Giter Site home page Giter Site logo

magicrecon's Introduction

MagicRecon

Description

Recon is an essential element of any penetration testing. This repository contain a powerful shell script to maximize the recon and data collection process of an objective. With this script you can easily find:

  • Sensitive information disclosure.
  • Missing HTTP headers
  • Open S3 buckets.
  • Subdomain takeovers.
  • Open ports and services.
  • Endpoints.
  • Directories.
  • Javascript files with senstive info
  • CORS missconfigurations
  • Other quick bugs.

Disclaimer โš ๏ธ

The author of this document take no responsibility for correctness. This project is merely here to help guide security researchers towards determining whether something is vulnerable or not, but does not guarantee accuracy. Warning: This code was originally created for personal use, it generates a substantial amount of traffic, please use with caution.

Tools needed

IMPORTANT: YOU NEED TO INSTALL ALL THE TOOLS IN YOUR HOME FOLDER AND INSERT YOUR GITHUB TOKEN IN THE SCRIPT CONFIGURATION TO USE Github-subdomains.py.

How does it work?

The script has 5 phases:

  1. Subdomain enumeration: Amass, Certsh.py, Github-subdomains.py, Gobuster DNS and Assetfinder tools are used to find the maximum possible number of subdomains. httprobe is used to probe for working http and https servers. Then Subjack is used to quickly check if it exists subdomains takeover. Corsy tool is used to find CORS missconfigurations. Finally, Aquatone takes screenshots of each subdomain.

  2. Headers: curl is used to obtain the headers of each subdomain.

  3. Javascript: relative-url-extractor and Jsearch.py are used to inspect the javascript files of each subdomain for endpoints and sensitive information.

  4. Directories and hidden files: Gobuster DIR is used to collect hidden files and directories through a dictionary. You can change the dictionary in the script configuration.

  5. Nmap: Nmap is used to scan ports and services quiclky.

All the data generated in the different processes are saved in different files and directories in different formats.

Example image

Usage

./magicRecon.sh <domain>

Thanks

About me

Twitter

Donation

  • If you've earned a bug bounty using this tool, please consider donating to support it's development. You can help me to develop more useful tools. Thanks ๐Ÿ˜

magicrecon's People

Contributors

robotshell avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.