Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

Last update: Dec 31, 2022

Overview

👑 Recon 👑

The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot!

Usage 💡

Basic usage

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt

Quiet mode

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -q

Recommended usage

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -g [github_api_key] -s [shodan_api_key] -f

Help menu 🔎

Option	Value
-h, --help	`Look at the complete help menu`
-d	`domain.com`
-w	`Path to your wordlist. Some wordlists I've already added by default to ./wordlists`
-f	`Fuzzing mode. When passing this argument, the Fuzzing step to confirm possible vulnerabilities will be added. Directory Fuzzing will remain enabled regardless of whether the argument is passed or not. I recommend not to use this if you want to do a recon faster.`
-g	`GitHub API Key. This parameter is used when searching for subdomains`
-s	`Shodan API Key. This parameter is used to automate the search for domains associated with your target(Requires API Key premium). If you don't have it, you can do the searches manually and the dorks are saved in the output folder.`
-o	`Your output folder. If you don't specify the parameter, all the results of the script will be saved in a folder with your target's name inside the script path`
-q	`Quiet mode. All banners and details of the script's execution will not be shown in the terminal, but everything that is executed in normal mode is executed as well. You will be able to see all the results in detail in your output folder`

Features ✅

ASN Enumeration

metabigor

Subdomain Enumeation

Alive Domains

WAF Detect

wafw00f

Domain organization

Regular expressions

Subdomain Takeover

Subjack

DNS Lookup

Discovering IPs

dnsx

DNS Enumeration and Zone Transfer

Favicon Analysis

Directory Fuzzing

ffuf

Google Hacking

Some Dorks that I consider important
CredStuff-Auxiliary
Googler

Port Scan

Link Discovery

Endpoints Enumeration and Finding JS files

Vulnerabilities

Nuclei ➔ I used all the default templates

403 Forbidden Bypass

Bypass-403

XSS

LFI

Oneliners
- gf
- ffuf

RCE

My GrepVuln function

Open Redirect

My GrepVuln function

SQLi

Oneliners
- gf
- sqlmap

Installation

I made a script that automates the installation of all tools. I tried to do it with the intention of having compatibility with the most used systems in Pentest and Bug Bounty.

git clone https://github.com/dirsoooo/Recon.git
cd Recon/
chmod +x recon.sh
chmod +x installation.sh
./installation.sh

Please DO NOT remove any of the files inside the folder, they are all important!

Installation script tested on:

Kali Linux
Arch Linux
BlackArch Linux
Ubuntu
Parrot Security

Poject Mindmap

License

Recon was entirely coded with ❤ by @Dirsoooo and it is released under the MIT license.

Buy me a coffee ☕

If you liked my job and want to support me in some way, buy me a coffee 😁

You might also like...

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

12 Dec 2, 2022

Comments

Some tools not installed

I have run installation script and after I tried to use tool It's shows some tools not installed and to run installation script again I have done that also but not working I am using parrot os

opened by Dixith1999 2

Releases(v1.0)

v1.0(May 25, 2021)
The first version released.

Features

ASN Enumeration

Subdomain Enumeation

Alive Domains

WAF Detect

Domain organization

Subdomain Takeover

DNS Lookup

Discovering IPs

DNS Enumeration

Zone Transfer

Favicon Analysis

Directory Fuzzing

Google Hacking

GitHub Dorks

Credential Stuffing

Screenshots

Port Scan

Link Discovery

Endpoints Enumeration

Find JS files

Vulnerabilities

403 Forbidden Bypass

XSS

LFI

RCE

Open Redirect

SQLi

Source code(tar.gz)
Source code(zip)

Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

Related tags

Overview

👑 Recon 👑

Usage 💡

Basic usage

Quiet mode

Recommended usage

Help menu 🔎

Features ✅

ASN Enumeration

Subdomain Enumeation

Alive Domains

WAF Detect

Domain organization

Subdomain Takeover

DNS Lookup

Discovering IPs

DNS Enumeration and Zone Transfer

Favicon Analysis

Directory Fuzzing

Google Hacking

GitHub Dorks

Credential Stuffing

Screenshots

Port Scan

Link Discovery

Endpoints Enumeration and Finding JS files

Vulnerabilities

403 Forbidden Bypass

XSS

LFI

RCE

Open Redirect

SQLi

Installation

Installation script tested on:

Poject Mindmap

License

Buy me a coffee ☕

You might also like...

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.

Something I built to test for Log4J vulnerabilities on customer networks.

Visibility and Mitigation for Log4J vulnerabilities

ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

A passive-recon tool that parses through found assets and interacts with the Hackerone API

Comments

Some tools not installed

Releases(v1.0)

v1.0(May 25, 2021)

Owner

Dirso

Use FOFA automatic vulnerability scanning tool

Uma ferramenta de segurança da informação escrita em python3,capaz de dar acesso total ao computador de alguém!

NExfil is an OSINT tool written in python for finding profiles by username.

Crowbar - A windows post exploitation tool

CVE-2021-26084 - Confluence Pre-Auth RCE OGNL injection

TCP/UDP port scanner on python, usong scapy and multiprocessin

A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities

To explore creating an application that detects available connections at once from wifi and bluetooth

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228)

web指纹识别工具

An forensics tool to help aid in the investigation of spoofed emails based off the email headers.

Community Repository for Unofficial Saltbox Add-ons

An auxiliary tool for iot vulnerability hunter

Pupy is an opensource, cross-platform (Windows, Linux, OSX, Android) remote administration and post-exploitation tool mainly written in python

An OSINT tool that searches for devices directly connected to the internet (IoT) with a user specified query. It returns results for Webcams, Traffic lights, Refridgerators, Smart TVs etc.

Backdoor is a term that refers to the access of the software or hardware of a computer system without being detected.

Python tool for enumerating directories and for fuzzing

Fuzz introspector is a tool to help fuzzer developers to get an understanding of their fuzzer’s performance and identify any potential blockers.

Generate obfuscated meterpreter shells

Detection And Breaking With Python