Important
The tool was fully refactored to a v2 and is currently in BETA. See the current version here.
Script to automate, when possible, the passive reconnaissance performed on a website prior to an assessment (no direct hit on the target).
Also used to guide a reconnaissance phase by defining all steps (manual or automated) that must be mandatory performed.
💬 Execution tested on the following 64 bits versions of Python via this workflow and this script:
| Version | Supported? |
|---|---|
| < 3.12 | ❌ |
| 3.12 | ✅ |
| 3.13 | ✅ |
| 3.14 | ✅ |
Use the following command:
pip install --no-cache git+https://github.com/righettod/website-passive-reconnaissance.gitNote: The script assume that an API key binded to the free version of the API is used of each service.
API keys are expected to be provided within an INI file having the following structure:
[API_KEYS]
;See https://www.shodan.io/
shodan=xxx
;See https://intelx.io/
intelx=xxx
;See https://buckets.grayhatwarfare.com/docs/api/v1
grayhatwarfare=xxx
;See https://viewdns.info/api/
viewdns=xxx
;See https://dnsdumpster.com/developer/
dnsdumpster=xxx
;See https://docs.leakix.net/docs/api/authentication/
leakix=xxx
;See https://serpapi.com/
;Used for Google Dorks in priority to direct search
serp=xxx$ wpr --help
usage: wpr [-h] [-v] -d DOMAIN_NAME [-a API_KEY_FILE] [-n NAME_SERVER] [-t REQUEST_TIMEOUT] [-m MOBILE_APP_STORE_COUNTRY_CODE]
options:
-h, --help show this help message and exit
-v show program's version number and exit
-a API_KEY_FILE Configuration INI file with all API keys (ex: conf.ini).
-n NAME_SERVER Name server to use for the DNS query (ex: 8.8.8.8), default to the system defined one.
-t REQUEST_TIMEOUT Delay in seconds allowed for a HTTP request to reply before to fall in timeout (default to 240 seconds).
-m MOBILE_APP_STORE_COUNTRY_CODE
Country code to define in which store mobile app will be searched (default to LU).
required arguments:
-d DOMAIN_NAME Domain to analyse (ex: righettod.eu).wpr -d righettod.eu
wpr -d righettod.eu -n 8.8.8.8
wpr -d righettod.eu -n 8.8.8.8 -m FR
wpr -d righettod.eu -n 8.8.8.8 -t 30
wpr -d righettod.eu -a api_keys.ini
wpr -d righettod.eu -a api_keys.ini -n 8.8.8.8- The migration was performed with the help of Claude Code.
- The following data providers were removed during the migration as data provided was not relevant (at least, it was a element noticed during the usage of the V1):
- Virus Total: https://www.virustotal.com
- Hybrid Analysis: https://www.hybrid-analysis.com
- Azure Cognitive Services Bing Web Search: https://azure.microsoft.com/en-us/try/cognitive-services/?api=search-api-v7
- Support for web proxy as removed as it was never used (at least, it was a element noticed during the usage of the V1), same for the option
-s.
- It is configured to use Visual Studio Code and a workspace file is provided.
- It use uv to manage the python project.
- OSINT data providers are now defined via a sub classe to allow to easlily add new ones.
- CLAUDE.md file and other Claude code related files are used to define the coding and security guidelines.
- Use the following command to run the project locally:
cd src/wpr
uv run main.py -d righettod.euUse this command:
uv run hatch version beta