Skip to content

pikpikcu/subdomain-monitoring-elasticsearch

Folders and files

NameName
Last commit message
Last commit date

Latest commit

522158b · Jun 26, 2024

History

28 Commits
Jun 20, 2024
Jun 25, 2024
Jun 26, 2024
Jun 20, 2024
Jun 20, 2024
Jun 25, 2024
Jun 21, 2024
Jun 21, 2024
Jun 20, 2024

Repository files navigation

subdomain-monitoring-elasticsearch

monitoring

Configurations

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
sudo sh -c 'echo "deb https://artifacts.elastic.co/packages/8.x/apt stable main" > /etc/apt/sources.list.d/elastic-8.x.list'
sudo apt-get update
sudo apt install logstash
sudo apt install filebeat
sudo apt-get install elasticsearch
sudo systemctl start elasticsearch
sudo systemctl enable elasticsearch

Reset Password elasticsearch

  • Edit File: /etc/elasticsearch/elasticsearch.yml and added this line xpack.security.enabled: true
  • run command: ./usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive
  • Edit file certstream.conf and tlsx.conf Replace IP elasticsearch and user/password [Default User: elastic].

Example

certstream

  • install certstream pip install certstream
sudo /usr/share/logstash/bin/logstash -f certstream/certstream.conf
certstream --full --json | sudo filebeat -c certstream/certstream.yml -e

OR

sudo websocat -t - autoreconnect:wss://certstream.calidog.io  | sudo filebeat -c certstream/certstream.yml -e

OR
- https://github.com/g0ldencybersec/gungnir

gungnir -r program-data.txt -j | sudo filebeat -c gungnir.yml -e

certstream

Tlsx

  • install tlsx and uncover
go install github.com/projectdiscovery/tlsx/cmd/tlsx@latest
go install -v github.com/projectdiscovery/uncover/cmd/uncover@latest
go install -v github.com/projectdiscovery/mapcidr/cmd/mapcidr@latest

Downloads File IPs Ranges https://github.com/lord-alfred/ipranges

sudo /usr/share/logstash/bin/logstash -f tlsx/tlsx.conf
cat ipv4.txt | mapcidr -silent | tlsx -json -silent -cn -nc -l | sudo filebeat -c tlsx/tlsx.yml -e

OR

uncover -silent -e 'ssl:"*.tesla.com"' -f ip | tlsx -json -silent -cn -nc -l | sudo filebeat -c tlsx/tlsx.yml -e

loop
#!/bin/bash

# Fetch the list of domains and save it to a file
curl -s "https://raw.githubusercontent.com/arkadiyt/bounty-targets-data/main/data/domains.txt" > domains.txt

# Read the file line by line
while IFS= read -r domain; do
  # Use uncover tool on each domain
  uncover -q "ssl:\"$domain\"" -silent -f ip | tlsx -json -silent -cn -nc | sudo filebeat -c tlsx/tlsx.yml -e
done < domains.txt

# Clean up
rm domains.txt

tlsx

Nuclei Report In elasticsearch

elasticsearch:
  host: ""
  ip: ""
  port: 9200
  ssl: false
  ssl-verification: false
  username: ""
  password: ""
  index-name: "nuclei-scanner"

nuclei

BBOT Scanners

BBOT Integration Here

bbot

CVE Monitoring

  • CVE Monitoring Here
  • Configurations Here

bbot

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages