-
Notifications
You must be signed in to change notification settings - Fork 16
Usage
Rizwan Syed edited this page Oct 13, 2023
·
1 revision
To use CHOMTE.SH, run the script with the following flags:
└─# ./chomte.sh
██████╗██╗ ██╗ ██████╗ ███╗ ███╗████████╗███████╗ ███████╗██╗ ██╗
██╔════╝██║ ██║██╔═══██╗████╗ ████║╚══██╔══╝██╔════╝ ██╔════╝██║ ██║
██║ ███████║██║ ██║██╔████╔██║ ██║ █████╗ ███████╗███████║
██║ ██╔══██║██║ ██║██║╚██╔╝██║ ██║ ██╔══╝ ╚════██║██╔══██║
╚██████╗██║ ██║╚██████╔╝██║ ╚═╝ ██║ ██║ ███████╗██╗███████║██║ ██║
╚═════╝╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ ╚══════╝╚═╝╚══════╝╚═╝ ╚═╝
U S A G E
Usage: ./chomte.sh -p <ProjectName> -d <domain.com> [option]
Usage: ./chomte.sh -p <ProjectName> -i <127.0.0.1> [option]
Usage: ./chomte.sh -p projectname -d example.com -brt -jsd -sto -n -cd -e -js -ex
Usage: ./chomte.sh -p projectname -d Domains-list.txt
Usage: ./chomte.sh -p projectname -i 127.0.0.1
Usage: ./chomte.sh -p projectname -i IPs-list.txt -n -cd -e -js -ex
Mandatory Flags:
-p | --project <string> : Specify Project Name here
-d | --domain <string> : Specify Root Domain here / Domain List here
OR
-i | --ip <string> : Specify IP / IPlist here - Starts with Naabu
-c | --cidr | --asn <string> : CIDR / ASN - Starts with Nmap Host Discovery
OR
-hpl | --hostportlist <filename>: HTTP Probing on Host:Port List
╔════════════════════════════════════════════════════════════════════════════════╗
Optional Flags - Only applicable with domain -d flag
╚════════════════════════════════════════════════════════════════════════════════╝
-sd | --singledomain : Single Domain for In-Scope Engagement
-pp | --portprobe : Probe HTTP web services in ports other than 80 & 443
-a | --all : Run all required scans
-rr | --rerun : ReRun the scan again
-brt | --dnsbrute : DNS Recon Bruteforce
-ax | --alterx : Subdomain Bruteforcing using DNSx on Alterx Generated Domains
-sto | --takeover : Subdomain Takeover Scan
╔════════════════════════════════════════════════════════════════════════════════╗
Global Flags - Applicable with both -d / -i
╚════════════════════════════════════════════════════════════════════════════════╝
-s | --shodan : Shodan Deep Recon - API Key Required
-n | --nmap : Nmap Scan against open ports
-e | --enum : Active Recon
-cd | --content : Content Discovery Scan
-cd | --content subdomains.txt : Content Discovery Scan
-ru | --reconurl : URL Recon; applicable with enum -e flag
-ex | --enumxnl : XNL JS Recon; applicable with enum -e flag
-nf | --nucleifuzz : Nuclei Fuzz; applicable with enum -e flag
-h | --help : Show this help
- -p or --project: Specify the project name here.
- -d or --domain: Specify the root domain here or a domain list.
- -i or --ip: Specify the IP/CIDR/IP list here.
-n or --nmap : Nmap scan against open ports.
-brt or --dnsbrute : DNS Recon Bruteforce.
-hpl or --hostportlist : HTTP Probing on Host:Port List
-cd or --content : Content Discovery - Path is optional
-e or --enum : Active Enum based on technologies
-h or --help : Show help.
Here are some example commands:
Mode | Commands |
---|---|
Gather Subdomains and perform HTTP Probing | ./chomte.sh -p projectname -d example.com |
Bruteforcing Subdomains with dmut | ./chomte.sh -p projectname -d example.com -brt |
Perform AlterX Bruteforcing using DNSx | ./chomte.sh -p projectname -d example.com -brt -ax |
Subdomain Takeover Scan using Subjack and Nuclei | ./chomte.sh -p projectname -d example.com -brt -ax -sto |
Port Scanning and then HTTP probing on open ports | ./chomte.sh -p projectname -d example.com -pp |
Nmap Scan on open ports + CSV,HTML Reporting | ./chomte.sh -p projectname -d example.com -pp -n |
EnumScan: Content Discovery scan on Potential URLs | ./chomte.sh -p projectname -d example.com -e -cd |
EnumScan: URL Recon Function | ./chomte.sh -p projectname -d example.com -e -ru |
EnumScan: Nuclei Fuzzer Template Scan on Potential Parameter URLs | ./chomte.sh -p projectname -d example.com -e -ru -nf |
EnumScan: Run all Enum modules | ./chomte.sh -p projectname -d example.com -e -cd -ru -nf |
EnumScan: XNL JS Recon and do Trufflehog Secret Scan | ./chomte.sh -p projectname -d example.com -e -ex |
Perform all applicable Scans | ./chomte.sh -p projectname -d example.com -all |
Input List of domains in scope | ./chomte.sh -p projectname -d Domains-list.txt |
Single Domain for in scope engagements | ./chomte.sh -p projectname -d target.com -sd |
Single IP Scan | ./chomte.sh -p projectname -i 127.0.0.1 |
CIDR / Subnet Scan | ./chomte.sh -p projectname -i 192.168.10.0/24 |
Perform Nmap scan on open ports | ./chomte.sh -p projectname -i IPs-list.txt -n |
Perform host:port http probing & enum | ./chomte.sh -p projectname -hpl hostportlist.txt -e -cd |