A Bash-based reconnaissance automation tool that streamlines the process of subdomain enumeration, live host detection, screenshot collection, and port scanning.
-
Multi-source subdomain enumeration using:
- Subfinder
- Assetfinder
- Amass
-
Live host identification using:
- httprobe
-
Screenshot collection using:
- GoWitness
-
Automated Nmap scanning of alive targets
-
Organized output structure:
- Subdomains
- Screenshots
- Scan Results
-
Reduces manual recon effort and speeds up target discovery.
Target Domain
│
▼
Subfinder + Assetfinder + Amass
│
▼
Merge & Deduplicate Results
│
▼
httprobe
│
▼
Alive Subdomains
│
├──► GoWitness Screenshots
│
└──► Nmap Scan
│
▼
Scan Results
Install the following tools before running the script:
- Subfinder
- Assetfinder
- Amass
- httprobe
- GoWitness
- Nmap
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latestgo install github.com/tomnomnom/assetfinder@latestgo install github.com/owasp-amass/amass/v4/...@mastergo install github.com/tomnomnom/httprobe@latestgo install github.com/sensepost/gowitness@latestsudo apt install nmapchmod +x recon.sh
./recon.sh example.comoutput/
└── example.com/
├── subdomains/
│ ├── subfinder.txt
│ ├── assetfinder.txt
│ ├── amass.txt
│ └── all_subdomains.txt
│
├── alive/
│ └── alive.txt
│
├── screenshots/
│ └── *.png
│
└── scans/
└── nmap_scan.txt
./recon.sh hackerone.comThe tool will:
- Enumerate subdomains.
- Remove duplicate entries.
- Identify live hosts.
- Capture screenshots of live assets.
- Perform Nmap scans.
- Store all outputs in organized directories.
This tool is intended for educational purposes and authorized security assessments only. Always obtain proper authorization before scanning or testing any systems.
Aniruddh Kumar Yadav
Cybersecurity Enthusiast | Bug Hunter | Automation Developer
GitHub: https://github.com/annithehunter LinkedIn: https://linkedin.com/in/annithehunter