🐧
Hassan Saad
  • WHO AM I ?
  • Red Teaming
    • C2 Infrastructure
    • External Reconnaissance
    • Initial Compromise
      • Executable File (EXE)
      • HTML Application (HTA)
      • Visual Basic (VBA Macros)
      • Password Spraying
      • MITM Attack
      • Email Spoofing
    • Host Reconnaissance
      • Seatbelt
      • Screenshots & Keylogging
    • Host Persistence
      • Task Scheduler
      • Startup Folder
      • Registry AutoRun
      • COM Hijacking
    • Host Privilege Escalation
      • Automated Tools
      • Unquoted Service Path
      • Weak Service Permission
      • Weak Service Binary
      • Always Install Elevated
      • UAC Bypass
    • Domain Reconnaissance
      • PowerView
      • BloodHound
      • Linux Host
      • Internal Applications
    • Lateral Movement
      • PowerShell Remoting
      • PsExec
      • WMI
      • DCOM
    • Credentials Access
      • LogonPasswords
      • Security Account Manager (SAM)
      • Domain Cached Creds
      • Kerberos Tickets
      • DPAPI
      • User Impersonation
      • Pass The Hash
      • Over Pass The Hash
      • Internal Password Spraying
      • Sniffing
      • NTLM Relay
    • Pivoting & Forwarding
      • SOCKS Proxy
      • Reverse Port Forwards
      • Local Port Forwards
      • Session Passing
      • P2P Listeners
      • NTLM Relay
    • Kerberos
      • Authentication
      • Kerberoasting
      • ASREP-Roasting
      • Unconstrained Delegation
      • Constrained Delegation
      • Linux Credential Cache
    • Group Policy
      • Enumeration
      • RSAT (GPMC)
      • Sharp GPO Abuse
    • Access Control Lists (DACL)
      • GenericAll
      • WriteDacl
      • WriteOwner
    • MS SQL Servers
      • Enumeration
      • NetNTLM Capture
      • Command Execution
      • Lateral Movement
      • Privilege Escalation
    • Domain Dominance
      • DCSync Backdoor
      • AdminSDHolder
      • Remote Registry Backdoor
      • Skeleton Key
      • Silver Ticket
      • Golden Ticket
    • Forest & Domain Trusts
      • Parent/Child
      • One Way (Inbound)
      • One Way (Outbound)
    • Evasion Techniques
      • Obfuscation
      • Process Injection
      • LAPS
      • AppLocker
      • PowerShell Constrained Mode
      • AMSI
      • Antivirus Exclusion
  • Penetration Testing
    • Information Gathering
    • Scanning
    • Exploitation
    • Post Exploitation
    • Password Attacks
    • Web Attacks
    • Exploit Development
  • Technology Essentials
    • Linux
      • Basics
      • Tasks
    • Windows
      • Basics
      • Tasks
    • Network
      • Basics
      • Tasks
    • Programming
      • Basics
      • Tasks
  • Bug Hunting
    • XSS on Nokia
    • XSS on Wuzzuf
    • Business Logic Flaw on Souq (Amazon Company)
    • Rate Limit Bypass on LinkedIn
    • Sensitive Data Exposure on Google
  • Tools
    • Recon Hunter
    • Mail Hunter
    • Mobile Hunter
    • Chimera (Threat Hunter)
  • Extras
    • SQL Injection
    • Web Basics
    • Mobile Testing
      • Mobile Testing 1
      • Mobile Testing 2
      • Mobile Testing 3
Powered by GitBook
On this page
  • Tool Architecture
  • Tool Features
  • Tool Prerequisities
  • Tool Usage
  • Tool Demo
  • Tools Used
  • Tool Source Code
  1. Tools

Recon Hunter

PreviousToolsNextMail Hunter

Last updated 2 years ago

A tool to map the attack surface discovery of any target.

Tool Architecture

Tool Features

  1. Sub-Domains Passive Scraping

  2. Sub-Domains Brute Force

  3. Sub-Domains Wildcard Removal

  4. Sub-Domains Spidering

  5. Sub-Domains Takeover

  6. IPs Enumeration using Censys

  7. Port Scanning

  8. Websites' Screenshots

  9. Directories & Files Brute Force

  10. Internet Archive

  11. AWS S3 Buckets

  12. Github Leaked Secrets

Tool Prerequisities

You need to insert the AWS key also the Censys Key to use all the tool features.

AWS Key

aws configure

Censys Key

censys config

Tool Usage

# Installation
git clone https://github.com/hassan0x/ReconHunter
cd ReconHunter
./ReconHunter 0

# Help
./ReconHunter

# Run All the Commands
./ReconHunter 1 $domain_name $github_user
./ReconHunter 1 example.com user1

Tool Demo

The tool has been tried and validated on kali linux.

Installation

Usage

Result

Tools Used

  • Amass

  • SubFinder

  • MassDNS

  • GoSpider

  • HTTProbe

  • SubOver

  • Censys

  • Masscan

  • Nmap

  • Aquatone

  • DirSearch

  • WayBackUrls

  • Unfurl

  • S3Scanner

  • AWScli

  • TruffleHog

Tool Source Code

GitHub - hassan0x/ReconHunterGitHub
Logo