LazyRecon is a script which automates some of the boring tasks of reconnaissance and information gathering. LazyRecon automatically runs the different reconnaissance methods with a single command which allows it to be easily used as part of automated workflows.
LazyRecon: Reconnaissance Process Automator
After giving a target to LazyRecon, it will automatically grab all subdomains, find any CNAME records and scrape for data. In addition to this, it will perform port scanning, gather DNS information and generate a HTML report detailing all the revealed information. After all of this has been complete, the user will know what their next step should be and what points can be targeted for exploitation.
Features:
- Create a dated folder with recon notes
- Find any CNAME records pointing to unused cloud services like aws
- Get dns information about every subdomain
- Perform dirsearch for all subdomains
- Grab subdomains using Sublist3r or dns bruteforcing using massdns
- Directory search module (multithreaded up to 10 subdomains scanned at a time)
- Enhanced html reports with the ability to search for strings, endpoints, reponse sizes or status codes
- Subdomain exclusion by using option
-elike this:-e excluded.domain.com,other.domain.com
Supported Platforms:
- Linux
Requirements:
- Go version 1.10+
Install
Run the following commands:
$ git clone https://github.com/nahamsec/bbht.git $ cd bbht $chmod +x install.sh $ ./install.sh
LazyRecon Usage
Move to the installation directory and enter the following command:
$ ./lazyrecon.sh -d domain.com
_ ____ ____ ___ _ ____ _____ ____ ____ _
/ \ / _ \/_ \\ \/// __\/ __// _\/ _ \/ \ /|
| | | / \| / / \ / | \/|| \ | / | / \|| |\ ||
| |_/\| |-||/ /_ / / | /| /_ | \__| \_/|| | \||
\____/\_/ \|\____//_/ \_/\_\\____\\____/\____/\_/ \|
Recon started on domain.com
Listing subdomains using sublister...
Checking certspotter...
Checking http://crt.sh
Starting Massdns Subdomain discovery this may take a while
Traceback (most recent call last):
File "/home/cyberpunk/tools/massdns/scripts/subbrute.py", line 8, in
for lines in open(sys.argv[1]):
IOError: [Errno 2] No such file or directory: '/home/cyberpunk/tools/SecLists/Discovery/DNS/clean-jhaddix-dns.txt'
Massdns finished...
Started dns records check...
Looking into CNAME Records...
Excluding domains (if you set them with -e)...
Subdomains that have been excluded from discovery:
Starting discovery...
Probing for live hosts...
cat: ./domain.com/recon-2020-06-06/urllist.txt: No such file or directory
Total of 1 live subdomains were found
Starting aquatone scan...
./lazyrecon.sh: line 148: aquatone: command not found
Scraping wayback for data...
Wordlist saved to /domain.com/recon-2020-06-06/wayback-data/paramlist.txt
Starting dirsearch...
wc: /home/cyberpunk/tools/dirsearch/reports//: Is a directory
Scan for domain.com finished successfully
Scan completed in : 2 minutes and 15 seconds.
