A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use. Low on resources, high on information output. Helpful? BugBountyScanner helped you net a bounty? Description Note: Using the script over a VPN is highly recommended. It’s recommended to run BugBountyScanner from a server (VPS or home server), and not from yourRead More
BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most important step in any penetration testing or a bug hunting process. It provides an attacker with some preliminary knowledge on the target organisation. Furthermore, it willRead More
sigurls is a reconnaissance tool, it fetches URLs from AlienVault’s OTX, Common Crawl, URLScan, Github and the Wayback Machine. Usage To display help message for sigurls use the -h flag: $ sigurls -h _ _ ___(_) __ _ _ _ _ __| |___/ __| |/ _` | | | | ‘__| / __|__ | (_|Read More
NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and unpatched services. It is not a replacement for Qualys, Nessus, or OpenVAS. It does not do authenticated scans, and operates in black-box mode only. NERVE will do “some” CVE checks, but this is primarily coming fromRead More
Perform automated network reconnaissance scans to gather network intelligence.IntelSpy is a multi-threaded network intelligence spy tool which performs automated enumeration of network services. It performs live hosts detection scans, port scans, services enumeration scans, web content scans, brute-force, detailed off-line exploits searches and more.The tool will also launch further enumeration scans for each detected serviceRead More
Security Tool for Reconnaissance and Information Gathering on a website. (python 2.x & 3.x)This script use “WafW00f” to detect the WAF in the first step (https://github.com/EnableSecurity/wafw00f)This script use “Sublist3r” to scan subdomains (https://github.com/aboul3la/Sublist3r)This script use “waybacktool” to check in waybackmachine (https://github.com/Rhynorater/waybacktool)Features URL fuzzing and dir/file detection Test backup/old file on all the files found (index.php.bak,Read More
reNgine is an automated reconnaissance framework meant for gathering information during penetration testing of web applications. reNgine has customizable scan engines, which can be used to scan the websites, endpoints, and gather information. The beauty of reNgine is that it gathers everything in one place. It has a pipeline of reconnaissance, which can be customized.reNgineRead More
The script aims to help in classifying vulnerabilities in web applications. The methodology RecoX is arising can spot weaknesses other than OWASP top ten. The script presents information against the target system. It gathers the information recursively over each subdomain, and IP addr for a sophisticated attack. RecoX automates several functions and saves a significantRead More
FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. FeaturesFinalRecon provides detailed information such as : Header Information Whois SSL Certificate Information Crawler DNS Enumeration A, AAAA, ANY, CNAME, MX, NS, SOA, TXT Records DMARC Records Subdomain EnumerationRead More
MassDNS is a simple high-performance DNS stub resolver targetting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration, MassDNS is capable of resolving over 350,000 names per second using publicly available resolvers.Major changesThis version of MassDNS is currently experimental. In order toRead More
