Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[addtool] ReconBulk #1102

Closed
piyush-security opened this issue May 2, 2023 · 3 comments
Closed

[addtool] ReconBulk #1102

piyush-security opened this issue May 2, 2023 · 3 comments
Labels
enhancement New feature or request refused

Comments

@piyush-security
Copy link

[homepage]
https://github.com/TaurusOmar/reconbulk
[/homepage]

[tags]
recon, enumeration, subdomains, domains, bugbounty
[/tags]

[short_descr]
Automated Subdomain Enumeration and Scanning Tool
[/short_descr]

[long_descr]

ReconBulk

Automated Subdomain Enumeration and Scanning Tool

______                    ______       _ _
| ___ \                   | ___ \     | | |
| |_/ /___  ___ ___  _ __ | |_/ /_   _| | | __
|    // _ \/ __/ _ \| '_ \| ___ \ | | | | |/ /
| |\ \  __/ (_| (_) | | | | |_/ / |_| | |   <
\_| \_\___|\___\___/|_| |_\____/ \__,_|_|_|\_\


					V.1.0
					Taurus Omar

Scanning crt.sh...

Target ==> projectdiscovery.io

Searching in the CertSpotter API... 🔍
Searching in the Crtsh database API... 🔍
Searching in the Threatcrowd API... 🔍
Searching in the AnubisDB API... 🔍
Searching in the Urlscan.io API... 🔍
Searching in the Threatminer API... 🔍
Searching in the Sublist3r API... 🔍
Searching in the Archive.org API... 🔍

This script automates the process of subdomain enumeration and scanning using several popular open-source tools, combining their results and providing detailed output. The primary purpose of this tool is to simplify and streamline the process of discovering subdomains and their related information for a given domain.

Features

  • Uses Amass, Subfinder, Assetfinder, Findomain, crt.sh, MassDNS, Httpx, Naabu, and Nuclei
  • Combines subdomain results from all tools into a single file
  • Extracts IP addresses for discovered subdomains
  • Scans subdomains with Httpx and sorts the results
  • Scans subdomains with Naabu to find open ports
  • Scans subdomains with Nuclei for potential vulnerabilities
  • Organizes results in a structured directory
  • The tool follows a logical structure to gather the subdomains and information from each tool to be used by the next one.
  • Postive httpx subdomains are used for scanning by Nuclei.

File Structure

recon/
└── results/
└── example.com-<timestamp>/
├── amass_example.com/
│   ├── config.ini
│   ├── db/
│   ├── named/
│   └── notes.md
├── amass_example.com.txt
├── assetfinder_example.com.txt
├── findomain_example.com.txt
├── httpx_example.com.txt
├── naabu_example.com.txt
├── nuclei_example.com.txt
├── subdomains/
│   ├── amass_example.com.txt
│   ├── assetfinder_example.com.txt
│   ├── crt.sh.txt
│   ├── findomain_example.com.txt
│   ├── subfinder_example.com.txt
│   └── unique_subdomains.txt
└── subfinder_example.com.txt

image

Installation

  1. If you have Go installed and configured (i.e. with $GOPATH/bin in your $PATH):
go install github.com/TaurusOmar/reconbulk@latest
  1. Install all required tools:

Make sure all these tools are in your system's PATH.

  1. Prepare a list of DNS resolvers. You can find a sample list here.

Usage

reconbulk <domain> <resolvers_list>
  • <domain>: The target domain to scan
  • <resolvers_list>: The file path to your list of DNS resolvers

The script will create a directory named ~/recon/results/<domain>-<timestamp> containing the output files from each tool.

Output

The output directory will contain the following files:

  • amass_{domain}.txt: Output from Amass
  • subfinder_{domain}.txt: Output from Subfinder
  • assetfinder_{domain}.txt: Output from Assetfinder
  • findomain_{domain}.txt: Output from Findomain
  • {domain}.crt.txt: Output from crt.sh
  • {domain}.subdomains.txt: Combined and unique subdomains from all tools
  • {domain}.ips.txt: IP addresses associated with the discovered subdomains
  • httpx_{domain}.txt: Results of the Httpx scan
  • sorted_httpx_{domain}.txt: Sorted Httpx results
  • naabu_{domain}.txt: Results of the Naabu scan
  • nuclei_{domain}.txt: Results of the Nuclei scan

[/long_descr]

[image]
image

[/image]
@gwen001
Copy link
Owner

gwen001 commented May 2, 2023

Issue correctly handled, tool is waiting for human validation.

@gwen001 gwen001 added the enhancement New feature or request label May 2, 2023
@gwen001
Copy link
Owner

gwen001 commented May 9, 2023

Tool has been refused by the team, feel free to get in touch if you have any question.

Thank you!

@gwen001 gwen001 closed this as completed May 9, 2023
@gwen001 gwen001 added wontfix This will not be worked on and removed enhancement New feature or request labels May 9, 2023
@gwen001
Copy link
Owner

gwen001 commented May 13, 2023

Tool has been refused by the team, feel free to get in touch if you have any question.

Thank you!

@gwen001 gwen001 added enhancement New feature or request refused and removed wontfix This will not be worked on labels Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request refused
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gwen001 @piyush-security