A powerful, automated reconnaissance script for bug bounty hunters and penetration testers. This script streamlines the process of subdomain enumeration, live host discovery, vulnerability scanning, and reporting.
- Automated Dependency Checks: Ensures all required tools are installed before running.
- Subdomain Enumeration: Uses
subfinderandassetfinderto discover subdomains. - Live Host Discovery: Probes for alive hosts using
httprobe. - Subdomain Takeover: Checks for potential subdomain takeovers using
subjack. - Port Scanning: Scans for open ports using
nmap. - Wayback Machine Recon: Extracts parameters and interesting file extensions from the Wayback Machine.
- Vulnerability Scanning: Integrates
nucleifor automated vulnerability detection. - Reporting: Generates a summary Markdown report (
report.md).
Ensure you have the following tools installed and in your PATH:
- Clone the repository:
git clone https://github.com/fxrhan/Web-Recon-Automation.git cd Web-Recon-Automation - Make the script executable:
chmod +x recon.sh
./recon.sh -d <domain> [-o <output_dir>] [-s]-d <domain>: Target domain (e.g.,example.com). Required.-o <output_dir>: Custom output directory. Defaults to the domain name.-s: Silent mode. Suppresses the banner.-h: Show help message.
./recon.sh -d tesla.comThe script creates the following directory structure:
domain.com/
├── recon/
│ ├── final.txt # Unique subdomains
│ ├── httprobe/
│ │ └── alive.txt # Live hosts
│ ├── potential_takeovers/ # Takeover results
│ ├── scans/ # Nmap scans
│ ├── wayback/ # Wayback data
│ │ ├── params/ # Extracted parameters
│ │ └── extensions/ # File extensions (js, php, etc.)
│ └── nuclei/ # Nuclei report
└── report.md # Summary report
This project is licensed under the MIT License.