👑
Recon
👑
The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot!
Usage
💡
Basic usage
❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt
Quiet mode
❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -q
Recommended usage
❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -g [github_api_key] -s [shodan_api_key] -f
Help menu
🔎
| Option | Value |
|---|---|
| -h, --help | Look at the complete help menu |
| -d | domain.com |
| -w | Path to your wordlist. Some wordlists I've already added by default to ./wordlists |
| -f | Fuzzing mode. When passing this argument, the Fuzzing step to confirm possible vulnerabilities will be added. Directory Fuzzing will remain enabled regardless of whether the argument is passed or not. I recommend not to use this if you want to do a recon faster. |
| -g | GitHub API Key. This parameter is used when searching for subdomains |
| -s | Shodan API Key. This parameter is used to automate the search for domains associated with your target(Requires API Key premium). If you don't have it, you can do the searches manually and the dorks are saved in the output folder. |
| -o | Your output folder. If you don't specify the parameter, all the results of the script will be saved in a folder with your target's name inside the script path |
| -q | Quiet mode. All banners and details of the script's execution will not be shown in the terminal, but everything that is executed in normal mode is executed as well. You will be able to see all the results in detail in your output folder |
Features
✅
ASN Enumeration
Subdomain Enumeation
- Assetfinder
- Subfinder
- Amass
- Findomain
- Sublist3r
- Knock
- SubDomainizer
- GitHub Sudomains
- RapidDNS
- Riddler
- SecurityTrails
Alive Domains
WAF Detect
Domain organization
- Regular expressions
Subdomain Takeover
DNS Lookup
Discovering IPs
DNS Enumeration and Zone Transfer
Favicon Analysis
Directory Fuzzing
Google Hacking
- Some Dorks that I consider important
- CredStuff-Auxiliary
- Googler
GitHub Dorks
Credential Stuffing
Screenshots
Port Scan
Link Discovery
Endpoints Enumeration and Finding JS files
Vulnerabilities
- Nuclei ➔ I used all the default templates
403 Forbidden Bypass
XSS
LFI
RCE
- My GrepVuln function
Open Redirect
- My GrepVuln function
SQLi
Installation
I made a script that automates the installation of all tools. I tried to do it with the intention of having compatibility with the most used systems in Pentest and Bug Bounty.
git clone https://github.com/dirsoooo/Recon.git
cd Recon/
chmod +x recon.sh
chmod +x installation.sh
./installation.sh
Please DO NOT remove any of the files inside the folder, they are all important!
Installation script tested on:
- Kali Linux
- Arch Linux
- BlackArch Linux
- Ubuntu
- Parrot Security
Poject Mindmap
License
Recon was entirely coded with
Buy me a coffee
☕
If you liked my job and want to support me in some way, buy me a coffee
12 Dec 2, 2022
3 Nov 16, 2021
3 Feb 20, 2022
1 Dec 20, 2021
15 May 21, 2022
11 Apr 2, 2022
1 Jan 11, 2022
208 Dec 15, 2022
4 Jan 13, 2022
3 Apr 02, 2022
9 Nov 23, 2022
19 Sep 07, 2022
17 Dec 11, 2022
4 Apr 05, 2022
146 Jan 03, 2023
108 Jan 07, 2023
2 Nov 22, 2022
25 Sep 23, 2022
35 Apr 17, 2022
1.9k Dec 26, 2022
1 Jan 11, 2022
9 Jun 01, 2022
53 Nov 09, 2022
23 Jul 05, 2022
33 Jul 01, 2022
95 Dec 27, 2022
75 Nov 25, 2022
121 Dec 14, 2022
1 Nov 24, 2022