GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → capt-meelo → Lazyrecon

capt-meelo / Lazyrecon

Licence: mit
An automated approach to performing recon for bug bounty hunting and penetration testing.

Programming Languages

shell
77523 projects

Labels

pentestbugbountyreconnaissancerecon

Projects that are alternatives of or similar to Lazyrecon

flydns
Related subdomains finder
Stars: ✭ 29 (-89.72%)
Mutual labels:  recon, bugbounty, pentest, reconnaissance
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-49.65%)
Mutual labels:  recon, bugbounty, pentest, reconnaissance
Recon Pipeline
An automated target reconnaissance pipeline.
Stars: ✭ 278 (-1.42%)
Mutual labels:  reconnaissance, recon, bugbounty
Asnlookup
Leverage ASN to look up IP addresses (IPv4 & IPv6) owned by a specific organization for reconnaissance purposes, then run port scanning on it.
Stars: ✭ 163 (-42.2%)
Mutual labels:  pentest, reconnaissance, bugbounty
Recon My Way
This repository created for personal use and added tools from my latest blog post.
Stars: ✭ 271 (-3.9%)
Mutual labels:  reconnaissance, recon, bugbounty
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+1119.5%)
Mutual labels:  reconnaissance, recon, bugbounty
Reconftw
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Stars: ✭ 974 (+245.39%)
Mutual labels:  pentest, recon, bugbounty
leaky-paths
A collection of special paths linked to major web CVEs, known misconfigurations, juicy APIs ..etc. It could be used as a part of web content discovery, to scan passively for high-quality endpoints and quick-wins.
Stars: ✭ 507 (+79.79%)
Mutual labels:  recon, bugbounty, pentest
3klcon
Automation Recon tool which works with Large & Medium scopes. It performs more than 20 tasks and gets back all the results in separated files.
Stars: ✭ 189 (-32.98%)
Mutual labels:  reconnaissance, recon, bugbounty
apkizer
apkizer is a mass downloader for android applications for all available versions.
Stars: ✭ 40 (-85.82%)
Mutual labels:  recon, bugbounty, reconnaissance
aquatone
A Tool for Domain Flyovers
Stars: ✭ 43 (-84.75%)
Mutual labels:  bugbounty, pentest, reconnaissance
Autorecon
Simple shell script for automated domain recognition with some tools
Stars: ✭ 244 (-13.48%)
Mutual labels:  reconnaissance, recon, bugbounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-32.62%)
Mutual labels:  reconnaissance, recon, bugbounty
targets
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.
Stars: ✭ 85 (-69.86%)
Mutual labels:  recon, bugbounty, reconnaissance
Getjs
A tool to fastly get all javascript sources/files
Stars: ✭ 190 (-32.62%)
Mutual labels:  reconnaissance, recon, bugbounty
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-37.23%)
Mutual labels:  pentest, reconnaissance, recon
Autosetup
Auto setup is a bash script compatible with Debian based distributions to install and setup necessary programs.
Stars: ✭ 140 (-50.35%)
Mutual labels:  reconnaissance, recon, bugbounty
Url Tracker
Change monitoring app that checks the content of web pages in different periods.
Stars: ✭ 171 (-39.36%)
Mutual labels:  reconnaissance, recon, bugbounty
Megplus
Automated reconnaissance wrapper — TomNomNom's meg on steroids. [DEPRECATED]
Stars: ✭ 268 (-4.96%)
Mutual labels:  reconnaissance, recon, bugbounty
Sub-Drill
A very (very) FAST and simple subdomain finder based on online & free services. Without any configuration requirements.
Stars: ✭ 70 (-75.18%)
Mutual labels:  recon, bugbounty, reconnaissance
View All Similar Projects ➔

LazyRecon

release license open issues closed issues

LazyRecon is a wrapper of various scripts that automates the tedious and redundant process of reconnaissance of a target domain.

LazyRecon utilizes the following tools:

Workflow

Flow

Installation

First, run the following commands to install the latest version of Go.

git clone https://github.com/capt-meelo/LazyRecon.git
cd LazyRecon
source get-go.sh

Then, modify the subEnumTools() function of install.sh by placing your Virustotal, Passivetotal, SecurityTrails, Censys, Riddler, and Shodan API keys. This will give better results during the subdomain enumeration.

~/go/bin/subfinder --set-config VirustotalAPIKey=<API-KEY-HERE>
~/go/bin/subfinder --set-config PassivetotalUsername=<API-KEY-HERE>,PassivetotalKey=<API-KEY-HERE>
~/go/bin/subfinder --set-config SecurityTrailsKey=<API-KEY-HERE>
~/go/bin/subfinder --set-config RiddlerEmail=<API-KEY-HERE>,RiddlerPassword=<API-KEY-HERE>
~/go/bin/subfinder --set-config CensysUsername=<API-KEY-HERE>,CensysSecret=<API-KEY-HERE>
~/go/bin/subfinder --set-config ShodanAPIKey=<API-KEY-HERE>

Finally, run the following to install the required tools.

chmod +x install.sh
./install.sh

How to Use

cd LazyRecon
chmod +x LazyRecon.sh
./LazyRecon.sh <target_domain>

Notes

  • It's suggested to run this tool in a VPS, such as DigitalOcean, for better speed & accuracy.
  • Running this tool takes time, thus it's recommended to run it under a screen or tmux session.
  • The tool runs masscan with the option --rate 10000 for more accurate results. Based on experiments, masscan misses some open ports when scanning large port ranges. Depending on your environment, you could do the following to have a good balance between speed and accuracy:
    • Increase the rate, and/or reduce the number of ports. For example, use the options --top-ports 1000 & --rate 100000.
    • If you feel masscan and nmap are slow, you can run them in the background by changing the command portScan to portScan > /dev/null 2>&1 &.

Tested On

  • Ubuntu 18.10 (64-bit)
  • Debian 9.8 (64-bit)
  • Kali 2019.1 (64-bit)

Contribute

If you have any problem or new idea, feel free to create an issue, or pull a request.

Credits

All of the tools being used by LazyRecon are developed by others, so big thanks to them!

Disclaimer

This tool is written for educational purposes only. You are responsible for your own actions. If you mess something up or break any law while using this tool, it's your fault and your fault only.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].