{"id":13845161,"url":"https://github.com/cold-try/Gank-RECON","last_synced_at":"2025-07-12T01:31:51.950Z","repository":{"id":185080911,"uuid":"589799393","full_name":"cold-try/Gank-RECON","owner":"cold-try","description":"Subdomains enumeration, various scans and testing of some vulnerabilities.","archived":false,"fork":false,"pushed_at":"2025-02-27T15:07:37.000Z","size":14553,"stargazers_count":79,"open_issues_count":3,"forks_count":10,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-02-27T21:41:40.708Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cold-try.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-17T00:45:38.000Z","updated_at":"2025-02-27T15:07:41.000Z","dependencies_parsed_at":null,"dependency_job_id":"ca1b161d-1b26-432e-9007-76028295450c","html_url":"https://github.com/cold-try/Gank-RECON","commit_stats":null,"previous_names":["cold-try/gank-recon"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/cold-try/Gank-RECON","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cold-try%2FGank-RECON","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cold-try%2FGank-RECON/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cold-try%2FGank-RECON/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cold-try%2FGank-RECON/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cold-try","download_url":"https://codeload.github.com/cold-try/Gank-RECON/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cold-try%2FGank-RECON/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264923078,"owners_count":23683716,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-04T17:03:14.744Z","updated_at":"2025-07-12T01:31:51.672Z","avatar_url":"https://github.com/cold-try.png","language":"Python","funding_links":["https://www.buymeacoffee.com/zhero"],"categories":["Python"],"sub_categories":[],"readme":"# Gank recon. 🏹\nSubdomains enumeration, various scans and testing of some vulnerabilities.\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/cold-try/Gank-RECON/blob/master/media/gank_recon_logo.png\" height=250/\u003e\n\u003c/p\u003e\n\n## ⚙️ Features\n\n- Enumeration of subdomains from a domain name \n- Checking if a subdomain is takeoverable\n- Checking if an inaccessible subdomain is bypassable via HTTP verb tampering or custom header\n- Basic Auth bruteforce 🆕\n- Search for secrets (API keys, tokens, passwords, etc.) in the subdomain and its javascript files 🆕\n- Port scan\n- Recording of results and notifications of changes between each execution of the program (new subdomain/open ports/HTTP code/secrets)\n- Ergonomic listing of the different active subdomains sorted by HTTP code with the information related to them (open ports, vulnerabilities, changes)\n\n\u003e Possibility to customize certain parameters via the config.json file: personal word list (bruteforce), preferred ports, user-agent..\n\n## 🧪 Logic\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/cold-try/Gank-RECON/blob/master/media/gank_recon_logic.png\" height=700/\u003e\n\u003c/p\u003e\n\n## ⚡️ Installation\n\n- Python 3 is required\n- Chrome browser (or Chromium) is required\n- Install dependencies (preferably in a virtual environment) :\n```sh\npip install requirements.txt\n```\n---\nIf you are on a linux machine it may be necessary to install the libnss3 package :\n```sh\nsudo apt-get install libnss3\n```\n\n## 🚀 Launch\n\n• Before starting we need to get some API keys, this is not mandatory but highly recommended to maximize our results.\n\n| Service | Website | Is it free? |\n| ------ | ------ | ------ |\n| Binary Edge | https://www.binaryedge.io | yes\n| Security Trails | https://securitytrails.com | yes\n| Censys | https://censys.io | yes\n| VirusTotal | https://www.virustotal.com | yes\n| AlienVault | https://otx.alienvault.com | yes\n| Bevigil | https://bevigil.com | yes\n| Intelligence X | https://intelx.io | yes\n\nGo to the config.json file and enter your API keys there (*Most APIs are free but limited*).\n\n• You can modify the values contained in the config.json file: the user agent, the number of threads, the lists used for the bruteforce or modify the port lists by your preferred ports.\n\n• To start the program, go to the root of the directory and run the command : \n```sh\npython3 core.py\n```\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/cold-try/Gank-RECON/blob/master/media/output_exmpl.png\" height=500/\u003e\n\u003c/p\u003e\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://github.com/cold-try/Gank-RECON/blob/master/media/output_exmpl2.png\" height=500/\u003e\n\u003c/p\u003e\n\n## 🚨 Disclaimer \n\n• The objective of this tool is preventive and aims to secure websites by detecting potential vulnerabilities. The use of this tool on a website without the explicit agreement of its owner is strictly prohibited.\n\n• When using this tool on a bug bounty program, please be sure to read the policy of the targeted platform. Some companies do not accept active scans, in this case please limit yourself to the subdomain listing and do not enable options that go against this policy.\n\n## 💡Inspiration\n\nSome regex used to find secrets come from the very good repository: GitGraber\nhttps://github.com/hisxo/gitGraber\n\n## 🦾 Support me\n\nIf you want to support my work and encourage me in the creation of security tools, don't hesitate to buy me a coffee here : \n\n[![\"Buy Me A Coffee\"](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/zhero)\n\nTwitter Account : https://twitter.com/blank_cold\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcold-try%2FGank-RECON","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcold-try%2FGank-RECON","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcold-try%2FGank-RECON/lists"}