Um sistema abrangente e modular para configuração automatizada de ambientes de desenvolvimento Linux, com suporte a múltiplas distribuiçáes e window managers.
Este projeto oferece uma solução completa para setup de ambientes de desenvolvimento, incluindo:
- Múltiplas distribuiçáes Linux (Ubuntu, Arch Linux)
- VΓ‘rios window managers (Hyprland, i3wm, Qtile)
- Ferramentas de desenvolvimento (Python, Go, Neovim)
- Ferramentas de segurança (pentest/hacking tools)
- Configuraçáes otimizadas para terminal e editores
- Templates customizados para reconnaissance e security testing
- Sistema Linux (Ubuntu 20.04+, Arch Linux)
- Git
- curl
- sudo (para instalação de pacotes do sistema)
git clone https://github.com/mswell/dotfiles.git
cd dotfiles
./install.shO script install.sh oferece 7 opçáes principais:
| Opção | Descrição | Destino |
|---|---|---|
| [1] Ubuntu VPS | Setup completo para Ubuntu Server | Servidores, desenvolvimento web |
| [2] Archlinux com Hyprland | Arch Linux + Wayland + Hyprland | Desktop moderno, Wayland |
| [3] Install Hacktools | Ferramentas de pentest/segurança | Security testing, CTF |
| [4] Install Pyenv | Ambiente Python com pyenv | Desenvolvimento Python |
| [5] Archlinux com i3wm | Arch Linux + i3 Window Manager | Desktop tiling, X11 |
| [6] Archlinux WSL | Arch Linux no Windows Subsystem | WSL, desenvolvimento cruzado |
| [7] Archlinux DE | Arch Linux + Desktop Environment | Ambiente desktop tradicional |
Cada distribuição tem seu próprio diretório de setup com scripts especializados:
setup/
βββ ubuntu/ # Scripts Ubuntu (base.sh, devel.sh, apps.sh, terminal.sh)
βββ ArchHypr/ # Arch + Hyprland (base.sh, apps.sh, fonts.sh, terminal.sh)
βββ ArchI3wm/ # Arch + i3wm (base.sh, apps.sh, fonts.sh, terminal.sh)
βββ ArchWSL/ # Arch WSL (base.sh, apps.sh, terminal.sh)
βββ ArchDE/ # Arch Desktop Environment (base.sh, apps.sh, fonts.sh, terminal.sh)
pyenv_install.sh: Gerenciamento de versáes Pythoninstall_golang.sh: Instalação do Goinstall_hacktools.sh: Ferramentas de segurançaterminal.sh: Configuração de terminalcopy_dots.sh: Cópia de arquivos de configuração
- Python: pyenv para mΓΊltiplas versΓ΅es
- Go: Instalação e configuração
- Neovim: Editor moderno com Lua
- Git: Configuraçáes otimizadas
- Tmux: Multiplexador de terminal
- ZSH: Shell com Powerlevel10k
- Kitty: Terminal GPU-accelerated
- WezTerm: Terminal moderno
- Ghostty: Terminal Wayland-native
- Fish: Shell alternativa
- Hyprland: Wayland compositor
- i3wm: Tiling window manager
- Qtile: Window manager Python
- Waybar: Status bar para Wayland
- Nuclei: Scanner de vulnerabilidades
- Custom templates: Templates personalizados
- Recon tools: Ferramentas de reconnaissance
- MongoDB integration: Database para resultados
- Catppuccin: Tema moderno
- Tokyo Night: Tema dark
- Cyberdream: Tema cyberpunk
- Oxocarbon: Tema minimalista
config/
βββ zsh/ # Configuraçáes ZSH
β βββ functions.zsh # Funçáes personalizadas
β βββ alias.zsh # Aliases
β βββ custom.zsh # Configuraçáes customizadas
β βββ .zshrc # Arquivo principal
βββ kitty/ # Temas Kitty
βββ wezterm/ # Configuraçáes WezTerm
βββ hypr/ # Configuração Hyprland
βββ i3/ # Configuração i3wm
βββ nvim/ # Configuração Neovim
βββ themes/ # Temas adicionais
functions.zsh: Funçáes utilitÑriascustom.zsh: Fluxos de trabalho personalizadosalias.zsh: Aliases para produtividade
Ideal para servidores e desenvolvimento web:
./install.sh # Escolher opção 1Desktop moderno com Wayland:
./install.sh # Escolher opção 2./install.sh # Escolher opção 3./install.sh # Escolher opção 4Este dotfiles inclui um toolkit completo de reconhecimento para bug bounty hunters, com funçáes ZSH modulares que automatizam o fluxo de recon.
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β RECON WORKFLOW β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β
β workspaceRecon "target.com" β Cria workspace: target.com/YYYY-MM-DD/ β
β β β
β βΌ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β SUBDOMAIN ENUMERATION β β
β β subdomainenum β subfinder, amass, crt.sh β dnsx resolve β β
β β subPermutation β alterx + puredns (permutations) β β
β β Output: clean.subdomains β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βΌ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β PORT SCANNING β β
β β naabuRecon β Top 100 ports scan β β
β β naabuFullPorts β Full port range (excl. common) β β
β β Output: naabuScan β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βΌ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β HTTP PROBING β β
β β getalive β httpx probe, categoriza por status code β β
β β Output: ALLHTTP, 200HTTP, 403HTTP, Without404 β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βΌ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β CRAWLING & DATA β β
β β crawler β gospider, waybackurls, gau, katana β β
β β JScrawler β JavaScript file discovery β β
β β getjsurls β JS URL extraction + validation β β
β β secretfinder β Secrets in JS files β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β β
β βΌ β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β VULNERABILITY SCANNING β β
β β Nuclei Scans β exposureNuc, GitScan, XssScan, nucTakeover β β
β β xsshunter β Multi-tool XSS detection β β
β β bypass4xx β 403/401 bypass attempts β β
β β prototypefuzz β Prototype pollution testing β β
β ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β
ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
| Função | Descrição | Input | Output |
|---|---|---|---|
workspaceRecon <domain> |
Cria workspace organizado por data | domain | domain/YYYY-MM-DD/ |
wellSubRecon |
Pipeline completo de subdomain enum | domains |
clean.subdomains |
subdomainenum |
Enum passivo (subfinder, amass, crt.sh) | domains |
all.subdomains, clean.subdomains |
subPermutation |
Gera permutaçáes com alterx + puredns | clean.subdomains |
permutations.txt |
subtakeover |
Detecta subdomain takeover | clean.subdomains |
subtakeover.txt |
| Função | Descrição | Input | Output |
|---|---|---|---|
naabuRecon |
Port scan top 100 portas | clean.subdomains |
naabuScan |
naabuFullPorts |
Port scan completo | clean.subdomains |
full_ports.txt |
getalive |
HTTP probe + categorização | naabuScan |
ALLHTTP, 200HTTP, 403HTTP |
screenshot |
Screenshots com aquatone | ALLHTTP |
aqua_out/ |
| Função | Descrição | Input | Output |
|---|---|---|---|
crawler |
Multi-tool crawler | Without404 |
crawlerResults.txt |
JScrawler |
Descobre arquivos JS | 200HTTP |
crawlJS, JSroot/ |
getjsurls |
Extrai e valida URLs JS | crawlerResults.txt |
js_livelinks.txt |
secretfinder |
Busca secrets em JS | js_livelinks.txt |
js_secrets_result |
getdata |
Salva todas as responses | ALLHTTP |
AllHttpData/ |
| Função | Descrição | Tags/Template |
|---|---|---|
exposureNuc |
Detecta exposiçáes | exposure |
GitScan |
Detecta .git exposto | git |
XssScan |
Scan XSS | xss |
nucTakeover |
Subdomain takeover | takeover |
graphqldetect |
Detecta endpoints GraphQL | graphql-detect |
swaggerUIdetect |
Detecta Swagger UI | swagger |
APIRecon |
Recon de APIs | custom workflow |
OpenRedirectScan |
Open redirect | redirect |
lfiScan |
LFI vulnerabilities | lfi |
| Função | Descrição | Input | Output |
|---|---|---|---|
xsshunter |
XSS multi-scanner (airixss, freq, xsstrike) | domains |
airixss.txt, FreqXSS.txt |
bypass4xx |
Bypass 403/401 | 403HTTP |
4xxbypass.txt |
prototypefuzz |
Prototype pollution | ALLHTTP |
notifications |
Corstest |
CORS misconfiguration | roots |
CORSHTTP |
smuggling |
HTTP Request Smuggling | hosts |
smuggler_op.txt |
fufdir <url> |
Directory fuzzing | URL | stdout |
fufapi <url> |
API endpoint fuzzing | URL | stdout |
| Função | Descrição |
|---|---|
getfreshresolvers |
Baixa lista atualizada de resolvers DNS |
getalltxt |
Baixa wordlist all.txt do jhaddix |
certspotter <domain> |
Busca subdomains via CertSpotter |
crtsh <domain> |
Busca subdomains via crt.sh |
ipinfo <ip> |
Informaçáes de IP via ipinfo.io |
# Recon completo automatizado
wellRecon
# Recon com foco em APIs
newRecon
# Apenas Nuclei scans
wellNuclei# 1. Setup workspace
workspaceRecon example.com
# 2. Subdomain enumeration completo (inclui permutations)
wellSubRecon
# 3. Port scan + HTTP probe
naabuRecon
getalive
# 4. Crawling e coleta de JS
crawler
getjsurls
secretfinder
# 5. Vulnerability scanning
exposureNuc
XssScan
nucTakeover
bypass4xxO sistema inclui uma vasta coleção de ferramentas para:
- Web Application Security
- Network Reconnaissance
- Vulnerability Assessment
- Penetration Testing
- Custom Nuclei Templates
- Criar diretΓ³rio em
setup/ - Adicionar scripts base.sh, apps.sh, terminal.sh
- Atualizar menu em install.sh
- Documentar mudanças
- Editar arquivos em
config/ - Scripts de setup copiam automaticamente
- Testar mudanças antes de commitar
- English - English version
- PortuguΓͺs (Brasileiro) - VersΓ£o em portuguΓͺs
- Fork o projeto / Fork the project
- Criar branch para feature (
git checkout -b feature/AmazingFeature) / Create a feature branch - Commit mudanças (
git commit -m 'Add some AmazingFeature') / Commit your changes - Push branch (
git push origin feature/AmazingFeature) / Push to the branch - Abrir Pull Request / Open a Pull Request
Este projeto estÑ sob licença MIT. Veja o arquivo LICENSE para mais detalhes.
Wellington Moraes
