Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

Related tags

Security related resourcesxssreconvulnerabilitiespentestmethodologiesdorks
Overview

Recon
👑 Recon 👑

The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot!

Usage 💡

Help Menu

Basic usage

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt

Quiet mode

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -q

Recommended usage

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -g [github_api_key] -s [shodan_api_key] -f

Usage

Help menu 🔎

Option Value
-h, --help Look at the complete help menu
-d domain.com
-w Path to your wordlist. Some wordlists I've already added by default to ./wordlists
-f Fuzzing mode. When passing this argument, the Fuzzing step to confirm possible vulnerabilities will be added. Directory Fuzzing will remain enabled regardless of whether the argument is passed or not. I recommend not to use this if you want to do a recon faster.
-g GitHub API Key. This parameter is used when searching for subdomains
-s Shodan API Key. This parameter is used to automate the search for domains associated with your target(Requires API Key premium). If you don't have it, you can do the searches manually and the dorks are saved in the output folder.
-o Your output folder. If you don't specify the parameter, all the results of the script will be saved in a folder with your target's name inside the script path
-q Quiet mode. All banners and details of the script's execution will not be shown in the terminal, but everything that is executed in normal mode is executed as well. You will be able to see all the results in detail in your output folder

Features

ASN Enumeration

Subdomain Enumeation

Alive Domains

WAF Detect

Domain organization

  • Regular expressions

Subdomain Takeover

DNS Lookup

Discovering IPs

DNS Enumeration and Zone Transfer

Favicon Analysis

Directory Fuzzing

Google Hacking

GitHub Dorks

Credential Stuffing

Screenshots

Port Scan

Link Discovery

Endpoints Enumeration and Finding JS files

Vulnerabilities

  • Nuclei ➔ I used all the default templates

403 Forbidden Bypass

XSS

LFI

RCE

  • My GrepVuln function

Open Redirect

  • My GrepVuln function

SQLi

Installation

I made a script that automates the installation of all tools. I tried to do it with the intention of having compatibility with the most used systems in Pentest and Bug Bounty.

git clone https://github.com/dirsoooo/Recon.git
cd Recon/
chmod +x recon.sh
chmod +x installation.sh
./installation.sh

Please DO NOT remove any of the files inside the folder, they are all important!

Installation script tested on:

  • Kali Linux
  • Arch Linux
  • BlackArch Linux
  • Ubuntu
  • Parrot Security

Poject Mindmap

Mindmap

License

Recon was entirely coded with by @Dirsoooo and it is released under the MIT license.

Buy me a coffee

If you liked my job and want to support me in some way, buy me a coffee 😁

You might also like...
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities
WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

AnonyminHack5 12 Dec 2, 2022
Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.

Christopher Roberts 3 Nov 16, 2021
WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.

wpdisect WpDisect is a wordpress hacking tool that finds misconfigurations in wordpress. Prerequisites You need to download wordpress in the wpdisect

null 3 Feb 20, 2022
Something I built to test for Log4J vulnerabilities on customer networks.

Log4J-Scanner Something I built to test for Log4J vulnerabilities on customer networks. I'm not responsible if your computer blows up, catches fire or

null 1 Dec 20, 2021
Visibility and Mitigation for Log4J vulnerabilities

Visibility and Mitigation for Log4J vulnerabilities Several scripts for the visibility and mitigation of Log4J vulnerabilities. Static Scanner - Linux

SentinelLabs 15 May 21, 2022
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites
ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

ORector is a Fast Python tool designed to detect open redirects vulnerabilities

null 11 Apr 2, 2022
(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor
(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

DSLF DSLF stands for (D)arth (S)ide of the (L)og4j (F)orce. It is the ultimate log4j vulnerabilities assessor. It comes with four individual Python3 m

frontal 1 Jan 11, 2022
Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

Bug Alert Bug Alert is a service for alerting security and IT professionals of h

BugAlert.org 208 Dec 15, 2022
A passive-recon tool that parses through found assets and interacts with the Hackerone API
A passive-recon tool that parses through found assets and interacts with the Hackerone API

Hackerone Passive Recon Tool A passive-recon tool that parses through found assets and interacts with the Hackerone API. Setup Simply run setup.sh to

elbee 4 Jan 13, 2022
Comments
  • Some tools not installed

    Some tools not installed

    I have run installation script and after I tried to use tool It's shows some tools not installed and to run installation script again I have done that also but not working I am using parrot os

    opened by Dixith1999 2
Releases(v1.0)

  • v1.0(May 25, 2021)

    The first version released.

    Features

    • ASN Enumeration
    • Subdomain Enumeation
    • Alive Domains
    • WAF Detect
    • Domain organization
    • Subdomain Takeover
    • DNS Lookup
      • Discovering IPs
      • DNS Enumeration
      • Zone Transfer
    • Favicon Analysis
    • Directory Fuzzing
    • Google Hacking
    • GitHub Dorks
    • Credential Stuffing
    • Screenshots
    • Port Scan
    • Link Discovery
      • Endpoints Enumeration
      • Find JS files
    • Vulnerabilities
      • 403 Forbidden Bypass
      • XSS
      • LFI
      • RCE
      • Open Redirect
      • SQLi
    Source code(tar.gz)
    Source code(zip)
Owner
Dirso
Programmer, Infosec Student, Ethical Hacker and Bug Bounty Hunter 👨🏾‍💻
Dirso
GitHub Repository
CSAW 2021 writeups

CSAW 2021 Writeups Challenge Category Solved by The Magic Modbus ics root2thrill Lazy Leaks Forensics root2thrill Poem Collection warm-up root2thrill

7 Oct 06, 2021
BF-Hash - A Python Tool to decrypt hashes by brute force

BF-Hash Herramienta para descifrar hashes por fuerza bruta Instalación git clone

5 Apr 09, 2022
Security system to prevent Shoulder Surfing Attacks

Surf_Sec Security system to prevent Shoulder Surfing Attacks. REQUIREMENTS: Python 3.6+ XAMPP INSTALLED METHOD TO CONFIGURE PROJECT: Clone the repo to

Aman Anand 1 Jan 27, 2022
macOS Initial Access Payload Generator

Mystikal macOS Initial Access Payload Generator Related Blog Post: https://posts.specterops.io/introducing-mystikal-4fbd2f7ae520 Usage: Install Xcode

Leo Pitt 206 Dec 31, 2022
HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

HatSploit collection of generic payloads designed to provide a wide range of attacks without having to spend time writing new ones.

EntySec 5 May 10, 2022
xray多线程批量扫描工具

Auto_xray xray多线程批量扫描工具 简介 xray社区版貌似没有批量扫描,这就让安服仔使用起来很不方便,扫站得一个个手动添加,非常难受 Auto_xray目录下记得放xray,就跟平时一样的。 选项1:oneforall+xray 输入一个主域名,自动采集子域名然后添加到xray任务列表

1frame 13 Nov 09, 2022
CTF framework and exploit development library

pwntools - CTF toolkit Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and develo

Gallopsled 9.8k Dec 31, 2022
Exploit and Check Script for CVE 2022-1388

F5-CVE-2022-1388-Exploit Exploit and Check Script for CVE 2022-1388 Usage Check against single host python3 CVE-2022-1388.py -v true -u target_url At

Andy Gill 52 Dec 22, 2022
A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer.

Wlan Fetcher Windows10 Description A simple python-function, to gain all wlan passwords from stored wlan-profiles on a computer. Usage This Script onl

2 Nov 20, 2021
Open Source Intelligence gathering tool aimed at reducing the time spent harvesting information from open sources.

The Recon-ng Framework Recon-ng content now available on Pluralsight! Recon-ng is a full-featured reconnaissance framework designed with the goal of p

2.4k Jan 07, 2023
the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability

CVE-2021-22005-metasploit the metasploit script(POC/EXP) about CVE-2021-22005 VMware vCenter Server contains an arbitrary file upload vulnerability pr

Taroballz 25 Nov 15, 2022
Proof of concept to check if hosts are vulnerable to CVE-2021-41773

CVE-2021-41773 PoC Proof of concept to check if hosts are vulnerable to CVE-2021-41773. Description (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CV

Jordan Jay 43 Nov 09, 2022
LittleBrother is a simple parental control application monitoring specific processes on Linux hosts to monitor and limit the play time of children.

Parental Control Application LittleBrother Overview LittleBrother is a simple parental control application monitoring specific processes (read "games"

40 Dec 21, 2022
MTBLLS Ethical Hacking Tool Announcement of v2.0

MTBLLS Ethical Hacking Tool Announcement of v2.0 MTBLLS is a Free and Open-Source Ethical Hacking Tool developed by GhostTD (SkyWtkh) The tool can onl

Ghost 2 Mar 19, 2022
proxyshell payload generate

Py Permutative Encoding https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-pst/5faf4800-645d-49d1-9457-2ac40eb467bd Generate proxyshell

Evi1cg 63 Nov 15, 2022
Scan publicly accessible assets on your AWS cloud environment

poro Description Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databas

9rnt 134 Dec 16, 2022
Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading

log4j-detect Simple Python 3 script to detect the "Log4j" Java library vulnerability (CVE-2021-44228) for a list of URL with multithreading The script

Wade 1 Dec 15, 2021
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

O365DevicePhish Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script t

Trewis [work] Scotch 4 Sep 23, 2022
A compact version of EDI-Vetter, which uses the TLS output to quickly vet transit signals.

A compact version of EDI-Vetter, which uses the TLS output to quickly vet transit signals. All your favorite hits in a simplified format.

Jon Zink 2 Aug 03, 2022
RedlineSpam - Python tool to spam Redline Infostealer panels with legit looking data

RedlineSpam Python tool to spam Redline Infostealer panels with legit looking da

4 Jan 27, 2022