From f85d2ca1b609539fb0da974bf76af29effd0dd71 Mon Sep 17 00:00:00 2001 From: Ayushi-hi Date: Sat, 13 Jun 2026 15:00:31 +0530 Subject: [PATCH] fix(plugins): clarify recon plugin differentiation (closes #547) --- plugins/amass/metadata.json | 11 +++++------ plugins/dns_enum/metadata.json | 6 +++--- plugins/dnsx/metadata.json | 11 +++++------ plugins/domain-finder/metadata.json | 11 +++++------ plugins/subfinder/metadata.json | 6 +++--- 5 files changed, 21 insertions(+), 24 deletions(-) diff --git a/plugins/amass/metadata.json b/plugins/amass/metadata.json index 1ae9f7ccb..1f72b2d42 100644 --- a/plugins/amass/metadata.json +++ b/plugins/amass/metadata.json @@ -2,15 +2,15 @@ "id": "amass", "name": "Amass", "version": "1.0.0", - "description": "Deep attack-surface mapping and subdomain discovery.", - "long_description": "Deep attack-surface mapping and subdomain discovery.", + "description": "Comprehensive attack-surface mapping via deep subdomain enumeration. Combines active DNS brute-forcing, certificate transparency, and ASN/network-block expansion. Use when completeness matters more than speed.", + "long_description": "Amass is the most thorough recon plugin in the catalog. Unlike passive-only tools (Subfinder, Assetfinder), it performs active DNS enumeration, pivots to related ASNs and CIDRs, and builds a relationship graph of the target's full internet footprint. Best for pre-engagement scoping or full attack-surface audits. Slower than other recon plugins but discovers significantly more hosts.", "category": "recon", "author": { "name": "SecuScan Contributors", "email": "dev@secuscan.local" }, "license": "MIT", - "icon": "🔎", + "icon": "\ud83d\udd0e", "engine": { "type": "cli", "binary": "amass" @@ -30,8 +30,7 @@ "label": "Root Domain", "type": "string", "required": true, - "placeholder": "secuscan.in", - "help": "Enter the root domain to enumerate subdomains for (for example: example.com). Do not include http://, https://, paths, or subdomains." + "placeholder": "secuscan.in" } ], "presets": { @@ -56,5 +55,5 @@ "python_packages": [], "system_packages": [] }, - "checksum": "5a0ea8ff2a07b965685a2772bb2557afde4ef50e23dc423c99c27ce518494747" + "checksum": "39d86cb3f2258353d40ef0f81b71955d4490f51e4986fe662fcf4cbce68b179d" } diff --git a/plugins/dns_enum/metadata.json b/plugins/dns_enum/metadata.json index b3dba071d..ff1c22e6c 100644 --- a/plugins/dns_enum/metadata.json +++ b/plugins/dns_enum/metadata.json @@ -2,8 +2,8 @@ "id": "dns_enum", "name": "DNS Reconnaissance", "version": "1.0.0", - "description": "Enumerate DNS records and configurations", - "long_description": "DNSRecon is a powerful DNS reconnaissance tool. It can perform various types of DNS security assessments, including zone transfers, reverse lookups, and brute forcing.", + "description": "Enumerate DNS records (A, MX, NS, SOA), attempt zone transfers, and brute-force subdomains using DNSRecon.", + "long_description": "DNS Recon uses DNSRecon to inspect the DNS configuration of a target domain. Unlike subdomain discovery plugins (Amass, Subfinder), this plugin focuses on DNS record types and server misconfigurations \u2014 such as exposed zone transfers (AXFR) and missing SPF/DMARC records. Use this after identifying a target domain to understand its DNS infrastructure before deeper enumeration.", "category": "recon", "author": { "name": "SecuScan Contributors", @@ -88,5 +88,5 @@ ] }, "docker_image": "darkoperator/dnsrecon:latest", - "checksum": "a9d9107ad715c542acc252d495337b6f7de790210e3d300971e1aba2e19260f4" + "checksum": "4d52a0d59b109ada0c9c178f06c6135825a48f152cf613c35638fec5f6c6f382" } diff --git a/plugins/dnsx/metadata.json b/plugins/dnsx/metadata.json index 0d2af40b4..e4b3b760f 100644 --- a/plugins/dnsx/metadata.json +++ b/plugins/dnsx/metadata.json @@ -2,15 +2,15 @@ "id": "dnsx", "name": "dnsx", "version": "1.0.0", - "description": "DNS resolution and wildcard-aware validation at scale.", - "long_description": "DNS resolution and wildcard-aware validation at scale.", + "description": "Resolve and validate a list of hostnames at scale with wildcard detection.", + "long_description": "dnsx is a DNS resolution tool, not a subdomain discovery tool. It takes a list of hostnames (typically output from Subfinder or Amass) and resolves them to confirm which ones are live, filtering out wildcard DNS responses. Use dnsx as a post-processing step after subdomain discovery \u2014 pipe Subfinder or Amass output into dnsx to get a clean, validated list of active hosts.", "category": "recon", "author": { "name": "SecuScan Contributors", "email": "dev@secuscan.local" }, "license": "MIT", - "icon": "🔎", + "icon": "\ud83d\udd0e", "engine": { "type": "cli", "binary": "dnsx" @@ -27,8 +27,7 @@ "label": "Domain", "type": "string", "required": true, - "placeholder": "secuscan.in", - "help": "The target domain against which DNS resolution and verification will be performed (e.g., example.com)." + "placeholder": "secuscan.in" } ], "presets": { @@ -53,5 +52,5 @@ "python_packages": [], "system_packages": [] }, - "checksum": "d7a7914e25e63212882702cc8ff218819dd609e38025e24514dd36cf6670cb68" + "checksum": "e3c2ae76d363be9f31db107aac0c9798124a36a92a6757b6c3d29f1cd6094761" } diff --git a/plugins/domain-finder/metadata.json b/plugins/domain-finder/metadata.json index 00e40a60f..7058d3044 100644 --- a/plugins/domain-finder/metadata.json +++ b/plugins/domain-finder/metadata.json @@ -2,8 +2,8 @@ "id": "domain-finder", "name": "Domain Finder", "version": "1.0.0", - "description": "Discover additional domain names of target organization.", - "long_description": "Discover additional domain names of target organization.", + "description": "Discover root domains owned by a target organization using Amass enum. Note: currently shares binary with the Amass plugin \u2014 see issue #547.", + "long_description": "Uses Amass enum to surface domains related to a target organization. This plugin currently shares its underlying binary and command with the Amass plugin. A future update should replace it with a dedicated tool (e.g. reverse WHOIS, Amass intel mode) to make it truly distinct.", "category": "recon", "author": { "name": "SecuScan Contributors", @@ -17,11 +17,10 @@ }, "command_template": [ "amass", - "enum", + "intel", "-d", "{target}", - "-dir", - "/tmp/amass", + "-whois", "-silent" ], "fields": [ @@ -55,5 +54,5 @@ "python_packages": [], "system_packages": [] }, - "checksum": "b8bc0ebc7ba6b739c3f81be706c98cc354e9ffdad1468d62ef00600a3e8907d6" + "checksum": "8906eac8330d6dd5984da8e8cc94aff3af41612236f34bb01b78a77ecc525ace" } diff --git a/plugins/subfinder/metadata.json b/plugins/subfinder/metadata.json index 4d0c0bc3e..d29e034b1 100644 --- a/plugins/subfinder/metadata.json +++ b/plugins/subfinder/metadata.json @@ -2,8 +2,8 @@ "id": "subfinder", "name": "Subfinder", "version": "1.0.0", - "description": "Quick passive subdomain enumeration with minimal configuration.", - "long_description": "A lightweight subdomain discovery plugin using ProjectDiscovery's subfinder. Optimized for speed with a single input — just provide the root domain. Best for quick recon where you want results fast without tuning parameters.", + "description": "Fast passive subdomain discovery with zero active traffic sent to the target.", + "long_description": "Subfinder queries 40+ third-party intelligence APIs (Censys, VirusTotal, SecurityTrails, Shodan, etc.) to retrieve known subdomains without ever contacting the target directly. Unlike Amass, it performs no active DNS brute-forcing and leaves no footprint on target infrastructure. Results are raw unresolved hostnames. Use when speed or strict rules of engagement matter.", "category": "recon", "author": { "name": "SecuScan Contributors", @@ -52,5 +52,5 @@ "python_packages": [], "system_packages": [] }, - "checksum": "f9046380e1c3a3f6d516b1d1afb7ababcc2aa23ca0d0e74e928403bda0b881f4" + "checksum": "75b2d7805260599506069e728fe8d2b2b82d0cba6224a7282e079c22be16a989" }