Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

Overview

Recon
πŸ‘‘ Recon πŸ‘‘

The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot!

Usage πŸ’‘

Help Menu

Basic usage

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt

Quiet mode

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -q

Recommended usage

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -g [github_api_key] -s [shodan_api_key] -f

Usage

Help menu πŸ”Ž

Option Value
-h, --help Look at the complete help menu
-d domain.com
-w Path to your wordlist. Some wordlists I've already added by default to ./wordlists
-f Fuzzing mode. When passing this argument, the Fuzzing step to confirm possible vulnerabilities will be added. Directory Fuzzing will remain enabled regardless of whether the argument is passed or not. I recommend not to use this if you want to do a recon faster.
-g GitHub API Key. This parameter is used when searching for subdomains
-s Shodan API Key. This parameter is used to automate the search for domains associated with your target(Requires API Key premium). If you don't have it, you can do the searches manually and the dorks are saved in the output folder.
-o Your output folder. If you don't specify the parameter, all the results of the script will be saved in a folder with your target's name inside the script path
-q Quiet mode. All banners and details of the script's execution will not be shown in the terminal, but everything that is executed in normal mode is executed as well. You will be able to see all the results in detail in your output folder

Features βœ…

ASN Enumeration

Subdomain Enumeation

Alive Domains

WAF Detect

Domain organization

  • Regular expressions

Subdomain Takeover

DNS Lookup

Discovering IPs

DNS Enumeration and Zone Transfer

Favicon Analysis

Directory Fuzzing

Google Hacking

GitHub Dorks

Credential Stuffing

Screenshots

Port Scan

Link Discovery

Endpoints Enumeration and Finding JS files

Vulnerabilities

  • Nuclei βž” I used all the default templates

403 Forbidden Bypass

XSS

LFI

RCE

  • My GrepVuln function

Open Redirect

  • My GrepVuln function

SQLi

Installation

I made a script that automates the installation of all tools. I tried to do it with the intention of having compatibility with the most used systems in Pentest and Bug Bounty.

git clone https://github.com/dirsoooo/Recon.git
cd Recon/
chmod +x recon.sh
chmod +x installation.sh
./installation.sh

Please DO NOT remove any of the files inside the folder, they are all important!

Installation script tested on:

  • Kali Linux
  • Arch Linux
  • BlackArch Linux
  • Ubuntu
  • Parrot Security

Poject Mindmap

Mindmap

License

Recon was entirely coded with ❀ by @Dirsoooo and it is released under the MIT license.

Buy me a coffee β˜•

If you liked my job and want to support me in some way, buy me a coffee 😁

You might also like...
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.

WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.

wpdisect WpDisect is a wordpress hacking tool that finds misconfigurations in wordpress. Prerequisites You need to download wordpress in the wpdisect

Something I built to test for Log4J vulnerabilities on customer networks.

Log4J-Scanner Something I built to test for Log4J vulnerabilities on customer networks. I'm not responsible if your computer blows up, catches fire or

Visibility and Mitigation for Log4J vulnerabilities

Visibility and Mitigation for Log4J vulnerabilities Several scripts for the visibility and mitigation of Log4J vulnerabilities. Static Scanner - Linux

ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor
(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce. It is the ultimate log4j vulnerabilities assessor. It comes with four individual Python3 m

Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

A passive-recon tool that parses through found assets and interacts with the Hackerone API
A passive-recon tool that parses through found assets and interacts with the Hackerone API

Hackerone Passive Recon Tool A passive-recon tool that parses through found assets and interacts with the Hackerone API. Setup Simply run setup.sh to

Comments
  • Some tools not installed

    Some tools not installed

    I have run installation script and after I tried to use tool It's shows some tools not installed and to run installation script again I have done that also but not working I am using parrot os

    opened by Dixith1999 2
Releases(v1.0)
  • v1.0(May 25, 2021)

    The first version released.

    Features

    • ASN Enumeration
    • Subdomain Enumeation
    • Alive Domains
    • WAF Detect
    • Domain organization
    • Subdomain Takeover
    • DNS Lookup
      • Discovering IPs
      • DNS Enumeration
      • Zone Transfer
    • Favicon Analysis
    • Directory Fuzzing
    • Google Hacking
    • GitHub Dorks
    • Credential Stuffing
    • Screenshots
    • Port Scan
    • Link Discovery
      • Endpoints Enumeration
      • Find JS files
    • Vulnerabilities
      • 403 Forbidden Bypass
      • XSS
      • LFI
      • RCE
      • Open Redirect
      • SQLi
    Source code(tar.gz)
    Source code(zip)
Owner
Dirso
Programmer, Infosec Student, Ethical Hacker and Bug Bounty Hunter πŸ‘¨πŸΎβ€πŸ’»
Dirso
A collection of write-ups and solutions for Cyber FastTrack Spring 2021.

IMPORTANT: Please contact us before you use any styling or content shown here! Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition -

Alice 48 Aug 28, 2022
Generate obfuscated meterpreter shells

Generator Evade AV with obfuscated payloads Installation must install dotnet prior to running the script with net45 Running ./generator.py -ip Your-I

Fawaz Al-Mutairi 219 Nov 28, 2022
A knockoff social-engineer toolkit

The Python SE Dopp Kit is a social engineering toolkit with many purposes. It contains 5 different modules designed to be of assistance in different s

48 Nov 26, 2022
Springboot directory scanning

Springboot directory scanning

WINEZERO 87 Dec 28, 2022
telegram bug that discloses user's hidden phone number (still unpatched) (exploit included)

CVE-2019-15514 Type: Information Disclosure Affected Users, Versions, Devices: All Telegram Users Still not fixed/unpatched. brute.py is available exp

Gray Programmerz 66 Dec 08, 2022
Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than F

Christopher Roberts 3 Nov 16, 2021
Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source

Infoga - Email OSINT Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pg

m4ll0k (mallok) 1.8k Jan 04, 2023
Huskee: Malware made in Python for Educational purposes

π‡π”π’πŠπ„π„ Caracteristicas: Discord Token Grabber Wifi Passwords Grabber Googl

chew 4 Aug 17, 2022
Proof of Concept Exploit for ManageEngine ServiceDesk Plus CVE-2021-44077

CVE-2021-44077 Proof of Concept Exploit for CVE-2021-44077: PreAuth RCE in ManageEngine ServiceDesk Plus 11306 Based on: https://xz.aliyun.com/t/106

Horizon 3 AI Inc 25 Nov 09, 2022
Ethereum transaction decoder (community version).

EthTx Community Edition Community version of EthTx transaction decoder Local environment For local instance, you need few things: Depending on your di

240 Dec 21, 2022
Dahua IPC/VTH/VTO devices auth bypass exploit

CVE-2021-33044 Dahua IPC/VTH/VTO devices auth bypass exploit About: The identity authentication bypass vulnerability found in some Dahua products duri

Ashish Kunwar 23 Dec 02, 2022
POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V

antx 9 Aug 31, 2022
Tools to make working the Arch Linux Security Tracker easier

This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

Jonas Witschel 6 Jul 13, 2022
KeyKatcher is a keylogger that records keystrokes made on a computer and sends to the E-Mail.

What is a keylogger? A keylogger is a software application or piece of hardware that monitors and records keystrokes made on a computer keyboard. The

Himank_Jain 7 Sep 19, 2022
Um script simples de Port Scan + DNS by Hostname

πŸ–₯ PortScan-DNS Esta Γ© uma ferramenta simples de Port Scan + DNS by Hostname... πŸ’» | DNS Resolver / by Hostname: HOST IP EXTERNO IP INTERNO πŸ’» | Port

AlbΓ’niaSecurity-RT 7 Dec 08, 2022
π™Ύπš™πšŽπš— πš‚πš˜πšžπš›πšŒπšŽ πš‚πšŒπš›πš’πš™πš - π™½πš˜ π™²πš˜πš™πš’πš›πš’πšπš‘πš - πšƒπšŽπšŠπš– πš†πš˜πš›πš” - πš‚πš’πš–πš™πš•πšŽ π™Ώπš’πšπš‘πš˜πš— π™Ώπš›πš˜πš“πšŽπšŒπš - π™²πš›πšŽπšŠπšπšŽπš π™±πš’ : π™°πš•πš• πšƒπšŽπšŠπš– - π™²πš˜πš™πš’π™ΏπšŠπšœπš π™²πšŠπš— π™½πš˜πš π™ΌπšŠπš”πšŽ 𝚈𝚘𝚞 πšπšŽπšŠπš• π™Ώπš›πš˜πšπš›πšŠπš–πš–πšŽπš›

π™Ύπš™πšŽπš— πš‚πš˜πšžπš›πšŒπšŽ πš‚πšŒπš›πš’πš™πš - π™½πš˜ π™²πš˜πš™πš’πš›πš’πšπš‘πš - πšƒπšŽπšŠπš– πš†πš˜πš›πš” - πš‚πš’πš–πš™πš•πšŽ π™Ώπš’πšπš‘πš˜πš— π™Ώπš›πš˜πš“πšŽπšŒπš - π™²πš›πšŽπšŠπšπšŽπš π™±πš’ : π™°πš•πš• πšƒπšŽπšŠπš– - π™²πš˜πš™πš’π™ΏπšŠπšœπš π™²πšŠπš— π™½πš˜πš π™ΌπšŠπš”πšŽ 𝚈𝚘𝚞 πšπšŽπšŠπš• π™Ώπš›πš˜πšπš›πšŠπš–πš–πšŽπš›

CodeX-ID 2 Oct 27, 2022
Malware for Discord, designed to steal passwords, tokens, and inject discord folders for long-term use.

Vital What is Vital? Vital is malware primarily used to collect and extract information from the Discord desktop client. While it has other features (

HellSec 59 Dec 01, 2022
πŸ” A simple command-line password manager.

PassVault What Is It? It is a command-line password manager, for educational purposes, that stores localy, in AES encryption, your sensitives datas in

5 Aug 15, 2022
Simple script for looping a Denial Of Service (DoS) attack over one single mac address in range

Bluetooth Simple Denial Of Service (DoS) Legal Note This project is made only for educational purposes and for helping in Proofs of Concept. The autho

1 Jan 09, 2022
This repository will contain python scripts for hackers and pentesters

This repository will contain python scripts for hackers and pentesters. stop being limited with availble tools. Build your own.

0xTRAW 24 Nov 29, 2022