This script is designed to automate the reconnaissance phase of penetration testing or bug bounty hunting. It performs domain and subdomain enumeration, port scanning, service enumeration, vulnerability scanning, and live domain analysis. The script uses various tools to streamline the process and outputs results in an organized format.
- Subdomain enumeration using:
- amass, sublist3r, and subfinder
- WHOIS information gathering
- Live subdomain checking with httx
- Port scanning using:
- masscan and naabu
- Service enumeration using:
- whatweb and wappalyzer
- Vulnerability scanning with:
- Nikto and Nuclei
- Screenshots of live domains using Eyewitness
Before running the script, ensure you have the following tools installed on your system:
- Clone the repository:
git clone <repository-url> cd <repository-directory>
recon_results/ ├── all_subdomains.txt ├── live_subdomains.txt ├── whois_info.txt ├── masscan_output_.txt ├── naabu_output_.txt ├── whatweb_.txt ├── wappalyzer_.json ├── nikto_.txt ├── nuclei_.txt └── eyewitness_results/