valid IP address
    echo -e "\033[1;31mError: \033[0;30m$2 \033[0mis not a valid IP address."
    display_help
    return
  fi


  # Create the folder structure and the Notes.md file
  create_folders_and_notes "$target_dir" "$ip_address"

  # Create the initial_scan.sh script
  create_scripts_folder "$target_dir" "$ip_address"
}

display_help() {
  # Display the usage message and a list of options
  echo -e "\033[1;37mUsage: \033[1;33minitpentest \033[0m[folder] [ip_address]"
  echo -e "  \033[1;37m  folder     \033[0;33mOptional name of the folder where the structure will be created"
  echo -e "  \033[1;37m  ip_address \033[0;33mOptional IP address that will be written to the first line of Notes.md\033[0m"
  echo -e ""
  return
}

# Create the folder structure and the Notes.md file in the specified target directory
create_folders_and_notes() {
  echo "Creating folders and Notes.md file in $1..."
  target_dir=$1
  ip_address=$2
  mkdir -p "$target_dir/scans" "$target_dir/exploit" "$target_dir/loot" "$target_dir/scripts"
  touch "$target_dir/Notes.md"
  export target_dir
  echo "#" $(echo "$target_dir" | rev | cut -d '/' -f 1 | rev) >> "$target_dir/Notes.md"
  #echo "# $($target_dir | rev | cut -d '/' -f 1 | rev)" >> "$target_dir/Notes.md"
  echo "## $ip_address" >> "$target_dir/Notes.md"
}

create_scripts_folder() {
  # Print a message indicating that the scripts folder is being created
  echo "Creating scripts folder's content in $1..."

  # Create the initial_scan.sh script
  create_initial_scan_script "$1" "$2"

  # Create the detailed_scan.sh script
  create_detailed_scan_script "$1" "$2"

  # Create Subfinder script
  create_subfinder_scan_script "$1" "$2"
  # Create Naabu script
  create_naabu_scan_script "$1" "$2"
}

create_detailed_scan_script() {
  # Print a message indicating that the detailed_scan.sh script is being created
  echo "Creating detailed_scan.sh script in $1/scripts..."

  # Create the detailed_scan.sh script
  touch "$1/scripts/detailed_scan.sh"
  # Store the list of ports in a variable
  echo '#!/bin/bash' >> $1/scripts/detailed_scan.sh
  echo 'echo -e "Detailed Scan starting..."' >> $1/scripts/detailed_scan.sh
  echo 'folder='$1 >> $1/scripts/detailed_scan.sh
  echo '# Extracts the port numbers from the "initial.nmap" file located in the "scans" folder within the specified "folder" directory. It first uses grep to match and print any lines containing a port number (1-5 digits) followed by a "/" and any number of lowercase letters.' >> $1/scripts/detailed_scan.sh
  echo '# It then uses cut to extract only the port number (before the "/") and tr to replace any double commas with single commas. Finally, sed is used to remove the trailing comma at the end of the list of ports.' >> $1/scripts/detailed_scan.sh
  echo 'ports=$(grep -Eo "[0-9]{1,5}/[a-z]+" "$folder/scans/initial.nmap" | cut -d "/" -f 1 | tr "\\n" "," | sed "s/,$//")' >> $1/scripts/detailed_scan.sh

  # Store the IP address in a variable
  echo 'ip=''$(grep -Eo "^## [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}" "$folder/Notes.md"|grep -Eo "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}")' >> $1/scripts/detailed_scan.sh
  echo 'echo -e "Target IP $ip"' >> $1/scripts/detailed_scan.sh
  # Write the script to the detailed_scan.sh file
  echo 'sudo nmap -sTV -vvvv --script-timeout=30s --script="(safe and default) and not broadcast-* and not targets-sniffer and not lltd-discovery" -e tun0 -Pn -n --open -p$ports $ip -oN $folder/scans/detailed.nmap' >> "$1/scripts/detailed_scan.sh"
  chmod +x "$1/scripts/detailed_scan.sh"
}

create_initial_scan_script() {
  # Print a message indicating that the initial_scan.sh script is being created
  echo "Creating initial_scan.sh script in $1/scripts..."

  # Create the initial_scan.sh script
  touch "$1/scripts/initial_scan.sh"
  echo "sudo nmap -sT -vvvv -T5 -Pn -n --open -p- $2 -oN $1/scans/initial.nmap" >> "$1/scripts/initial_scan.sh"
  chmod +x "$1/scripts/initial_scan.sh"
}

create_naabu_scan_script(){
  # Helps find http servers on all ports of a single target
  echo "Creating naabu_scan.sh script in $1/scripts..."
  touch "$1/scripts/naabu_scan.sh"
  echo "naabu -Pn -host $2 -p -" >> "$1/scripts/naabu_scan.sh"
  chmod +x "$1/scripts/naabu_scan.sh"
}

create_subfinder_scan_script() {
  echo "Creating subfinder_scan.sh script in $1/scripts..."

  touch "$1/scripts/subfinder_scan.sh"
  echo "subfinder -d \$1 -oI $1/scans/subfinder.log | httpx -o $1/scans/httpx.log" >> "$1/scripts/subfinder_scan.sh"
  chmod +x "$1/scripts/subfinder_scan.sh"
}