Skip to content
Do some quick reconnaissance on a domain-based web-application
Branch: master
Clone or download
Latest commit 676e15a Jun 28, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
LICENSE Initial commit Jun 17, 2018 Added IP-history Jun 28, 2018 Added IP-history Jun 28, 2018

Do some quick reconnaissance on a domain-based web-application.
This is very useful if you test a single web-application or domain and don't have time (mood) to gather information manually.


  • Retreive the IP adress, location and it's corresponding IP range and IP history
  • Do a HTTP-OPTIONS request to lookup the allowed HTTP methods
  • Print the HTTP-response headers set by the server
  • Get the used technology (webserver, proxy, languages, scriptlanguage, frontend, frameworks) based on:
  • Get the name of the CMS (if in use) based on:
  • Read out: robots.txt
  • Bruteforce some interesting files, wordlist from:


pip -r requirements.txt

Usage [-h] domain

positional arguments:
  domain      domain (by URL;e.g.

optional arguments:
  -h, --help  show this help message and exit


Executing python will output:

[-] IP Information: (DE), BSI-IVBB
[-] IP Range:
[!] HTTP-OPTIONS failed
[-] HTTP-response header:
	Date: Sun, 17 Jun 2018 21:54:00 GMT
	Content-Length: 233
	Keep-Alive: timeout=5, max=100
	Connection: Keep-Alive
	Content-Type: text/html; charset=iso-8859-1
	Set-Cookie: {..}
[!] No "Server"-header
[-] W3-technologies:
	Content Management: Government Site Builder
	Server-side Language: Java
	Client-side Language: JavaScript
	JavaScript Library: jQuery
	Markup Language: HTML5
	Character Encoding: UTF-8
	Image File Formats: PNG, JPEG
	Site Elements: External CSS, Inline CSS, Session Cookies
	SSL Certificate Authority: Deutsche Telekom
	Server Location: Germany
	Content Language: German
[!] No CMS detected
[!] No robots.txt
[!] Checking interesting files
[-] Checked 50% of dictionary
[!] Finished quick-reconnaissance on:
You can’t perform that action at this time.