Just a (not so)simple bash script for reconnaissance. Recommended for local usage, use @nahamsec 's script for remote usage.
- Sublist3r
- crt.sh
- waybackurls
- dirsearch
- https://github.com/sathishshan/Zone-transfer
- DIG
- aha (for coloring html output)
- curl
- nmap
- JSFScan.sh
- deduplicate
- gf
- Dalfox
- aquatone
- whichCDN (SamEbison fork) (https://github.com/ebsa491/whichCDN.git)
- unfurl
- httprobe
- xdg-open
- massdns (not required)
- Asnlookup (not required)
- virtual-host-discovery (not required)
run install.sh (debian-based)
Change the script settings too
./create.sh YOUR_TARGET_NAME
cd YOUR_TARGET_NAME
(edit scope.txt)
(cd RECON.SH_PATH)
./recon.sh YOUR_PROGRAM_DIR_PATH_WITHOUT_SLASH YOUR_TOOLS_PATH_WITHOUT_SLASHI will be glad! Open an issue first or work on your assigned issue.
- install.sh
- Docker
- out of scope
Nothing more! Just pay attention to LICENSE.