Combine multiple tools to search subdomain in a efficient way, runnable externaly in C.I or external VPS.
- Fork the project
- Go to the project settings and set the varriables (TARGET, DEPTH & GMAIL_TOKEN)
- Run the actions (or push a commit with a message start with "SCAN" :)
Result will be in results.txt
git pull origin develop
docker build recoon4poor:latest . && docker run -e TARGET=$TARGET recoon4poor:ltestImage is hosted directly under ghcr.io/the-maux/recoon4poor:latest So you can just do a
id
docker run -e TARGET=foo.com recoon4poor:latestTODO: Put a graphic with tools comparaison TODO: explain difference with the multiples DEPTH and usae of GMAIL_TOKEN TODO: Gif exemple of an execution
Thanks to all the makers <3 :
- https://github.com/nsonaniya2010/SubDomainizer
- https://github.com/aboul3la/Sublist3r
- https://github.com/duty1g/subcat
- https://github.com/m4ll0k/SecretFinder
- https://github.com/GerbenJavado/LinkFinder
- https://github.com/lc/gau
- https://github.com/tomnomnom/assetfinder
- https://github.com/jaeles-project/gospider
- https://github.com/tomnomnom/waybackurls
- https://github.com/ThreatUnkown/jsubfinder
- https://github.com/hakluke/hakrawler
- https://github.com/projectdiscovery/subfinder
- https://github.com/projectdiscovery/httpx
- https://github.com/projectdiscovery/nuclei
Inspired by KathanP19 in bash & Go: https://github.com/KathanP19/JSFScan.sh
https://medium.com/@sherlock297/how-to-check-subdomains-are-active-or-not-91fd75e3e412
docker run -ite TARGET=target.com -v "pwd/src:/opt/recoon/src" recoon4poor:local python src/main.py
https://cheatsheet.haax.fr/web-pentest/tools/nuclei/
subfinder -d domain.com -silent -all | httpx -silent | nuclei -tags xss -exclude-severity info -rl 20 -c 10 -o result_xss.txt