Recon.sh

1. securitycipher.com
2. #!/bin/bash
3. if [ $# -ne 1 ]; then echo "Usage: $0 ‹domain>" exit 1
4. fi
5. DOMAIN=$1
6. # Create a directory to store results mkdir -p recon_results cd recon_results
7. # Step 1: Domain and Subdomain Enumeration echo "[*] Starting subdomain enumeration for $DOMAIN" amass enum -passive -d $DOMAIN -o amass_passive.txt sublist3r -d $DOMAIN -o sublist3r.txt subfinder -d $DOMAIN -o subfinder.txt cat amass_passive.txt sublist3r.txt subfinder.txt | sort -u › all_subdomains.txt echo "[*] Subdomain enumeration completed. Results saved to all_subdomains.txt"
8. # Step 2: WHOIS Information Gathering echo "[*] Gathering WHOIS information for $DOMAIN" whois $DOMAIN › whois_info. txt echo "[*] WHOIS information saved to whois_info.txt"
9. # Step 3: Checking for Live Subdomains echo "[*] Checking for live subdomains using httpx" httpx -1 all_subdomains.txt -o live_subdomains.txt echo "[*] Live subdomains check completed. Results saved to live_subdomains.txt"
10. # Step 4: Port Scanning echo "[*] Starting port scanning" while IFS= read -r subdomain; do
11. echo "[*] Scanning $subdomain with Masscan" masscan -p1-65535 subdomain --rate=1000 -oG masscan_output_$subdomain.txt echo "[*] Scanning $subdomain with Naabu" naabu -host $subdomain -o naabu_output_$subdomain.txt
12. done ‹ live_subdomains. txt echo "[*] Port scanning completed. Results saved to masscan_output_*.txt and naabu_output_*.txt"
13. # Step 5: Service Enumeration echo "[*] Starting service enumeration" while IFS= read -r subdomain; do
14. echo "[*] Enumerating services on $subdomain" whatweb $subdomain -o whatweb_$subdomain.txt wappalyzer subdomain -o wappalyzer_$subdomain. json
15. done ‹ live_subdomains.txt echo "[*] Service enumeration completed. Results saved to whatweb_*. txt and wappalyzer_* json"
16. # Step 6: Vulnerability Scanning echo "[*] Starting vulnerability scanning" while IFS= read -r subdomain; do
17. echo "[*] Scanning $subdomain with Nikto" nikto -h $subdomain -o nikto_$subdomain.txt echo "[*] Scanning $subdomain with OWASP ZAP" zap-baseline.py -t http://$subdomain -r zap_report_$subdomain.html echo "[*] Scanning $subdomain with Nuclei" nuclei -u http: //$subdomain -o nuclei_$subdomain.txt
18. done ‹ live subdomains.txt echo "[*] Vulnerability scanning completed. Results saved to nikto_*.txt, zap_report_*.html, and nuclei_*.txt"
19. # Step 7: Taking Screenshots of Live Domains echo "[*] Taking screenshots of live domains" eyewitness --web -f live_subdomains.txt --no-prompt --results eyewitness_results echo "[*] Screenshots taken and saved in the eyewitness_results directory"
20. echo "[*] Recon workflow completed. All results are saved in the recon_results directory."
21.