A powerful, automated reconnaissance script for bug bounty hunters and penetration testers. This script streamlines the process of subdomain enumeration, live host discovery, vulnerability scanning, and reporting.
- Automated Dependency Checks: Ensures all required tools are installed before running.
- Subdomain Enumeration: Uses
subfinderandassetfinderto discover subdomains. - Live Host Discovery: Probes for alive hosts using
httprobe. - Subdomain Takeover: Checks for potential subdomain takeovers using
subjack. - Port Scanning: Scans for open ports using
nmap. - Wayback Machine Recon: Extracts parameters and interesting file extensions from the Wayback Machine.
- Vulnerability Scanning: Integrates
nucleifor automated vulnerability detection. - Reporting: Generates a summary Markdown report (
report.md).
Ensure you have the following tools installed and in your PATH:
- Clone the repository:
git clone https://github.com/fxrhan/Web-Recon-Automation.git cd Web-Recon-Automation - Make the script executable:
chmod +x recon.sh
./recon.sh -d <domain> [-o <output_dir>] [-s]-d <domain>: Target domain (e.g.,example.com). Required.-o <output_dir>: Custom output directory. Defaults to the domain name.-s: Silent mode. Suppresses the banner.-h: Show help message.
./recon.sh -d tesla.comThe script creates the following directory structure:
domain.com/
βββ recon/
β βββ final.txt # Unique subdomains
β βββ httprobe/
β β βββ alive.txt # Live hosts
β βββ potential_takeovers/ # Takeover results
β βββ scans/ # Nmap scans
β βββ wayback/ # Wayback data
β β βββ params/ # Extracted parameters
β β βββ extensions/ # File extensions (js, php, etc.)
β βββ nuclei/ # Nuclei report
βββ report.md # Summary report
This project is licensed under the MIT License.