Skip to content

A simple reconnaissance framework for bug bounty hunting

Notifications You must be signed in to change notification settings

tedmdelacruz/recon-scripts

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

   ________  _________  ____     _______________(_)___  / /______
  / ___/ _ \/ ___/ __ \/ __ \   / ___/ ___/ ___/ / __ \/ __/ ___/
 / /  /  __/ /__/ /_/ / / / /  (__  ) /__/ /  / / /_/ / /_(__  ) 
/_/   \___/\___/\____/_/ /_/  /____/\___/_/  /_/ .___/\__/____/  
                                              /_/                

v0.2.3

asciicast                                                                                     

A simple recon framework for bug bounty hunting

The idea is to turn this:

targets
├── tesla
│   └── domains.txt
└── shopify
    └── domains.txt

into this:

targets
├── tesla
│   ├── screenshots/
│   ├── urls.txt
│   ├── js.txt
│   ├── githound.txt
│   ├── cloud_enum.txt
│   ├── webservers.txt
│   ├── domains.txt
│   └── subdomains.txt
├── shopify
│   ├── screenshots/
│   ├── urls.txt
│   ├── js.txt
│   ├── cloud_enum.txt
│   ├── webservers.txt
│   ├── domains.txt
│   └── subdomains.txt
│
.
.

* Inspired by lazyrecon by nahamsec

* This code is created for personal use. But feel free to try it out

* I'm not very good at bash, please point out any weird quirks that could use some improvements ♥

Setup

Bash one-line setup. Installs recon-scripts to $HOME/.recon-scripts

bash <(curl -s https://raw.githubusercontent.com/tedmdelacruz/recon-scripts/master/configure)

Initialize a vars.sh from vars.sh.example

cd .recon-scripts
cp vars.sh.example vars.sh
vim vars.sh

Usage:

Run predefined scans

cd .recon_scripts
$ scans/sweep.sh # Initial scann of all targets in recon folder
$ scans/snipe.sh tesla shopify # Probe and quick scan
$ scans/bombard.sh shopify # Comprehensive scan

Set up crontab

$ crontab -e
30 21 * * *  /home/tedm/.recon-scripts/cron/daily.sh

Or execute individual functions like so:

$ enumerate_subdomains domain.com path/to/targets_dir/target
$ probe_subdomains path/to/target
$ cloud_bucket_enum path/to/target
$ nuclei_scan path/to/target
$ take_screenshots path/to/target

TODO

  • Configure API key inclusion to subdomain enumerations
  • Monitor interesting files and web pages for changes
  • Show GitHub dorking links
  • Setup port scanning using dnmasscan, masscan, and nmap
  • Support multithreading
  • Add script for scaffolding directories
  • Add reporting