Skip to content

Examples

Jump to bottom
Aditya Gujar edited this page Oct 11, 2023 · 8 revisions

shadowclone.py

The syntax is heavily inspired (read copied ;)) from fleex scan so if you are familiar with fleex, you'd have no problem instantly switching to shadowclone.

⚡ python shadowclone.py -h
usage: shadowclone.py [-h] -i INPUT [-s SPLITNUM] [-o OUTPUT] -c COMMAND

optional arguments:
  -h, --help            show this help message and exit
  -i INPUT, --input INPUT
  -s SPLITNUM, --split SPLITNUM
                        Number of lines per chunk of file
  -o OUTPUT, --output OUTPUT
  -c COMMAND, --command COMMAND
                        command to execute
   --no-split NOSPLIT    File to be used without splitting

-i or --input -> is the path to your input file on your local machine. (Required)

s or --split -> number of lines to keep per chunk of input file. Default=1000 (Optional)

-o or --output -> write output to file. Default=stdout (Optional)

c or --command -> Command to execute on the cloud. It takes a special placeholder {INPUT} which will be replaced by a chunk of input file dynamically (Required)

--no-split -> A file that should be used as-is in all containers.

See examples below to get a better understanding

httpx

python shadowclone.py -i <SUBDOMAINS FILE> --split 100 -o <OUTPUT FILE> -c "/go/bin/httpx -l {INPUT}"

ffuf

python shadowclone.py -i <WORDLIST FILE> --split 300 -o <OUTPUT FILE> -c "/go/bin/ffuf -u https://www.example.com/FUZZ -w {INPUT} -s -ac"

ffuf with a request stored in file and wordlist split in 50 lines per container:

python shadowclone.py -i <WORDLIST FILE> -s 50 --no-split <RAW REQUEST FILE> -c "/go/bin/ffuf -request {NOSPLIT} -w {INPUT}:FUZZ -fc 403"

nuclei

python shadowclone.py -i <WEB DOMAINS FILE> --split 100 -o <OUTPUT FILE> -c "/go/bin/nuclei -l {INPUT} -t /nuclei-templates/technologies/tech-detect.yaml"

Newer versions of Nuclei need a place to write config files, this can be done as shown:

python shadowclone.py -i <WEB DOMAINS FILE> -c "nuclei -duc -l {INPUT} -t /nuclei-templates/technologies/tech-detect.yaml -config-directory /tmp/"

puredns resolve

python shadowclone.py -i <SUBDOMAINS FILE> --split 100 -o <OUTPUT FILE> -c "/go/bin/puredns resolve {INPUT} --resolvers /function/resolvers.txt"

dnsx DNS bruteforcing

python shadowclone.py -i <WORDLIST FILE> -s 100 --no-split <RESOLVERS FILE> -c "dnsx -w {INPUT} -r {NOSPLIT} -d tesla.com -resp -silent"

DEPRECATED This is not maintained anymore.

shadowbrute.py

This tool simply distributes a wordlist into 1mb chunks and distributes to functions

syntax is pretty simple:

usage: shadowbrute.py [-h] -d DOMAIN -w WORDLIST [-o OUTPUT]

optional arguments:
  -h, --help            show this help message and exit
  -d DOMAIN, --domain DOMAIN
  -w WORDLIST, --wordlist WORDLIST
                        Path to local wordlist file
  -o OUTPUT, --output OUTPUT
                        Write output to a file

Just provide a domain name -d, a local wordlist file and output file path. The wordlist will be divided in chunks of 1mb each and distributed to cloud functions to run parallely. It just runs puredns which is already packaged in the default container image as well as uses a default resolvers file and prints out the results. If you have updated the container image, you will have to update the script accordingly.

Clone this wiki locally