Skip to content
An automated approach to performing recon for bug bounty hunting and penetration testing.
Branch: master
Clone or download
Latest commit 5a7a3a0 Feb 27, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Feb 11, 2019
LazyRecon.sh
README.md
get-go.sh Updated to v1.3 Feb 21, 2019
install.sh Update install.sh Feb 22, 2019
workflow.png Updated to v1.3 Feb 21, 2019

README.md

LazyRecon

release license open issues closed issues

LazyRecon is a wrapper of various scripts that automates the tedious and redundant process of reconnaissance of a target domain.

LazyRecon utilizes the following tools:

Workflow

Flow

Installation

First, run the following commands to install the latest version of Go.

git clone https://github.com/capt-meelo/LazyRecon.git
cd LazyRecon
source get-go.sh

Then, modify the subEnumTools() function of install.sh by placing your Virustotal, Passivetotal, SecurityTrails, Censys, Riddler, and Shodan API keys. This will give better results during the subdomain enumeration.

~/go/bin/subfinder --set-config VirustotalAPIKey=<API-KEY-HERE>
~/go/bin/subfinder --set-config PassivetotalUsername=<API-KEY-HERE>,PassivetotalKey=<API-KEY-HERE>
~/go/bin/subfinder --set-config SecurityTrailsKey=<API-KEY-HERE>
~/go/bin/subfinder --set-config RiddlerEmail=<API-KEY-HERE>,RiddlerPassword=<API-KEY-HERE>
~/go/bin/subfinder --set-config CensysUsername=<API-KEY-HERE>,CensysSecret=<API-KEY-HERE>
~/go/bin/subfinder --set-config ShodanAPIKey=<API-KEY-HERE>

Finally, run the following to install the required tools.

chmod +x install.sh
./install.sh

How to Use

cd LazyRecon
chmod +x LazyRecon.sh
./LazyRecon.sh <target_domain>

Notes

  • It's suggested to run this tool in a VPS, such as DigitalOcean, for better speed & accuracy.
  • Running this tool takes time, thus it's recommended to run it under a screen or tmux session.
  • The tool runs masscan with the option --rate 10000 for more accurate results. Based on experiments, masscan misses some open ports when scanning large port ranges. Depending on your environment, you could do the following to have a good balance between speed and accuracy:
    • Increase the rate, and/or reduce the number of ports. For example, use the options --top-ports 1000 & --rate 100000.
    • If you feel masscan and nmap are slow, you can run them in the background by changing the command portScan to portScan > /dev/null 2>&1 &.

Tested On

  • Ubuntu 18.10 (64-bit)
  • Debian 9.8 (64-bit)
  • Kali 2019.1 (64-bit)

Contribute

If you have any problem or new idea, feel free to create an issue, or pull a request.

Credits

All of the tools being used by LazyRecon are developed by others, so big thanks to them!

Disclaimer

This tool is written for educational purposes only. You are responsible for your own actions. If you mess something up or break any law while using this tool, it's your fault and your fault only.

You can’t perform that action at this time.