tested on go1.16.3
- takes input as a list of root-domains
- foo.com
- bar.com
- . . .
- runs amass, subfinder & prepends a lot of words to each root-domain
- on prepending: currently doing this by splitting a wordlist isnt many chunks on disk, then starting a goroutine for each one. shit but it works.
- combines the results of these 3 jobs into one file: subdomainscombined.txt
- for each root-domain, it runs shuffledns with massdns' resolver list
- wildcard filtering enabled.
- Wildcard filtering can only be used when specifying a root-domain to test with, this is why shuffledns is ran for each domain.
- wildcard filtering enabled.
- takes the output of shuffledns, and runs dnsgen. This generates a new file containing permutations of shuffledns' output.
- runs shuffledns against the dnsgen output, to unconver even more subdomains.
- outputs a directory for each domain, containing results.
Within the WebRecon folder, you can test the script with the "Google-Example" program.
-
Edit the domains within ./Program/Google-Example/domains.txt
-
Run WebRecon ./WebRecon Google-Example
-
Output is placed into ./Programs/Google-Example/
This tool is based off awesome blogs by 0xPatrik