/lazyrecon

This script is intended to automate your reconnaissance process in an organized fashion

Primary LanguageShell

  _     ____  ____ ___  _ ____  _____ ____ ____  _
 / \   /  _ \/_   \\  \///  __\/  __//   _Y  _ \/ \  /|
 | |   | / \| /   / \  / |  \/||  \  |  / | / \|| |\ ||
 | |_/\| |-||/   /_ / /  |    /|  /_ |  \_| \_/|| | \||
 \____/\_/ \|\____//_/   \_/\_\\____\\____|____/\_/  \|

Usage

./lazyrecon.sh target.com

About

This script is intended to automate your reconnaissance process in an organized fashion by performing the following:

  • Create a dated folder with recon notes
  • Grab subdomains using Sublist3r and certspotter
  • Grab a screenshot of responsive hosts
  • Grab the response header
  • Perform nmap
  • Perform dirsearch
  • Generate a HTML report with output from the tools above

This requires Bug Bounty Hunting Tools in order for the tools to work.

Warning: This code was originally created for personal use for myself, so it's a bit messy and hopefully it'll be cleaned up with more features in a later release.