Trigat

Back
QuickRecon.sh
Posted: 06-21-2025
Language: Bash
#!/bin/bash

# Trigat 2025

# Define the output file
OUTPUT_FILE="$HOME/output.txt"

# Clear the file if it exists
> "$OUTPUT_FILE"

# Append the results of each command with headers

# hostname; id; hostname -I
echo "### Host Information ###" >> "$OUTPUT_FILE"
hostname >> "$OUTPUT_FILE" 2>&1
id >> "$OUTPUT_FILE" 2>&1
hostname -I >> "$OUTPUT_FILE" 2>&1
echo >> "$OUTPUT_FILE"

# sudo -l
echo "### sudo -l ###" >> "$OUTPUT_FILE"
sudo -l >> "$OUTPUT_FILE" 2>&1
echo >> "$OUTPUT_FILE"

# ls /
echo "### Root directories ###" >> "$OUTPUT_FILE"
ls / >> "$OUTPUT_FILE" 2>&1
echo >> "$OUTPUT_FILE"

# Check directories
echo "### Directories: .aws, .ssh, .git ###" >> "$OUTPUT_FILE"
for dir in /home/* /root; do
  for sub in .aws .ssh .git; do
    [ -d "$dir/$sub" ] && echo "$dir/$sub"
  done
done >> "$OUTPUT_FILE"
echo >> "$OUTPUT_FILE"

# Output /etc/fstab
echo "### /etc/fstab ###" >> "$OUTPUT_FILE"
awk '{print $2}' /etc/fstab | grep -E '^/[^/]' | xargs -I{} sh -c 'if [ -d "{}" ]; then echo "Mount Point: {}"; df -h "{}"; echo; fi' >> "$OUTPUT_FILE"
echo >> "$OUTPUT_FILE"

# Find .sh scripts
echo "### .sh Scripts ###" >> "$OUTPUT_FILE"
find /root /home/* /opt -type f -name '*.sh' -print >> "$OUTPUT_FILE"
echo >> "$OUTPUT_FILE"

# Check directories
echo "### Directories: /etc/apache2, /etc/nginx, /var/www, /etc/mysql ###" >> "$OUTPUT_FILE"
for dir in /etc/apache2 /etc/nginx /var/www /etc/mysql; do
  [ -d "$dir" ] && echo "$dir"
done >> "$OUTPUT_FILE"
echo >> "$OUTPUT_FILE"

# Docker version
echo "### Docker Version ###" >> "$OUTPUT_FILE"
docker -v >> "$OUTPUT_FILE" 2>&1
echo >> "$OUTPUT_FILE"

# .bash_history search
echo "### .bash_history Search ###" >> "$OUTPUT_FILE"
for file in /root/.bash_history /home/*/.bash_history; do
  [ -f "$file" ] && grep -i 'pass' "$file"
done >> "$OUTPUT_FILE"
echo >> "$OUTPUT_FILE"

# .bash_history search
echo "### .bash_history Search ###" >> "$OUTPUT_FILE"
for file in /root/.bash_history /home/*/.bash_history; do
  [ -f "$file" ] && grep -i 'pass' "$file"
done >> "$OUTPUT_FILE"
echo >> "$OUTPUT_FILE"

# /etc/passwd with /bin/bash
echo "### /etc/passwd with /bin/bash ###" >> "$OUTPUT_FILE"
cat /etc/passwd | grep "/bin/bash" >> "$OUTPUT_FILE"
echo >> "$OUTPUT_FILE"

# Find files
echo "### Files: *key, *.json, *config ###" >> "$OUTPUT_FILE"
find /root /home/* -type f \( -name '*key' -o -name '*.json' -o -name '*config' \) >> "$OUTPUT_FILE"
echo >> "$OUTPUT_FILE"

# Authorized_keys
echo "### Authorized Keys ###" >> "$OUTPUT_FILE"
for file in /home/*/.ssh/authorized_keys /root/.ssh/authorized_keys; do
  [ -f "$file" ] && cat "$file"
done >> "$OUTPUT_FILE"
echo >> "$OUTPUT_FILE"

# Environment variables
echo "### Environment Variables ###" >> "$OUTPUT_FILE"
env | grep -Ei 'password|pass|passwd' >> "$OUTPUT_FILE"
echo >> "$OUTPUT_FILE"

# List cron jobs
echo "### Cron Jobs ###" >> "$OUTPUT_FILE"
for user in $(cut -f1 -d: /etc/passwd); do
  crontab_output=$(sudo crontab -u "$user" -l 2>/dev/null)
  non_commented=$(echo "$crontab_output" | grep -v '^#' | grep -v '^$')
  if [ -n "$non_commented" ]; then
    echo "User: $user" >> "$OUTPUT_FILE"
    echo "$non_commented" >> "$OUTPUT_FILE"
    echo "$non_commented" | grep -oP '^\S+' | xargs -I{} find {} -type f -name '*.sh' 2>/dev/null >> "$OUTPUT_FILE"
  fi
done
echo >> "$OUTPUT_FILE"

# List cron files
echo "### Cron Files ###" >> "$OUTPUT_FILE"
ls -la /etc/cron* >> "$OUTPUT_FILE"
Back
Home | Sign in
