Recox combines numerous methods to form the ultimate web application reconnaissance tool. The main aim of the script is to find and then classify vulnerabilities within web applications. With its in-depth mechanism, it can help the user find unexpected vulnerabilities which are normally overlooked by other web application scanners.
Recox: Web Application Vulnerability Finder
Recox automated numerous functions required in a manual penetration test to help the user save time and focus on the real issues instead. Some of these functions include:
– Subdomain takeover
– Passive Scan
– Active Scan
– CORS Misconfiguration
– Zone Transfer Test
– Web Content Discovery
Involves the extraction of source link and parameters inside the webpage.
– Static Analysis (SAST)
– Dynamic Analysis (DAST)
Comprises of three check-ups (not as technical as previous 2):
– DNS Record Extraction
– Web of Trust (WOT)
The information is gathered recursively from each subdomain and IP address. After the web application is scanned, the various vulnerabilities are then presented to the user through the command line interface.
- Instead of performing a manual penetration test, the user can run this tool instead to find the vulnerabilities within the web application.
- This tool is easy to install and use.
- Finds uncommon vulnerabilities which are outside the OWASP top ten list of most common vulnerabilities.
- Saves significant amount of time for the user.
Clone the GitHub repo:
$ git clone https://github.com/samhaxr/recox
Enter the following commands:
$ chmod +x recox.sh $ ./recox.sh
██████╗ ███████╗ ██████╗ ██████╗ ██╗ ██╗ ██╔══██╗██╔════╝██╔════╝██╔═══██╗╚██╗██╔╝ ██████╔╝█████╗ ██║ ██║ //██║ ╚███╔╝ ██╔══██╗██╔══╝ ██║ ██║// ██║ ██╔██╗ ██║ ██║███████╗╚██████╗╚██████╔╝██╔╝ ██╗ ╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝ Twitter: @sulemanmalik_3 V1.0 ----------------------------------------------- DONE [######################### 100%] [!] VirusTotal API OK [!] Shodan API OK  Deep-Dom Scanner  Deep-JS  Web-Info  Exit
To run the Recox from anywhere in the terminal, use the following command:
$ mv recox.sh /usr/local/bin/recox