003Recon: Some tools to automate recon

by do son · Published · Updated

003Recon

003Recon: Some tools to automate recon

This repository contains some of my scripts that I created to automate some recon processes.
It performs the following things;

  1. Get subdomains of a domain
  2. Filter out only online domains
  3. Scan the domains for CRLF
  4. Check for a CORS misconfigurations
  5. Test for open redirects
  6. Grab sensitive headers
  7. Get sensitive info from error pages
  8. Check for subdomain takeovers
  9. Extract javascript files
  10. Feed the javascript files into ‘relative-url-extractor’
  11. Screenshot all domains
  12. Check if sites run wordpress
  13. Start a wpscan on the wordpress sites
  14. Do a nmap service scan

All output will get saved in a folder named by the domain, in the output folder. In this folder, it will create files with the discovered content.

Install

git clone https://github.com/003random/003Recon.git;
cd 003Recon;
./install.sh

Usage

./recon.sh example.com

Author: @003random

Source: https://github.com/003random/

Tags: 003Recon