Skip to content
A subdomain reconnaissance scanner
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Nov 15, 2019
Pipfile.lock recon tool ready for use Nov 15, 2019 recon tool ready for use Nov 15, 2019 recon tool ready for use Nov 15, 2019

Subdomain Reconnaisance Scanner

A security tool to scan a domain to gather information. Useful for information gathering when potentially many subdomains are in use.

This tool will do the following:

  1. Check nameservers for the entire domain chain, searching for unregistered servers, which could lead to domain takeover
  2. Search for subdomains using DNSDumpster
  3. Screenshot each subdomain
  4. Search for any information shodan has on the subdomain's IP (requires a free shodan API key)


The project requires python3 with pipenv (pip install pipenv if you don't have it)

Clone the repository to your computer. You will need a chrome webdriver to enable screenshots - download the latest to the subdomain_recon/chrome directory from the chrome webdriver downloads page.

You can now install the dependencies with pipenv

pipenv install

Running the program

If you want to use shodan, set the SHODAN_API in your environment variables, though this is not required.

export SHODAN_API=<your api>
pipenv run python

The program will generate an html report for viewing.

You can’t perform that action at this time.