Merge pull request #1 from g0ldencybersec/newcc

g0ldencybersec · web-flow · commit bca4c7aac0f2 · 2023-08-10T08:35:23.000-07:00
New Color/Comments
diff --git a/LICENSE.md b/LICENSE.md
@@ -1,4 +1,4 @@
-MIT License
+# MIT License
 
 Copyright (c) 2023 g0lden
 
@@ -19,3 +19,4 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
+
diff --git a/README.md b/README.md
@@ -1,36 +1,52 @@
 # EasyEASM
+
 EasyEASM repository for Black Hat Arsenal 2023
 
-# Description
+## Description
+
 Easy EASM is just that... the easiest to set-up tool to give your organization visibility into its external facing assets.
 
 The industry is dominated by $30k vendors selling "Attack Surface Management," but OG bug bounty hunters and red teamers know the truth. External ASM was born out of the bug bounty scene. Most of these $30k vendors use this open-source tooling on the backend.
 
 With ten lines of setup or less, using open source tools, and one button deployment, Easy EASM will give your organization a complete view of your online assets. Easy EASM scans you daily and alerts you via Slack or Discord on newly found assets! Easy EASM also spits out an Excel skeleton for a Risk Register or Asset Database! This isn't rocket science.. but it's USEFUL. Don't get scammed. Grab Easy EASM and feel confident you know what's facing attackers on the internet.
 
-# Installation
+## Installation
+
 ```sh
 go install github.com/g0ldencybersec/EasyEASM/easyeasm@latest
 ```
 
-# Example Config file
-The tool will expect a configuration file named "config.yml" to be in the directory you are running from. An example of this yml file is below:
+## Example Config file
+
+The tool expects a configuration file named `config.yml` to be in the directory you are running from.
+
+Here is example of this yaml file:
+
 ```yaml
 # EasyEASM configurations
 runConfig:
   domains:  # List root domains here.
     - example.com
     - mydomain.com
-  slack: https://hooks.slack.com/services/DUMMYDATA/DUMMYDATA/RANDOM # Slack webhook url for slack notificaitions.
-  discord: https://discord.com/api/webhooks/DUMMYURL/Dasdfsdf # Discord webhook for discord notifications.
-  runType: fast   # Set to either fast (Passive enum) or complete (Active enumeration).
+  slack: https://hooks.slack.com/services/DUMMYDATA/DUMMYDATA/RANDOM # Slack webhook url for Slack notifications.
+  discord: https://discord.com/api/webhooks/DUMMYURL/Dasdfsdf # Discord webhook for Discord notifications.
+  runType: fast   # Set to either fast (passive enum) or complete (active enumeration).
   activeWordList: subdomainWordlist.txt
   activeThreads: 100
 ```
 
-# Running the tool
-To run the tool, fill out the config file then simply run the easyeasm module:
+## Usage
+
+To run the tool, fill out the config file: `config.yml`. Then, run the `easyeasm` module:
+
 ```sh
-$ ./easyeasm
+./easyeasm
 ```
-After the run is complete you should see the output CSV (EasyEASM.csv) in the run directory. This can be added to your asset database and risk register!
+
+After the run is complete, you should see the output CSV (`EasyEASM.csv`) in the run directory. This CSV can be added to your asset database and risk register!
+
+## Warranty
+
+## License
+
+This project is licensed under the MIT License - see the [LICENSE.md](LICENSE.md) for details.
diff --git a/easyeasm/main.go b/easyeasm/main.go
@@ -12,11 +12,17 @@ import (
 )
 
 func main() {
+	// install required tools
 	utils.InstallTools()
-	// Parse the configuraton file
+
+	// print a banner
+	banner := "\x1b[36m****************\n\nEASY EASM\n\n***************\x1b[0m\n"
+	fmt.Println(banner)
+
+	// parse the configuration file
 	cfg := configparser.ParseConfig()
 
-	// Check for previous run file
+	// check for previous run file
 	var prevRun bool
 	if _, err := os.Stat("EasyEASM.csv"); err == nil {
 		fmt.Println("Found data from previous run!")
@@ -30,20 +36,30 @@ func main() {
 		prevRun = false
 	}
 
-	// Fast run. This is passive enumeration only
+	// check the run type specified in the config and perform actions accordingly
 	if strings.ToLower(cfg.RunConfig.RunType) == "fast" {
+		// fast run: passive enumeration only
+
+		// create a PassiveRunner instance
 		Runner := passive.PassiveRunner{
 			SeedDomains: cfg.RunConfig.Domains,
 		}
+
+		// run passive enumeration and get the results
 		passiveResults := Runner.RunPassiveEnum()
 
+		// remove duplicate subdomains
 		Runner.Subdomains = utils.RemoveDuplicates(passiveResults)
 		Runner.Results = len(Runner.Subdomains)
 
-		fmt.Printf("Found %d subdomains\n\n", Runner.Results)
+		fmt.Printf("\x1b[31mFound %d subdomains\n\n\x1b[0m", Runner.Results)
 		fmt.Println(Runner.Subdomains)
 		fmt.Println("Checking which domains are live and generating assets csv...")
+
+		// run Httpx to check live domains
 		Runner.RunHttpx()
+
+		// notify about new domains if prevRun is true
 		if prevRun && strings.Contains(cfg.RunConfig.SlackWebhook, "https") {
 			utils.NotifyNewDomainsSlack(Runner.Subdomains, cfg.RunConfig.SlackWebhook)
 			os.Remove("old_EasyEASM.csv")
@@ -52,16 +68,19 @@ func main() {
 			os.Remove("old_EasyEASM.csv")
 		}
 	} else if strings.ToLower(cfg.RunConfig.RunType) == "complete" {
-		// PASSIVE
+		// complete run: passive and active enumeration
+
+		// passive enumeration
 		PassiveRunner := passive.PassiveRunner{
 			SeedDomains: cfg.RunConfig.Domains,
 		}
 		passiveResults := PassiveRunner.RunPassiveEnum()
 
+		// remove duplicate subdomains
 		PassiveRunner.Subdomains = utils.RemoveDuplicates(passiveResults)
 		PassiveRunner.Results = len(PassiveRunner.Subdomains)
 
-		//ACTIVE
+		// active enumeration
 		ActiveRunner := active.ActiveRunner{
 			SeedDomains: cfg.RunConfig.Domains,
 		}
@@ -70,18 +89,19 @@ func main() {
 
 		ActiveRunner.Subdomains = utils.RemoveDuplicates(activeResults)
 
-		//ALTERX
+		// permutation scan
 		permutationResults := ActiveRunner.RunPermutationScan(cfg.RunConfig.ActiveThreads)
 		ActiveRunner.Subdomains = append(ActiveRunner.Subdomains, permutationResults...)
-
 		ActiveRunner.Subdomains = utils.RemoveDuplicates(ActiveRunner.Subdomains)
 		ActiveRunner.Results = len(ActiveRunner.Subdomains)
 
-		//HTTPX
+		// httpx scan
 		fmt.Printf("Found %d subdomains\n\n", ActiveRunner.Results)
 		fmt.Println(ActiveRunner.Subdomains)
 		fmt.Println("Checking which domains are live and generating assets csv...")
 		ActiveRunner.RunHttpx()
+
+		// notify about new domains if prevRun is true
 		if prevRun && strings.Contains(cfg.RunConfig.SlackWebhook, "https") {
 			utils.NotifyNewDomainsSlack(ActiveRunner.Subdomains, cfg.RunConfig.SlackWebhook)
 			os.Remove("old_EasyEASM.csv")
@@ -90,7 +110,7 @@ func main() {
 			os.Remove("old_EasyEASM.csv")
 		}
 	} else {
+		// invalid run mode specified
 		panic("Please pick a valid run mode and add it to your config.yml file! You can set runType to either 'fast' or 'complete'")
 	}
-
 }
