Recon Scripts | A simple recon framework for bug bounty hunting

   ________  _________  ____     _______________(_)___  / /______
  / ___/ _ \/ ___/ __ \/ __ \   / ___/ ___/ ___/ / __ \/ __/ ___/
 / /  /  __/ /__/ /_/ / / / /  (__  ) /__/ /  / / /_/ / /_(__  ) 
/_/   \___/\___/\____/_/ /_/  /____/\___/_/  /_/ .___/\__/____/  
                                              /_/                

v0.2.3

asciicast

A simple recon framework for bug bounty hunting

The idea is to turn this:

targets
ā”œā”€ā”€ tesla
ā”‚   ā””ā”€ā”€ domains.txt
ā””ā”€ā”€ shopify
    ā””ā”€ā”€ domains.txt

into this:

targets
ā”œā”€ā”€ tesla
ā”‚   ā”œā”€ā”€ screenshots/
ā”‚   ā”œā”€ā”€ urls.txt
ā”‚   ā”œā”€ā”€ js.txt
ā”‚   ā”œā”€ā”€ githound.txt
ā”‚   ā”œā”€ā”€ cloud_enum.txt
ā”‚   ā”œā”€ā”€ webservers.txt
ā”‚   ā”œā”€ā”€ domains.txt
ā”‚   ā””ā”€ā”€ subdomains.txt
ā”œā”€ā”€ shopify
ā”‚   ā”œā”€ā”€ screenshots/
ā”‚   ā”œā”€ā”€ urls.txt
ā”‚   ā”œā”€ā”€ js.txt
ā”‚   ā”œā”€ā”€ cloud_enum.txt
ā”‚   ā”œā”€ā”€ webservers.txt
ā”‚   ā”œā”€ā”€ domains.txt
ā”‚   ā””ā”€ā”€ subdomains.txt
ā”‚
.
.
  • Inspired by lazyrecon by nahamsec

  • This code is created for personal use. But feel free to try it out

  • Iā€™m not very good at bash, please point out any weird quirks that could use some improvements :heart:

Setup

Bash one-line setup. Installs recon-scripts to $HOME/.recon-scripts

bash <(curl -s https://raw.githubusercontent.com/tedmdelacruz/recon-scripts/master/configure)

Initialize a vars.sh from vars.sh.example

cd .recon-scripts
cp vars.sh.example vars.sh
vim vars.sh

Usage:

Run predefined scans

cd .recon_scripts $ scans/sweep.sh # Initial scann of all targets in recon folder $ scans/snipe.sh tesla shopify # Probe and quick scan $ scans/bombard.sh shopify # Comprehensive scan

Set up crontab

$ crontab -e 30 21 * * * /home/tedm/.recon-scripts/cron/daily.sh

Or execute individual functions like so:

$ enumerate_subdomains domain.com path/to/targets_dir/target $ probe_subdomains path/to/target $ cloud_bucket_enum path/to/target $ nuclei_scan path/to/target $ take_screenshots path/to/target

TODO

  • Configure API key inclusion to subdomain enumerations
  • Monitor interesting files and web pages for changes
  • Show GitHub dorking links
  • Setup port scanning using dnmasscan, masscan, and nmap
  • Support multithreading
  • Add script for scaffolding directories
  • Add reporting

GitHub:

1 Like