simple reconnaissance tool project for learning python and basic concepts of programming/networking step by step.
- Sitemap Generation
- Subdomain Enumeration
- Status Code and Title Retrieval
- Domain to IP Mapping
- Open Ports Scanning
- Regex
- Whois Lookup
- Command-Line Usage with Argparse
- Git
- Reports Generation
- File Enumeration and Download
- Wappalyzer Integration
- Gowitness Integration
- MultiURL Implementation
- History Tracking
- Simple Back-end
- Simple Front-end
- Hadi~Killer : https://github.com/HadiKiler/RECOUN
- Mahdi We1rd : https://github.com/MahdiWe1rd/reconisance
- HosseinMohammady : https://github.com/HosseinMohammady/Reconnaissance-tool
- Hamed Fakoori : https://github.com/Hamed-244/Recon
The tool should be capable of list all URLs for the target website, which will help in discovering all the web pages present on the website. This feature will help identify hidden pages that might not be easily accessible through the website's navigation menu. depth of finding should be 2.
- Learn basic HTML
- <a href
- HTTP request
- Request with python
- Parse html with BeautifulSoup
- Implement crawler to collect all link in page with depth
Subdomain enumeration is the process of finding subdomains associated with the target website. This feature will help in identifying all the subdomains associated with the target website, which may not be visible through the website's main domain.
- python read/write files
- Loop on each lines of file
- what is IP?
- what is DNS?
- what is Domain?
- what is subdomain?
- dnspython
- Download wordlists
- Test each word on dns request and collect them
- try except in python
The tool should retrieve the HTTP status codes and titles of all the discovered subdomains. This feature will help in identifying all the web pages that are currently active, and also give an idea of the content present on those pages.
- HTTP status codes
- get title of page with BeautifulSoup
The tool should be able to map all subdomains to their corresponding IP addresses. This feature will help in identifying the hosting provider of the target website and any other websites hosted on the same server.
- OSI model network
- socket in pyhton
- subdomains to ip
The tool should be able to scan for open ports on the target website. This feature will help in identifying any services running on the website and may reveal potential vulnerabilities.
- what is server?
- what is port?
- common ports
- socket to check
The tool should be capable of extracting emails and phone numbers from all subdomains. This feature will help in identifying contact details of the website's owners or administrators.
- what is regex?
- how to use regex in python?
- regex to find email
- regex to find phonenumber
The tool should be able to perform a Whois lookup on the target website. This feature will help identify the registration information of the domain, including the owner's name, email address, and registration dates.
- what is whois?
- how to check domain whois?
- whois in python
The tool should provide command-line usage with argparse, which is a Python module that makes it easy to write user-friendly command-line interfaces.
- what is args?
- args in python
- argparse library
The project should be added to a GitHub repository, where all the development progress and source code will be stored. A markdown file should be created in the repository to explain how to use the tool effectively and help new users get started with it. The developer should also learn how to fork the project and send pull requests to the original repository. This feature is essential for contributing to open-source projects, and it helps acknowledge the developer's contributions as well.
- what is git?
- gitlab / github
- learn git basic commandLine(init, add, commit, push, pull, ...)
- create repository on github and push your codes
- fork current repository and make pull request to add your project link to "hall of fame".
The tool should be able to generate reports in TXT/CSV/HTML formats. These reports should contain the results of all the tasks performed by the tool, such as sitemap generation, subdomain enumeration, and open port scanning.
- list all urls
- list all subdomains with http code and title
- list all subdomains with ip
- list all ip with open ports
- list all email & phonenumber finded
- save whois
The tool should be able to enumerate files on a target domain and download them. This feature is useful for retrieving sensitive information from the target domain. This feature will help in retrieving valuable information present in these files, which may be hidden from regular web pages.
The tool should integrate with Wappalyzer for technology discovery. Wappalyzer is a browser extension that uncovers the technologies used on websites, allowing users to see what software runs under the hood of any website.
The tool should integrate with Gowitness for taking screenshots of subdomains. Gowitness is an open-source project that enables you to capture screenshots of web pages in batch mode.
The tool should implement Multithreading for performing multiple tasks simultaneously. This feature will help save time when dealing with large targets and increase efficiency.
The tool should enable history tracking with Flask and SQLite backend. This feature will allow the user to keep track of all the performed tasks and the results generated by the tool.
The tool should have a simple HTML/CSS/JS frontend that allows users to interact with the tool efficiently. The frontend should provide a user-friendly interface for running scans and generating reports.