MagicRecon v2.0

MagicRecon version 2.0 released. This time I have focused on automating as much as possible the process of collecting data on a target and searching for common vulnerabilities in web applications (XSS, SQLi, CORS Missconfiguration, SSRF, Open Redirect, etc). The list of new features is as follows:

• Menu added to script.
• The script now has multiple options, keeping the core of the first version (Option “All in one! (Original MagicRecon)”).
• A function has been added to install all the necessary tools and dependencies to be able to use the script, thus facilitating its installation.
• New tools such as Nuclei, Kxss, Httpx, Notify, etc. have been added.
• Obsolete tools have been removed or those that their use did not contribute a good performance to the execution of the script.
• The script has been modulated using functions to make it easier to modify the code.
• Gobuster has been replaced by Wfuzz in the directory and file enumeration.
• An option has been added to perform a massive vulnerability scan to multiple targets with the possibility of receiving alerts for positives found through applications such as Telegram, Discord or Slack. This option is intended for use on VPS systems such as Digital Ocean or AWS instances.
• All the information obtained will be stored in an orderly manner in directories.
• And many more improvements!

HAPPY HUNTING!

MagicRecon v1.1

The script has new features, new tools and is able to detect more bugs:

• Sensitive information disclosure.
• Missing HTTP headers.
• Heartbleed Bug.
• Open S3 buckets.
• Subdomain takeovers.
• Bugs in TLS/SSL ciphers, protocols and cryptographic flaws.
• Open ports and services.
• Email spoofing.
• Endpoints.
• Directories.
• Javascript files with senstive info.
• CORS missconfigurations.
• Other quick bugs.