Do some quick reconnaissance on a domain-based web-application.
This is very useful if you test a single web-application or domain and don't have time (mood) to gather information manually.
- Retreive the IP adress, location and it's corresponding IP range and IP history
- Do a HTTP-OPTIONS request to lookup the allowed HTTP methods
- Print the HTTP-response headers set by the server
- Get the used technology (webserver, proxy, languages, scriptlanguage, frontend, frameworks) based on: w3techs.com
- Get the name of the CMS (if in use) based on: whatcms.org
- Read out: robots.txt
- Bruteforce some interesting files, wordlist from: github.com/hannob/snallygaster
pip -r requirements.txt
quick-recon.py [-h] domain positional arguments: domain domain (by URL;e.g. https://test.de) optional arguments: -h, --help show this help message and exit
python quick-recon.py https://bund.de will output: