-
Notifications
You must be signed in to change notification settings - Fork 0
Reconnaissance
Menu key: 1 · File: lib/modules/recon.sh · Entry point:
kraken_recon_run
Passive and semi-passive information gathering about a domain or host: DNS records, subdomains, WHOIS registration data and reverse DNS.
| Step | Output file | Tool(s) | Notes |
|---|---|---|---|
| Connectivity test | (console) | ping |
ICMP probe, never aborts |
| DNS records | dns_records.txt |
dig → host → nslookup → getent
|
A, AAAA, MX, NS, TXT, CNAME |
| Subdomains | subdomains.txt |
subfinder |
skipped if not installed |
| WHOIS | whois.txt |
whois |
skipped if not installed |
| Reverse DNS | reverse_dns.txt |
dig -x / host
|
resolves the first A record back |
The module prefers dig because its +short output is clean and easy
to parse, and it queries all six record types (A, AAAA, MX, NS, TXT,
CNAME). When dig is absent it falls back to host for the same
record types, then to nslookup, and finally to a basic getent hosts
resolution. This chain means recon produces useful output on almost any
system.
TXT records are particularly useful, they often expose SPF/DKIM policies and third-party verification tokens (Google, Microsoft, etc.) that reveal which SaaS products an organisation uses.
If subfinder is on
PATH, Kraken runs it in silent mode and reports the count of
discovered subdomains. Install it with:
go install github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest[*] Launching reconnaissance module...
[?] Enter target (domain or IP): example.com
[+] Output directory: kraken_output/demo/recon_example.com
[*] Testing connectivity...
[+] Target is reachable
[*] Performing DNS lookups...
[+] DNS records saved
[*] Searching subdomains with subfinder...
[+] Found 12 subdomains
[*] Gathering WHOIS information...
[+] WHOIS data saved
[*] Attempting reverse DNS...
[+] Reverse DNS completed
[+] Reconnaissance complete!
kraken_output/<session>/recon_<target>/
dns_records.txt
subdomains.txt
whois.txt
reverse_dns.txt
These files feed the Reconnaissance section of the aggregated report. See Reporting.
Kraken Pentest Framework · MIT License · Maintained by Melvin PETIT · For authorized security testing only.
Getting started
Reference
Modules
Development
More