- Enum subdomains with Amass, Sublist3r, Subfinder, Crtsh & Certspotter
- Combination of results, check with MassDNS
- Check for TakeOver with Subjack & TkoSubs
- Screenshot with GoWitness
- Check CORS with CORStest
- Check open ports with Masscan
- Creation of an archive and upload with unique link on Transfer.sh
- Installation & Recon tested on Debian 10 / Kali 2019.2
Requierement : Golang
git clone https://github.com/JoshuaMart/AutoRecon
cd AutoRecon
Edit the following variables on install.sh & create ToolsDir directories :
ToolsDIR="/root/Recon/Tools" #Directory where tools was installed
GoPath="/root/go" #Your Go Workspace
And the following variables on recon.sh :
ToolsDIR="/root/Recon/Tools" #Directory where tools was installed
ResultsPath="/root/Recon" #Directory where you want scans results
TransferSH="https://transfer.sh" #Change this if you have you own transfer.sh
subjackDebug="/root/go/src/github.com/haccer/subjack/fingerprints.json" #Subjack bug without this ...
Run installer :
./install.sh
Launch Subfinder once and fill in the configuration file :
/root/Recon/Tools/Subfinder
nano /root/.config/subfinder/config.json
./recon.sh -d domain.tld -a -m -s -u
Options :
-d | --domain (required) : Launch passive scan (Passive Amass, CRT.sh, Certspotter, Subfinder, Subjack, TkoSubs, CORStest)
-a | --active (optional) : Launch active scans (Active Amass, Sublist3r, GoWitness, CORStest)
-m | --masscan (optional) : Launch masscan (Can be very long & very aggressive ...)
-s | --screen (optional) : Take screenshots with GoWitness (can be very long)
-u | --upload (optional) : Upload archive on Transfer.sh
If your internet connection crash with Masscan options, change --rate options to 100 at line 125