This Domain Reconnaissance Tool is a Bash script designed to collect and analyze information on a specified domain. The script uses a variety of open-source tools to accomplish its tasks, including Assetfinder, Subfinder, httprobe, Gowitness and nuclei. By inputting a target domain, the script automates the following tasks:
- Gathers WHOIS information, providing general details about the domain ownership and registration.
- Discovers subdomains and lists them using Subfinder and Assetfinder tools.
- Filters the found subdomains and checks if they are alive (HTTP/HTTPS accessible) using Httprobe.
- Takes screenshots of the alive subdomains' webpages using Gowitness.
- Extracts SSL/TLS certificate details and server information using OpenSSL's s_client module.
- Retrieves MX records and lists the responsible mail servers using the "dig" command.
- Analyzes SPF and DMARC records using "dig" to retrieve TXT records and filtering the relevant information.
- Launches a nuclei scan on the target domain.