{"id":28249058,"url":"https://github.com/aenoshrajora/shadow-recon","last_synced_at":"2025-06-13T11:30:37.616Z","repository":{"id":289899312,"uuid":"972754000","full_name":"aenoshrajora/Shadow-Recon","owner":"aenoshrajora","description":"Shadow Recon is an automated reconnaissance tool that combines top OSINT and scanning tools into a single seamless process. Ideal for pentesters and bug bounty hunters who want to automate their recon process.","archived":false,"fork":false,"pushed_at":"2025-04-25T16:01:47.000Z","size":575,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-19T13:14:05.942Z","etag":null,"topics":["pyhton","python-automation","python-script","reconnaissance","reconnaissance-framework"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aenoshrajora.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-04-25T15:51:19.000Z","updated_at":"2025-04-25T16:01:50.000Z","dependencies_parsed_at":"2025-04-25T17:23:34.859Z","dependency_job_id":"3d4adaec-eefa-497a-8fe8-b43fcfc09da4","html_url":"https://github.com/aenoshrajora/Shadow-Recon","commit_stats":null,"previous_names":["aenoshrajora/shadow-recon"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/aenoshrajora/Shadow-Recon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aenoshrajora%2FShadow-Recon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aenoshrajora%2FShadow-Recon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aenoshrajora%2FShadow-Recon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aenoshrajora%2FShadow-Recon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aenoshrajora","download_url":"https://codeload.github.com/aenoshrajora/Shadow-Recon/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aenoshrajora%2FShadow-Recon/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259637126,"owners_count":22888217,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pyhton","python-automation","python-script","reconnaissance","reconnaissance-framework"],"created_at":"2025-05-19T13:14:05.660Z","updated_at":"2025-06-13T11:30:37.589Z","avatar_url":"https://github.com/aenoshrajora.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Shadow Recon\n\n`An easy-to-use python tool to perform subdomain enumeration, endpoints recon and much more`\n\nThe purpouse of this tool is helping bug hunters and pentesters during reconnaissance\n\n## Installation:\n\nIf you want to install it:\n```sh\ngit clone https://github.com/aenoshrajora/Shadow-Recon\ncd Shadow-Recon\npip install -r requirements.txt\n```\n\n## Help Panel:\n\n```\nShadow-Recon - Automating reconnaissance\n\noptions:\n  -h, --help            show this help message and exit\n  -d DOMAIN, --domain DOMAIN\n                        domain to search its subdomains\n  -o OUTPUT, --output OUTPUT\n                        file to store the scan output\n  -t TOKEN, --token TOKEN\n                        api token of hunter.io to discover mail accounts and employees\n  -p, --portscan        perform a fast and stealthy scan of the most common ports\n  -a, --axfr            try a domain zone transfer attack\n  -m, --mail            try to enumerate mail servers\n  -e, --extra           look for extra dns information\n  -n, --nameservers     try to enumerate the name servers\n  -i, --ip              it reports the ip or ips of the domain\n  -6, --ipv6            enumerate the ipv6 of the domain\n  -w, --waf             discover the WAF of the domain main page\n  -b, --backups         discover common backups files in the web page\n  -s, --subtakeover     check if any of the subdomains are vulnerable to Subdomain Takeover\n  -r, --repos           try to discover valid repositories and s3 servers of the domain (still improving it)\n  -c, --check           check active subdomains and store them into a file\n  --secrets             crawl the web page to find secrets and api keys (e.g. Google Maps API Key)\n  --enum                stealthily enumerate and identify common technologies\n  --whois               perform a whois query to the domain\n  --wayback             find useful information about the domain and his different endpoints using The Wayback Machine and other services\n  --all                 perform all the enumeration at once (best choice)\n  --quiet               don't print the banner\n  --version             display the script version\n```\n\n## Usage:\n\n- A list of examples to use the tool in different ways \n\n\u003e Most basic usage to dump all the subdomains\n```sh\npython3 shadow-recon.py -d example.com\n```\n\n\u003e Enumerate subdomains and store them in a file\n```sh\npython3 shadow-recon.py -d example.com --output domains.txt\n```\n\n\u003e Don't show banner\n```sh\npython3 shadow-recon.py -d example.com --quiet\n```\n\n\u003e Enumerate specifics things using parameters\n```sh\npython3 shadow-recon.py -d example.com -n -p -w -b --whois --enum # You can use other parameters, see help panel\n```\n\n\u003e Perform all the recon functions (recommended)\n```sh\npython3 shadow-recon.py -d domain.com --all\n```\n\n## Features:\n\n:ballot_box_with_check: Enumerate subdomains using passive techniques (like **subfinder**)\n\n:ballot_box_with_check: A lot of extra queries to enumerate the DNS\n\n:ballot_box_with_check: Domain Zone transfer attack\n\n:ballot_box_with_check: WAF type detection\n\n:ballot_box_with_check: Common enumeration (CMSs, reverse proxies, jquery...)\n\n:ballot_box_with_check: Whois target domain\n\n:ballot_box_with_check: Subdomain Takeover checker\n\n:ballot_box_with_check: Scan common open ports\n\n:ballot_box_with_check: Check active subdomains (like **httprobe**)\n\n:ballot_box_with_check: Wayback machine support to enumerate endpoints (like **waybackurls**)\n\n:ballot_box_with_check: Email harvesting\n\n## Todo:\n\n- Compare results with other tools such as **subfinder**, **gau**, **httprobe**...\n- Improve code and existings functions\n\n## Demo:\n\n\u003e Simple query to find valid subdomains\n\u003cimg src=\"https://raw.githubusercontent.com/aenoshrajora/Shadow-Recon/refs/heads/main/demo.png\"\u003e\n\n## Third part\n\nThe tool uses different services to get subdomains in different ways\n\nThe WAF detector was modified and adapted from [CRLFSuite](https://github.com/Nefcore/CRLFsuite) concept \u003c3\n\nAll DNS queries use **dns-python** at 100%, no **dig** or any extra tool needed\n\nEmail harvesting functions is done using **Hunter.io** API with personal token (free signup)\n\n\n\nCopyright © 2025-26, *Aenosh Rajora*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faenoshrajora%2Fshadow-recon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faenoshrajora%2Fshadow-recon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faenoshrajora%2Fshadow-recon/lists"}