Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

Overview

Recon
👑 Recon 👑

The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot!

Usage 💡

Help Menu

Basic usage

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt

Quiet mode

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -q

Recommended usage

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -g [github_api_key] -s [shodan_api_key] -f

Usage

Help menu 🔎

Option Value
-h, --help Look at the complete help menu
-d domain.com
-w Path to your wordlist. Some wordlists I've already added by default to ./wordlists
-f Fuzzing mode. When passing this argument, the Fuzzing step to confirm possible vulnerabilities will be added. Directory Fuzzing will remain enabled regardless of whether the argument is passed or not. I recommend not to use this if you want to do a recon faster.
-g GitHub API Key. This parameter is used when searching for subdomains
-s Shodan API Key. This parameter is used to automate the search for domains associated with your target(Requires API Key premium). If you don't have it, you can do the searches manually and the dorks are saved in the output folder.
-o Your output folder. If you don't specify the parameter, all the results of the script will be saved in a folder with your target's name inside the script path
-q Quiet mode. All banners and details of the script's execution will not be shown in the terminal, but everything that is executed in normal mode is executed as well. You will be able to see all the results in detail in your output folder

Features

ASN Enumeration

Subdomain Enumeation

Alive Domains

WAF Detect

Domain organization

  • Regular expressions

Subdomain Takeover

DNS Lookup

Discovering IPs

DNS Enumeration and Zone Transfer

Favicon Analysis

Directory Fuzzing

Google Hacking

GitHub Dorks

Credential Stuffing

Screenshots

Port Scan

Link Discovery

Endpoints Enumeration and Finding JS files

Vulnerabilities

  • Nuclei ➔ I used all the default templates

403 Forbidden Bypass

XSS

LFI

RCE

  • My GrepVuln function

Open Redirect

  • My GrepVuln function

SQLi

Installation

I made a script that automates the installation of all tools. I tried to do it with the intention of having compatibility with the most used systems in Pentest and Bug Bounty.

git clone https://github.com/dirsoooo/Recon.git
cd Recon/
chmod +x recon.sh
chmod +x installation.sh
./installation.sh

Please DO NOT remove any of the files inside the folder, they are all important!

Installation script tested on:

  • Kali Linux
  • Arch Linux
  • BlackArch Linux
  • Ubuntu
  • Parrot Security

Poject Mindmap

Mindmap

License

Recon was entirely coded with by @Dirsoooo and it is released under the MIT license.

Buy me a coffee

If you liked my job and want to support me in some way, buy me a coffee 😁

You might also like...
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.

WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.

wpdisect WpDisect is a wordpress hacking tool that finds misconfigurations in wordpress. Prerequisites You need to download wordpress in the wpdisect

Something I built to test for Log4J vulnerabilities on customer networks.

Log4J-Scanner Something I built to test for Log4J vulnerabilities on customer networks. I'm not responsible if your computer blows up, catches fire or

Visibility and Mitigation for Log4J vulnerabilities

Visibility and Mitigation for Log4J vulnerabilities Several scripts for the visibility and mitigation of Log4J vulnerabilities. Static Scanner - Linux

ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor
(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce. It is the ultimate log4j vulnerabilities assessor. It comes with four individual Python3 m

Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

A passive-recon tool that parses through found assets and interacts with the Hackerone API
A passive-recon tool that parses through found assets and interacts with the Hackerone API

Hackerone Passive Recon Tool A passive-recon tool that parses through found assets and interacts with the Hackerone API. Setup Simply run setup.sh to

Comments
  • Some tools not installed

    Some tools not installed

    I have run installation script and after I tried to use tool It's shows some tools not installed and to run installation script again I have done that also but not working I am using parrot os

    opened by Dixith1999 2
Releases(v1.0)
  • v1.0(May 25, 2021)

    The first version released.

    Features

    • ASN Enumeration
    • Subdomain Enumeation
    • Alive Domains
    • WAF Detect
    • Domain organization
    • Subdomain Takeover
    • DNS Lookup
      • Discovering IPs
      • DNS Enumeration
      • Zone Transfer
    • Favicon Analysis
    • Directory Fuzzing
    • Google Hacking
    • GitHub Dorks
    • Credential Stuffing
    • Screenshots
    • Port Scan
    • Link Discovery
      • Endpoints Enumeration
      • Find JS files
    • Vulnerabilities
      • 403 Forbidden Bypass
      • XSS
      • LFI
      • RCE
      • Open Redirect
      • SQLi
    Source code(tar.gz)
    Source code(zip)
Owner
Dirso
Programmer, Infosec Student, Ethical Hacker and Bug Bounty Hunter 👨🏾‍💻
Dirso
OLOP: One-Line & Obfuscated Python

OLOP: One-Line & Obfuscated Python This repository contains useful python modules for one-line and obfuscated python. pip install olop-ShadowLugia650

1 Jan 09, 2022
A traceroute tool that also displays IP information

infotr A traceroute tool that also displays IP information. This tool has only been tested on Linux. Quick Start First, install this tool from PyPI. p

K4YT3X 10 Oct 29, 2022
Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

Quickstart resources for the WiFi Nugget, a cat themed WiFi Security platform for beginners.

HakCat 62 Jan 08, 2023
Confluence Server Webwork OGNL injection

CVE-2021-26084 - Confluence Server Webwork OGNL injection An OGNL injection vulnerability exists that would allow an authenticated user and in some in

Fellipe Oliveira 295 Jan 06, 2023
Official implementation of the paper "Backdoor Attacks on Self-Supervised Learning".

SSL-Backdoor Abstract Large-scale unlabeled data has allowed recent progress in self-supervised learning methods that learn rich visual representation

UMBC Vision 44 Nov 21, 2022
JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you.

JS Deobfuscation is a Python script that deobfuscate JS code and it's time saver for you. Although it may not work with high degrees of obfuscation, it's a pretty nice tool to help you even if it's j

Quatrecentquatre 3 May 01, 2022
Implementation of an attack on a tropical algebra discrete logarithm based protocol

Implementation of an attack on a tropical algebra discrete logarithm based protocol This code implements the attack detailed in the paper: On the trop

3 Dec 30, 2021
Automated tool to exploit basic buffer overflow remotely and locally & x32 and x64

Automated tool to exploit basic buffer overflow (remotely or locally) & (x32 or x64)

5 Oct 09, 2022
Generate MIPS reverse shell shellcodes easily !

MIPS-Reverse MIPS-Reverse is a tool that can generate shellcodes for the MIPS architecture that launches a reverse shell where you can specify the IP

29 Jul 27, 2021
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

11 Apr 02, 2022
NS-LOOKUP - A python script for scanning website for getting ip address of a website

NS-LOOKUP A python script for scanning website for getting ip address of a websi

Spider Anongreyhat 5 Aug 02, 2022
Herramienta para descargar eventos de Sucuri WAF hacia disco.

Descarga los eventos de Sucuri Script para descargar los eventos del Sucuri Web Application Firewall (WAF) en el disco como archivos CSV. Requerimient

CSIRT-RD 2 Nov 29, 2021
利用NTLM Hash读取Exchange邮件

GetMail 利用NTLM Hash读取Exchange邮件:在进行内网渗透时候,我们经常拿到的是账号的Hash凭据而不是明文口令。在这种情况下采用邮件客户端或者WEBMAIL的方式读取邮件就很麻烦,需要进行破解,NTLM的破解主要依靠字典强度,破解概率并不是很大。

<a href=[email protected]"> 388 Dec 27, 2022
We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. 🕵️

Pardus Lookout We protect the privacy of the data on your computer by using the camera of your Debian based Pardus operating system. The application i

Ahmet Furkan DEMIR 19 Nov 18, 2022
BloodyAD is an Active Directory Privilege Escalation Framework

BloodyAD Framework BloodyAD is an Active Directory Privilege Escalation Framework, it can be used manually using bloodyAD.py or automatically by combi

757 Jan 07, 2023
Obfuscate your Python scripts better, faster.

⚜️ Berserker ⚜️ An unique Python3 obfuscator using Kyrie Eleison's encryption protocol, written in Python3. 📋 Examples 📋 Unobfuscated: input("Hello

Billy 81 Dec 07, 2022
test application for the licence key web app.

licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py

Carl Beattie 1 Oct 28, 2021
CVE-2021-26084 Remote Code Execution on Confluence Servers

CVE-2021-26084 CVE-2021-26084 Remote Code Execution on Confluence Servers. Dork Fofa: app="ATLASSIAN-Confluence" Usage Show help information. python P

FQ Hsu 63 Dec 30, 2022
POC for detecting the Log4Shell (Log4J RCE) vulnerability.

log4shell-poc-py POC for detecting the Log4Shell (Log4J RCE) vulnerability. Run on a system with python3 python3 log4shell-poc.py pathToTargetFile

BCC Risk Advisory 2 Dec 22, 2021
Password-Manager - This app can generate ,save , find and delete passwords.

Password-Manager This app can generate ,save , find and delete passwords. In the StartUp() Function , there are three buttons to choose from : Generat

1 Jan 01, 2022