Recon: perform a full recon on a target with the main tools to search for vulnerabilities

Recon

The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot!

Feature

ASN Enumeration

• metabigor

Subdomain Enumeration

• Assetfinder
• Subfinder
• Amass
• Findomain
• Sublist3r
• Knock
• SubDomainizer
• GitHub Sudomains
• RapidDNS
• Riddler
• SecurityTrails

Alive Domains

• httprobe
• httpx

WAF Detect

• wafw00f

Domain organization

• Regular expressions

Subdomain Takeover

• Subjack

DNS Lookup

Discovering IPs

• dnsx

DNS Enumeration and Zone Transfer

• dnsrecon
• dnsenum

Favicon Analysis

• favfreak
• Shodan

Directory Fuzzing

• ffuf

Google Hacking

• Some Dorks that I consider important
• CredStuff-Auxiliary
• Googler

GitHub Dorks

• Jhaddix Dorks

Credential Stuffing

• CredStuff-Auxiliary

Screenshots

• EyeWitness

Port Scan

• Masscan
• Nmap
• Naabu

Link Discovery

Endpoints Enumeration and Finding JS files

• Hakrawler
• Waybackurls
• Gospider
• ParamSpider

Vulnerabilities

• Nuclei ➔ I used all the default templates

403 Forbidden Bypass

• Bypass-403

XSS

• XSStrike
• Gxss

LFI

• Oneliners
  • gf
  • ffuf

RCE

• My GrepVuln function

Open Redirect

• My GrepVuln function

SQLi

• Oneliners
  • gf
  • sqlmap

Installation

git clone https://github.com/dirsoooo/Recon.git
cd Recon/
chmod +x recon.sh
chmod +x installation.sh
./installation.sh

Use

Tutorial

Copyright (c) 2021 Dirso