EchoPwn

This is a recon tool which allows you to discover the subdomains used by a target web application on both client and server side. Afterwards, it runs dirsearch on the resulted text file. It can also scan for open ports using NMAP and finds hidden parameters on every live Host.

Usage

./EchoPwn.sh domain.com                      //For Default Scan
./EchoPwn.sh domain.com -nmap                //To run nmap on your results
./EchoPwn.sh domain.com -arjun               //To run arjun on your results
./EchoPwn.sh domain.com -nmap -arjun         //For full scan

Output will be saved in EchoPwn/domain.com/ directory

Installation:

Only for MacOS and Linux

Prerequisites

1. go
2. gem

Then run:

./install.sh

Some Tools require manual downloading of pre-built binaries (or build them yourself):

1. Subfinder
2. Assestfinder
3. Aquatone

Download (or build) and place these binaries in the EchoPwn directory.

Apart from the tokens required by individual tools, this script requires 4 tokens:

• FaceBook Token
• Github Token
• Spyse Token
• VirusTotal Token

Place these tokens in tokens.txt before running EchoPwn.sh

Coming Soon

• Slack notification integration
• Gitrob
• AWS S3 bucket finder & more...

Suggestions are welcomed. Mail us at: admin@echopwn.com

Thanks

This script uses tools which are developed by the following people

OWASP, ProjectDiscovery, Tom Hudson, Michael Henriksen, Gwendal Le Coguic, Eduard Tolosa, B. Blechschmidt, ProjectAnte, Somdev Sangwan, Mauro Soria, santiko, Ahmed Aboul-Ela