Skip to content
/ frogy Public

"Frogy" is a powerful tool designed to enhance the capabilities of various teams within an organization. It is particularly useful for Vulnerability Management Teams, Threat Intel Teams, Asset Inventory Teams, SOC Teams, and Patch Management Teams.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ryanmrestivo/frogy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
wordlist
wordlist
 
 
README.md
README.md
 
 
architecture.png
architecture.png
 
 
demo.png
demo.png
 
 
frogy.sh
frogy.sh
 
 
install.sh
install.sh
 
 
ports
ports
 
 
rootdomain.py
rootdomain.py
 
 

Repository files navigation

       .,;::::,..      ......      .,:llllc;'.
    .cxdolcccloddl;:looooddooool::xxdlc:::clddl.
   cxo;'',;;;,,,:ododkOOOOOOOOkdxxl:,';;;;,,,:odl
  od:,;,...x0c:c;;ldox00000000dxdc,,:;00...,:;;cdl
 'dc,;.    ..  .o;:odoOOOOOOOOodl,;;         ::;od.
 'ol';          :o;odlkkkkkkkxodl,d          .o;ld.
 .do,o..........docddoxxxxxxxxodo;x,.........:d;od'
 ;odlcl,......,odcdddodddddddddddl:d:.......:dcodl:.
;clodocllcccloolldddddddddddddddddoclllccclollddolc:
				``` in progress ```

Use Cases:

  • Vulnerability Management Team: Enhance vulnerability scanning coverage by incorporating discovered subdomains into the asset database.
  • Threat Intel Team: Prioritize proactive monitoring for critical assets by including subdomain enumeration results in the intelligence database.
  • Asset Inventory Team: Keep the asset inventory up-to-date by adding newly discovered subdomains and finding contact information for internal assets.
  • SOC Team: Identify monitored assets and expand coverage using subdomain enumeration results.
  • Patch Management Team: Identify and manage legacy or abandoned assets by leveraging subdomain enumeration findings.

Logic

logical flow for collection

Features
🐸 Perform horizontal subdomain enumeration
🐸 Conduct vertical subdomain enumeration
🐸 Resolve subdomains to their corresponding IP addresses
🐸 Identify live web applications
🐸 Gather comprehensive contextual information about web applications, including title, content length, server, IP, CNAME, and more, using httpx.

  • Requirements: Go Language, Python 3.+, jq
    You can check to see if you have these by typing into terminal: go version python --version jq --version

To install Go:
sudo apt update && sudo apt install -y golang
Arch:
sudo pacman -Syu go
Mac:
brew install go port install go
Windows:
scoop install go choco install golang winget install golang
To install Python:
Debian and Ubuntu: sudo apt install python3 Arch: sudo pacman -S python3
To install jq:
Debian and Ubuntu:
sudo apt update && sudo apt install jq
Arch:
sudo pacman -S jq
Mac:
brew install jq port install jq
Windows:
winget install jqlang.jq scoop install jq chocolatey install jq

  • Installation

    Login as root and run the below command.
bash install.sh

  • Usage

    ./frogy.sh

  • Demo example of scan

  • Output

    Output file will be saved inside the output/company_name/outut.csv folder. Where company_name is any company name which you give as an input to 'Organization Name' at the start of the script.

Credits Chintan Gurjar for the initial implementation. https://github.com/iamthefrogy/frogy

About

"Frogy" is a powerful tool designed to enhance the capabilities of various teams within an organization. It is particularly useful for Vulnerability Management Teams, Threat Intel Teams, Asset Inventory Teams, SOC Teams, and Patch Management Teams.

Topics

security inventory enumeration bugbounty asset-management

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages