#!/bin/bash OUTFILE="/c/Users/Squir/Desktop/Burkina Faso/DUMP/BANKING-TELECOM-ENTERPRISE/probe-results.txt" CURL_CMD="curl -s --connect-timeout 10 --max-time 20 -L" CURLI_CMD="curl -sI --connect-timeout 10 --max-time 20 -L" probe_domain() { local DOMAIN="$1" local LABEL="$2" echo "" >> "$OUTFILE" echo "================================================================================" >> "$OUTFILE" echo "TARGET: $LABEL" >> "$OUTFILE" echo "DOMAIN: $DOMAIN" >> "$OUTFILE" echo "Probed: $(date +%Y-%m-%d\ %H:%M:%S)" >> "$OUTFILE" echo "================================================================================" >> "$OUTFILE" local BASE_URL="" local GOT_RESPONSE=0 local SERVER="" local POWERED="" # 1. Homepage headers echo "" >> "$OUTFILE" echo "--- [1] HOMEPAGE HEADERS ---" >> "$OUTFILE" for proto in https http; do local url="${proto}://${DOMAIN}" echo " Trying: ${url}/" >> "$OUTFILE" HEADERS=$($CURLI_CMD "${url}/" 2>&1) if [ $? -eq 0 ] && [ -n "$HEADERS" ]; then echo "$HEADERS" >> "$OUTFILE" BASE_URL="$url" GOT_RESPONSE=1 SERVER=$(echo "$HEADERS" | grep -i "^server:" | head -1) POWERED=$(echo "$HEADERS" | grep -i "^x-powered-by:" | head -1) if [ -n "$SERVER" ]; then echo " >> SERVER: $SERVER" >> "$OUTFILE" fi if [ -n "$POWERED" ]; then echo " >> POWERED-BY: $POWERED" >> "$OUTFILE" fi break else echo " [No response from ${url}]" >> "$OUTFILE" fi done if [ $GOT_RESPONSE -eq 0 ]; then echo " *** DOMAIN UNREACHABLE ON BOTH HTTP AND HTTPS ***" >> "$OUTFILE" return fi # 2. WordPress API echo "" >> "$OUTFILE" echo "--- [2] WORDPRESS API (wp-json) ---" >> "$OUTFILE" WPJSON=$($CURL_CMD "${BASE_URL}/wp-json/" 2>&1 | head -c 800) if [ -n "$WPJSON" ] && echo "$WPJSON" | grep -qi "wp\|wordpress\|routes\|namespaces"; then echo " *** WORDPRESS API DETECTED ***" >> "$OUTFILE" echo "$WPJSON" >> "$OUTFILE" else echo " [No WordPress API found]" >> "$OUTFILE" if [ -n "$WPJSON" ] && [ ${#WPJSON} -gt 5 ]; then echo " Response preview: $(echo "$WPJSON" | head -c 200)" >> "$OUTFILE" fi fi # 3. Common API paths echo "" >> "$OUTFILE" echo "--- [3] COMMON API PATHS ---" >> "$OUTFILE" for path in /api/ /api/v1/ /api/v2/ /graphql /swagger /swagger-ui/ /api-docs /openapi.json /swagger.json /v1/ /v2/ /rest/ /api/index.php; do RESP=$($CURLI_CMD "${BASE_URL}${path}" 2>&1) HTTP_CODE=$(echo "$RESP" | grep -i "^HTTP/" | tail -1 | awk '{print $2}') if [ -n "$HTTP_CODE" ] && [ "$HTTP_CODE" != "404" ] && [ "$HTTP_CODE" != "000" ]; then LOCATION=$(echo "$RESP" | grep -i "^location:" | head -1) echo " ${path} -> HTTP ${HTTP_CODE} ${LOCATION}" >> "$OUTFILE" if [ "$HTTP_CODE" = "200" ]; then BODY=$($CURL_CMD "${BASE_URL}${path}" 2>&1 | head -c 500) if [ -n "$BODY" ]; then echo " Body preview: ${BODY}" >> "$OUTFILE" fi fi fi done # 4. robots.txt echo "" >> "$OUTFILE" echo "--- [4] ROBOTS.TXT ---" >> "$OUTFILE" ROBOTS=$($CURL_CMD "${BASE_URL}/robots.txt" 2>&1 | head -c 1500) if [ -n "$ROBOTS" ] && echo "$ROBOTS" | grep -qi "user-agent\|disallow\|sitemap\|allow"; then echo "$ROBOTS" >> "$OUTFILE" else echo " [No robots.txt found or not standard format]" >> "$OUTFILE" fi # 5. Joomla API echo "" >> "$OUTFILE" echo "--- [5] JOOMLA API ---" >> "$OUTFILE" JOOMLA_H=$($CURLI_CMD "${BASE_URL}/api/index.php/v1" 2>&1) JOOMLA_CODE=$(echo "$JOOMLA_H" | grep -i "^HTTP/" | tail -1 | awk '{print $2}') if [ -n "$JOOMLA_CODE" ] && [ "$JOOMLA_CODE" != "404" ]; then echo " /api/index.php/v1 -> HTTP ${JOOMLA_CODE}" >> "$OUTFILE" JOOMLA=$($CURL_CMD "${BASE_URL}/api/index.php/v1" 2>&1 | head -c 500) if [ -n "$JOOMLA" ]; then echo " Response: ${JOOMLA}" >> "$OUTFILE" fi else echo " [No Joomla API found]" >> "$OUTFILE" fi JOOMLA_XML=$($CURL_CMD "${BASE_URL}/administrator/manifests/files/joomla.xml" 2>&1 | head -c 500) if echo "$JOOMLA_XML" | grep -qi "joomla\|version"; then echo " *** JOOMLA DETECTED via manifest ***" >> "$OUTFILE" echo " ${JOOMLA_XML}" >> "$OUTFILE" fi # 6. Admin panels echo "" >> "$OUTFILE" echo "--- [6] ADMIN PANELS ---" >> "$OUTFILE" for path in /admin /admin/ /administrator/ /wp-admin/ /login /login/ /user/login /panel/ /dashboard/ /cpanel /webmail /phpmyadmin/ /adminer/ /manager/ /wp-login.php; do RESP=$($CURLI_CMD "${BASE_URL}${path}" 2>&1) HTTP_CODE=$(echo "$RESP" | grep -i "^HTTP/" | tail -1 | awk '{print $2}') if [ -n "$HTTP_CODE" ] && [ "$HTTP_CODE" != "404" ] && [ "$HTTP_CODE" != "000" ]; then LOCATION=$(echo "$RESP" | grep -i "^location:" | head -1) echo " ${path} -> HTTP ${HTTP_CODE} ${LOCATION}" >> "$OUTFILE" fi done # 7. Config leaks echo "" >> "$OUTFILE" echo "--- [7] CONFIG / SENSITIVE FILE LEAKS ---" >> "$OUTFILE" for path in /.env /config.php /web.config /config.json /config.yml /configuration.php /.git/HEAD /.git/config /composer.json /package.json /.htaccess /phpinfo.php /info.php /server-status /server-info /.DS_Store /backup.zip /debug /elmah.axd /trace.axd /wp-config.php.bak "/.well-known/security.txt"; do RESP=$($CURL_CMD -w "\nHTTPCODE:%{http_code}" "${BASE_URL}${path}" 2>&1) HTTP_CODE=$(echo "$RESP" | grep "HTTPCODE:" | sed 's/HTTPCODE://') BODY=$(echo "$RESP" | grep -v "HTTPCODE:" | head -c 500) BODYLEN=${#BODY} if [ "$HTTP_CODE" = "200" ] && [ $BODYLEN -gt 10 ]; then echo " *** ${path} -> HTTP 200 (${BODYLEN} bytes) ***" >> "$OUTFILE" echo " Preview: $(echo "$BODY" | head -c 300)" >> "$OUTFILE" elif [ "$HTTP_CODE" = "403" ]; then echo " ${path} -> HTTP 403 (Forbidden - exists but protected)" >> "$OUTFILE" fi done # Summary echo "" >> "$OUTFILE" echo "--- SUMMARY for ${DOMAIN} ---" >> "$OUTFILE" echo " Base URL: ${BASE_URL}" >> "$OUTFILE" echo " Responded: YES" >> "$OUTFILE" if [ -n "$SERVER" ]; then echo " ${SERVER}" >> "$OUTFILE"; fi if [ -n "$POWERED" ]; then echo " ${POWERED}" >> "$OUTFILE"; fi echo "--------------------------------------------------------------------------------" >> "$OUTFILE" } echo "[*] Starting probe run..." # BANKING / FINANCE echo "" >> "$OUTFILE" echo "########################################################################" >> "$OUTFILE" echo "# BANKING / FINANCE TARGETS #" >> "$OUTFILE" echo "########################################################################" >> "$OUTFILE" echo "[*] === BANKING / FINANCE ===" probe_domain "bicia.bf" "BICIA-B Bank (bicia.bf)" echo " [+] bicia.bf done" probe_domain "biciab.bf" "BICIA-B Bank (biciab.bf)" echo " [+] biciab.bf done" probe_domain "coris-bank.com" "Coris Bank (coris-bank.com)" echo " [+] coris-bank.com done" probe_domain "corisbank.bf" "Coris Bank (corisbank.bf)" echo " [+] corisbank.bf done" probe_domain "ecobank.com" "Ecobank (ecobank.com)" echo " [+] ecobank.com done" probe_domain "sgbf.bf" "Societe Generale BF (sgbf.bf)" echo " [+] sgbf.bf done" probe_domain "societegenerale.bf" "Societe Generale BF (societegenerale.bf)" echo " [+] societegenerale.bf done" probe_domain "bsic.bf" "BSIC Bank (bsic.bf)" echo " [+] bsic.bf done" probe_domain "bcb.bf" "Banque Commerciale (bcb.bf)" echo " [+] bcb.bf done" probe_domain "wendkuni-bank.bf" "Wendkuni Bank (wendkuni-bank.bf)" echo " [+] wendkuni-bank.bf done" probe_domain "bceao.int" "BCEAO Central Bank (bceao.int)" echo " [+] bceao.int done" probe_domain "boad.org" "BOAD Dev Bank (boad.org)" echo " [+] boad.org done" probe_domain "crepmf.org" "CREPMF Stock Regulator (crepmf.org)" echo " [+] crepmf.org done" probe_domain "brvm.org" "BRVM Stock Exchange (brvm.org)" echo " [+] brvm.org done" echo "[*] Banking/Finance complete." # TELECOM echo "" >> "$OUTFILE" echo "########################################################################" >> "$OUTFILE" echo "# TELECOM TARGETS #" >> "$OUTFILE" echo "########################################################################" >> "$OUTFILE" echo "[*] === TELECOM ===" probe_domain "moov-africa.bf" "Moov Africa BF (moov-africa.bf)" echo " [+] moov-africa.bf done" probe_domain "moov.bf" "Moov BF (moov.bf)" echo " [+] moov.bf done" probe_domain "orange.bf" "Orange BF (orange.bf)" echo " [+] orange.bf done" probe_domain "onatel.bf" "ONATEL (onatel.bf)" echo " [+] onatel.bf done" probe_domain "faso-net.bf" "FasoNet (faso-net.bf)" echo " [+] faso-net.bf done" probe_domain "fasonet.bf" "FasoNet (fasonet.bf)" echo " [+] fasonet.bf done" echo "[*] Telecom complete." # MAJOR ENTERPRISE echo "" >> "$OUTFILE" echo "########################################################################" >> "$OUTFILE" echo "# MAJOR ENTERPRISE TARGETS #" >> "$OUTFILE" echo "########################################################################" >> "$OUTFILE" echo "[*] === MAJOR ENTERPRISE ===" probe_domain "sonabel.bf" "SONABEL Electricity (sonabel.bf)" echo " [+] sonabel.bf done" probe_domain "onea.bf" "ONEA Water (onea.bf)" echo " [+] onea.bf done" probe_domain "sitarail.bf" "SITARAIL Railway (sitarail.bf)" echo " [+] sitarail.bf done" probe_domain "aeroport-ouaga.bf" "Ouaga Airport (aeroport-ouaga.bf)" echo " [+] aeroport-ouaga.bf done" probe_domain "aeroports.bf" "Airports BF (aeroports.bf)" echo " [+] aeroports.bf done" probe_domain "air-burkina.com" "Air Burkina (air-burkina.com)" echo " [+] air-burkina.com done" probe_domain "cameg.bf" "CAMEG Pharma (cameg.bf)" echo " [+] cameg.bf done" probe_domain "cmu.bf" "CMU Health (cmu.bf)" echo " [+] cmu.bf done" probe_domain "rss-bf.org" "RSS Social Security (rss-bf.org)" echo " [+] rss-bf.org done" echo "[*] Enterprise complete." echo "[*] All probes finished."