Skip to content
/ magicRecon Public
forked from robotshell/magicRecon

This repository contain a powerful shell script to maximize the data collection process of an objective

2 stars 163 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mswell/magicRecon

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

38 Commits
README.md
README.md
 
 
example.png
example.png
 
 
magicRecon.sh
magicRecon.sh
 
 

Repository files navigation

MagicRecon

Description

Recon is an essential element of any penetration testing. This repository contain a powerful shell script to maximize the recon and data collection process of an objective. With this script you can easily find:

  • Sensitive information disclosure.
  • Missing HTTP headers
  • Open S3 buckets.
  • Subdomain takeovers.
  • Open ports and services.
  • Endpoints.
  • Directories.
  • Javascript files with senstive info
  • CORS missconfigurations
  • Other quick bugs.

Disclaimer ⚠️

The author of this document take no responsibility for correctness. This project is merely here to help guide security researchers towards determining whether something is vulnerable or not, but does not guarantee accuracy. Warning: This code was originally created for personal use, it generates a substantial amount of traffic, please use with caution.

Tools needed

IMPORTANT: YOU NEED TO INSTALL ALL THE TOOLS IN YOUR HOME FOLDER AND INSERT YOUR GITHUB TOKEN IN THE SCRIPT CONFIGURATION TO USE Github-subdomains.py.

How does it work?

The script has 5 phases:

  1. Subdomain enumeration: Amass, Certsh.py, Github-subdomains.py, Gobuster DNS and Assetfinder tools are used to find the maximum possible number of subdomains. httprobe is used to probe for working http and https servers. Then Subjack is used to quickly check if it exists subdomains takeover. Corsy tool is used to find CORS missconfigurations. Finally, Aquatone takes screenshots of each subdomain.

  2. Headers: curl is used to obtain the headers of each subdomain.

  3. Javascript: relative-url-extractor and Jsearch.py are used to inspect the javascript files of each subdomain for endpoints and sensitive information.

  4. Directories and hidden files: Gobuster DIR is used to collect hidden files and directories through a dictionary. You can change the dictionary in the script configuration.

  5. Nmap: Nmap is used to scan ports and services quiclky.

All the data generated in the different processes are saved in different files and directories in different formats.

Example image

Usage

./magicRecon.sh <domain>

Thanks

About me

Twitter

Donation

  • If you've earned a bug bounty using this tool, please consider donating to support it's development. You can help me to develop more useful tools. Thanks 😍

About

This repository contain a powerful shell script to maximize the data collection process of an objective

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%