This repository contains some of my scripts that i created to automate some recon processes.
It performs the following things;
- Get subdomains of a domain
- Filter out only online domains
- Scan the domains for CRLF
- Check for a CORS misconfigurations
- Test for open redirects
- Grab sensitive headers
- Get sensitive info from error pages
- Check for subdomain takeovers
- Extract javascript files
- Feed the javascript files into 'relative-url-extractor'
- Screenshot all domains
- Check if sites run wordpress
- Start a wpscan on the wordpress sites
- Do a nmap service scan
More tools in comming soon / in progress 😉
All output will get saved in a folder named by the domain, in the output folder.
In this folder it will create files with the discovered content.
git clone https://github.com/003random/003Recon.git;
cd 003Recon;
./install.sh; #Or if you have some tools already installed, edit the paths in recon.sh and comment those tools out here.
And then call it with:
./recon.sh example.com
👌 Created by 003random - @003random - 003random.com