Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

Last update: Dec 31, 2022

Overview

👑 Recon 👑

The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot!

Usage 💡

Basic usage

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt

Quiet mode

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -q

Recommended usage

❯ ./recon.sh -d domain.com -w /path/to/your/wordlist.txt -g [github_api_key] -s [shodan_api_key] -f

Help menu 🔎

Option	Value
-h, --help	`Look at the complete help menu`
-d	`domain.com`
-w	`Path to your wordlist. Some wordlists I've already added by default to ./wordlists`
-f	`Fuzzing mode. When passing this argument, the Fuzzing step to confirm possible vulnerabilities will be added. Directory Fuzzing will remain enabled regardless of whether the argument is passed or not. I recommend not to use this if you want to do a recon faster.`
-g	`GitHub API Key. This parameter is used when searching for subdomains`
-s	`Shodan API Key. This parameter is used to automate the search for domains associated with your target(Requires API Key premium). If you don't have it, you can do the searches manually and the dorks are saved in the output folder.`
-o	`Your output folder. If you don't specify the parameter, all the results of the script will be saved in a folder with your target's name inside the script path`
-q	`Quiet mode. All banners and details of the script's execution will not be shown in the terminal, but everything that is executed in normal mode is executed as well. You will be able to see all the results in detail in your output folder`

Features ✅

ASN Enumeration

metabigor

Subdomain Enumeation

Alive Domains

WAF Detect

wafw00f

Domain organization

Regular expressions

Subdomain Takeover

Subjack

DNS Lookup

Discovering IPs

dnsx

DNS Enumeration and Zone Transfer

Favicon Analysis

Directory Fuzzing

ffuf

Google Hacking

Some Dorks that I consider important
CredStuff-Auxiliary
Googler

Port Scan

Link Discovery

Endpoints Enumeration and Finding JS files

Vulnerabilities

Nuclei ➔ I used all the default templates

403 Forbidden Bypass

Bypass-403

XSS

LFI

Oneliners
- gf
- ffuf

RCE

My GrepVuln function

Open Redirect

My GrepVuln function

SQLi

Oneliners
- gf
- sqlmap

Installation

I made a script that automates the installation of all tools. I tried to do it with the intention of having compatibility with the most used systems in Pentest and Bug Bounty.

git clone https://github.com/dirsoooo/Recon.git
cd Recon/
chmod +x recon.sh
chmod +x installation.sh
./installation.sh

Please DO NOT remove any of the files inside the folder, they are all important!

Installation script tested on:

Kali Linux
Arch Linux
BlackArch Linux
Ubuntu
Parrot Security

Poject Mindmap

License

Recon was entirely coded with ❤ by @Dirsoooo and it is released under the MIT license.

Buy me a coffee ☕

If you liked my job and want to support me in some way, buy me a coffee 😁

You might also like...

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities Which is a great tool for web pentesters. Coded in python3, CLI. WebScan is capable of scanning and detecting sql injection vulnerabilities across HTTP and HTTP sites.

12 Dec 2, 2022

Comments

Some tools not installed

I have run installation script and after I tried to use tool It's shows some tools not installed and to run installation script again I have done that also but not working I am using parrot os

opened by Dixith1999 2

Releases(v1.0)

v1.0(May 25, 2021)
The first version released.

Features

ASN Enumeration

Subdomain Enumeation

Alive Domains

WAF Detect

Domain organization

Subdomain Takeover

DNS Lookup

Discovering IPs

DNS Enumeration

Zone Transfer

Favicon Analysis

Directory Fuzzing

Google Hacking

GitHub Dorks

Credential Stuffing

Screenshots

Port Scan

Link Discovery

Endpoints Enumeration

Find JS files

Vulnerabilities

403 Forbidden Bypass

XSS

LFI

RCE

Open Redirect

SQLi

Source code(tar.gz)
Source code(zip)

Recon is a script to perform a full recon on a target with the main tools to search for vulnerabilities.

Related tags

Overview

👑 Recon 👑

Usage 💡

Basic usage

Quiet mode

Recommended usage

Help menu 🔎

Features ✅

ASN Enumeration

Subdomain Enumeation

Alive Domains

WAF Detect

Domain organization

Subdomain Takeover

DNS Lookup

Discovering IPs

DNS Enumeration and Zone Transfer

Favicon Analysis

Directory Fuzzing

Google Hacking

GitHub Dorks

Credential Stuffing

Screenshots

Port Scan

Link Discovery

Endpoints Enumeration and Finding JS files

Vulnerabilities

403 Forbidden Bypass

XSS

LFI

RCE

Open Redirect

SQLi

Installation

Installation script tested on:

Poject Mindmap

License

Buy me a coffee ☕

You might also like...

WebScan is a web vulnerability Scanning tool, which scans sites for SQL injection and XSS vulnerabilities

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.

Something I built to test for Log4J vulnerabilities on customer networks.

Visibility and Mitigation for Log4J vulnerabilities

ORector - A Fast Python tool designed to detect open redirects vulnerabilities on websites

(D)arth (S)ide of the (L)og4j (F)orce, the ultimate log4j vulnerabilities assessor

Bug Alert: a service for alerting security and IT professionals of high-impact and 0day vulnerabilities

A passive-recon tool that parses through found assets and interacts with the Hackerone API

Comments

Some tools not installed

Releases(v1.0)

v1.0(May 25, 2021)

Owner

Dirso

A BurpSuite extension to parse 5GC NF OpenAPI 3.0 files to assess 5G core networks

This program will brute force any Instagram account you send it its way given a list of proxies.

Getting my gitlab commit history into github

Spray365 is a password spraying tool that identifies valid credentials for Microsoft accounts (Office 365 / Azure AD).

Searches through git repositories for high entropy strings and secrets, digging deep into commit history

Discord exploit allowing you to be unbannable.

This is a simple tool to create ZIP payloads using a provided wordlist for the symlink attack (present in some file upload vulnerabilities)

Dlint is a tool for encouraging best coding practices and helping ensure Python code is secure.

Holehe OSINT - Email to Registered Accounts

🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

Extendable payload obfuscation and delivery framework

SeaSurf is a Flask extension for preventing cross-site request forgery (CSRF).

Description Basic Recon tool for beginners. Especially those who faces issue on how to recon or what all tools to use

Auerswald COMpact 8.0B Backdoors exploit

A Tool to find subdomains from hackerone reports.

xkeysnail is yet another keyboard remapping tool for X environment written in Python

A burp-suite plugin that extract all parameter names from in-scope requests

A deobfuscator for multiple python obfuscators

Whois-Python - Get Whois Domain with Python GUI