This repository contains some of my scripts that i created to automate some recon processes.
It performs the following things;
- Get subdomains of a domain ad d
- Filter out only online domains
- Scan the domains for CRLF
- Check for a CORS misconfiguration
- Test for open redirects
- Grab sensitive headers
- Get senstive info from error pages
- Check for subdomain takeovers
- Extract javascript files
- Feed the javascript files into 'relative-url-extractor'
- Screenshot all domains
- Check if sites run wordpress
- Start a wpscan on the wordpress sites
- Do a nmap service scan
All output will get saved in a folder named by the domain, in the output folder.
In this folder it will create files with the discovered content.
git clone https://github.com/003random/003Recon.git;
cd 003Recon;
chmod 777 install.sh;
./install.sh; #Or if you have some tools already installed, edit the paths in recon.sh and comment those tools out here.
#And then call it with:
./recon.sh example.com
👌 Created by 003random - @003random - 003random.com