Reconnaissance Script Documentation

Overview

This script is designed to automate the reconnaissance process for a given target domain. It utilizes a range of tools and techniques to gather information and identify potential vulnerabilities.

Features

• DNS Lookup: Performs basic DNS queries to gather information about the target's DNS configuration.
• Subdomain Enumeration: Identifies subdomains using various tools and techniques.
• Port Scanning: Scans for open ports using Nmap and Masscan.
• Web Technologies Detection: Identifies web technologies used by the target.
• URL Enumeration: Enumerates URLs using Wayback Machine and Google Analytics data.
• GitHub Search: Searches for information related to the target on GitHub.
• Fuzzing: Identifies hidden files and directories on the target web server.
• Screenshotting: Captures screenshots of live subdomains.
• Vulnerability Scanning: Uses Nuclei to find known vulnerabilities.
• Metadata Extraction: Extracts metadata from public documents associated with the target.
• OSINT Collection: Gathers additional open-source intelligence using tools like theHarvester.

Prerequisites

Before running the script, ensure that you have the following tools installed on your system:

• Whois
• Nslookup
• Dig
• Host
• Sublist3r
• Amass
• Assetfinder
• Findomain
• MassDNS
• HTTProbe
• Nmap
• WhatWeb
• Waybackurls
• GAU (GetAllURLs)
• Hakrawler
• GitHub Search
• GitRob
• Fierce
• Dirsearch
• FFUF (Fuzz Faster U Fool)
• GoWitness
• Nuclei
• Metagoofil
• theHarvester
• DNSTwist
• Shodan CLI
• Censys CLI
• SpiderFoot
• Subfinder
• WafW00f
• Arjun
• Subjack
• Meg
• Waymore
• Unfurl
• Dalfox
• GoSpider
• Recon-ng
• XRAY
• Git-Secrets
• ShuffleDNS
• DNSGen
• MapCIDR
• Tko-subs
• Kiterunner
• Github-dorker
• GFRedirect
• ParamSpider
• Dirb
• WPScan
• Cloud Enum
• Gobuster
• Subzero
• DNSWalk
• Masscan
• XSStrike
• httpx

Installing Dependencies

Install the necessary tools using package managers or by following their respective installation guides. Most tools can be installed using apt, brew, pip, or cloning their repositories.

System Requirements

• Operating System: Linux or macOS
• RAM: Minimum 4GB
• Disk Space: At least 10GB free for storing results and logs
• Network: Stable internet connection for OSINT tools and enumeration tasks

Script Usage

Running the Script

1. Clone the repository (if applicable) or save the script file:

   git clone https://github.com/your-repo/recon-script.git
   cd recon-script

2. Make the script executable:

   chmod +x recon.sh

3. Run the script with a target domain:

   ./recon.sh example.com

   Replace example.com with your target domain.

Options

• Log Directory: By default, logs are stored in the logs/ directory.
• Results Directory: Output files are saved in the results/ directory.
• Resolvers: Update the resolvers.txt file with a list of DNS resolvers.

Sample Command

./recon.sh target.com