What
I used this script to solve Recon 10 challenge on Pentesterlab (FREE).
Source
#!/usr/bin/python3
import sre_yield
for each in sre_yield.AllStrings(r'0x[a-f0-9][a-f0-9]\.a\.hackycorp\.com'):
os.system("wget " + each + "/logo.png")
Prep
On Kali, I had to install sre_yield with pip3 install sre_yield.
Run
chmod +x download-recon10.py && python3 download-recon10.py
Misc
Aquatone was recommended in the challenge description. For this, I’ve modified the above script to generate the list of urls in a text file:
#!/usr/bin/python3
import sre_yield
df=open('urls.txt','w')
for each in sre_yield.AllStrings(r'https://0x[a-z0-9][a-z0-9]\.a\.hackycorp\.com'):
df.write(str(each))
df.write('\n')
df.close()
Generate the list of urls with chmod +x urllist.py && python3 urllist.py, then run cat urls.txt | aquatone -chrome-path /opt/google/chrome/chrome -debug.
If we know what specific file we would need to solve the challenge, the first method is much faster.