Recon Hunter

A tool to map the attack surface discovery of any target.

Tool Architecture

Tool Features

1. Sub-Domains Passive Scraping

2. Sub-Domains Brute Force

3. Sub-Domains Wildcard Removal

4. Sub-Domains Spidering

5. Sub-Domains Takeover

6. IPs Enumeration using Censys

7. Port Scanning

8. Websites' Screenshots

9. Directories & Files Brute Force

10. Internet Archive

11. AWS S3 Buckets

12. Github Leaked Secrets

Tool Prerequisities

You need to insert the AWS key also the Censys Key to use all the tool features.

AWS Key

aws configure

Censys Key

censys config

Tool Usage

# Installation
git clone https://github.com/hassan0x/ReconHunter
cd ReconHunter
./ReconHunter 0

# Help
./ReconHunter

# Run All the Commands
./ReconHunter 1 $domain_name $github_user
./ReconHunter 1 example.com user1

Tool Demo

The tool has been tried and validated on kali linux.

Installation

Usage

Result

Tools Used

• Amass

• SubFinder

• MassDNS

• GoSpider

• HTTProbe

• SubOver

• Censys

• Masscan

• Nmap

• Aquatone

• DirSearch

• WayBackUrls

• Unfurl

• S3Scanner

• AWScli

• TruffleHog

Tool Source Code

GitHub - hassan0x/ReconHunter: Attack Surface Discovery ToolGitHub