Automating Recon

Frameworks

  • FinalRecon: A Python-based reconnaissance tool offering a range of modules for different tasks like SSL certificate checking, Whois information gathering, header analysis, and crawling. Its modular structure enables easy customisation for specific needs.

  • Recon-ng: A powerful framework written in Python that offers a modular structure with various modules for different reconnaissance tasks. It can perform DNS enumeration, subdomain discovery, port scanning, web crawling, and even exploit known vulnerabilities.

  • theHarvester: Specifically designed for gathering email addresses, subdomains, hosts, employee names, open ports, and banners from different public sources like search engines, PGP key servers, and the SHODAN database. It is a command-line tool written in Python.

  • SpiderFoot: An open-source intelligence automation tool that integrates with various data sources to collect information about a target, including IP addresses, domain names, email addresses, and social media profiles. It can perform DNS lookups, web crawling, port scanning, and more.

  • OSINT Framework: A collection of various tools and resources for open-source intelligence gathering. It covers a wide range of information sources, including social media, search engines, public records, and more.

FinalRecon

FinalRecon offers a wealth of recon information:

  • Header Information: Reveals server details, technologies used, and potential security misconfigurations.

  • Whois Lookup: Uncovers domain registration details, including registrant information and contact details.

  • SSL Certificate Information: Examines the SSL/TLS certificate for validity, issuer, and other relevant details.

  • Crawler:

    • HTML, CSS, JavaScript: Extracts links, resources, and potential vulnerabilities from these files.

    • Internal/External Links: Maps out the website's structure and identifies connections to other domains.

    • Images, robots.txt, sitemap.xml: Gathers information about allowed/disallowed crawling paths and website structure.

    • Links in JavaScript, Wayback Machine: Uncovers hidden links and historical website data.

  • DNS Enumeration: Queries over 40 DNS record types, including DMARC records for email security assessment.

  • Subdomain Enumeration: Leverages multiple data sources (crt.sh, AnubisDB, ThreatMiner, CertSpotter, Facebook API, VirusTotal API, Shodan API, BeVigil API) to discover subdomains.

  • Directory Enumeration: Supports custom wordlists and file extensions to uncover hidden directories and files.

  • Wayback Machine: Retrieves URLs from the last five years to analyse website changes and potential vulnerabilities.

git clone https://github.com/thewhiteh4t/FinalRecon.git
cd FinalRecon
pip3 install -r requirements.txt
chmod +x ./finalrecon.py
./finalrecon.py --help

Usage:

./finalrecon.py --headers --whois --url http://inlanefreight.com
PreviousSearch Engine DiscoveryNextVulnerability Assessment

Last updated