________ _________ ____ _______________(_)___ / /______
/ ___/ _ \/ ___/ __ \/ __ \ / ___/ ___/ ___/ / __ \/ __/ ___/
/ / / __/ /__/ /_/ / / / / (__ ) /__/ / / / /_/ / /_(__ )
/_/ \___/\___/\____/_/ /_/ /____/\___/_/ /_/ .___/\__/____/
/_/
A simple recon framework for bug bounty hunting
- Enumerate subdomains using Sublist3r and Subdominizer
- Probe subdomains using httpx
- Check cloud buckets using cloud_enum and S3Scanner
- Scan webpages using nuclei
- Take screenshots using Aquatone
- Asset discovery using hakrawler
- Scan for XSS from asset discovery using XSStrike
- Directory bruteforcing using ffuf
- Notify for new URLs or JS files discovered via Slack
The idea is to turn this:
targets
āāā tesla
ā āāā domains.txt
āāā shopify
āāā domains.txt
into this:
targets
āāā tesla
ā āāā screenshots/
ā āāā urls.txt
ā āāā js.txt
ā āāā githound.txt
ā āāā cloud_enum.txt
ā āāā webservers.txt
ā āāā domains.txt
ā āāā subdomains.txt
āāā shopify
ā āāā screenshots/
ā āāā urls.txt
ā āāā js.txt
ā āāā cloud_enum.txt
ā āāā webservers.txt
ā āāā domains.txt
ā āāā subdomains.txt
ā
.
.
-
This code is created for personal use. But feel free to try it out
-
Iām not very good at bash, please point out any weird quirks that could use some improvements
Setup
Bash one-line setup. Installs recon-scripts to $HOME/.recon-scripts
bash <(curl -s https://raw.githubusercontent.com/tedmdelacruz/recon-scripts/master/configure)
Initialize a vars.sh from vars.sh.example
cd .recon-scripts
cp vars.sh.example vars.sh
vim vars.sh
Usage:
Run predefined scans
cd .recon_scripts $ scans/sweep.sh # Initial scann of all targets in recon folder $ scans/snipe.sh tesla shopify # Probe and quick scan $ scans/bombard.sh shopify # Comprehensive scan
Set up crontab
$ crontab -e 30 21 * * * /home/tedm/.recon-scripts/cron/daily.sh
Or execute individual functions like so:
$ enumerate_subdomains domain.com path/to/targets_dir/target $ probe_subdomains path/to/target $ cloud_bucket_enum path/to/target $ nuclei_scan path/to/target $ take_screenshots path/to/target
TODO
- Configure API key inclusion to subdomain enumerations
- Monitor interesting files and web pages for changes
- Show GitHub dorking links
- Setup port scanning using
dnmasscan
,masscan
, andnmap
- Support multithreading
- Add script for scaffolding directories
- Add reporting