{"id":13587344,"url":"https://github.com/robotshell/magicRecon","last_synced_at":"2025-04-07T21:33:38.042Z","repository":{"id":47966418,"uuid":"222978344","full_name":"robotshell/magicRecon","owner":"robotshell","description":"MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.","archived":false,"fork":false,"pushed_at":"2024-07-23T10:51:49.000Z","size":602,"stargazers_count":942,"open_issues_count":7,"forks_count":159,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-04-05T08:14:02.795Z","etag":null,"topics":["bash-script","bug","bugbounty","bugbounty-tool","bugbountytricks","infosec","nuclei","scanner","sql-injection","subdomain","subdomains-enumeration","tool","vulnerability-scanners","xss-vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/robotshell.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"robotshell","custom":["https://www.paypal.com/paypalme/robotshell"]}},"created_at":"2019-11-20T16:17:16.000Z","updated_at":"2025-04-05T08:11:43.000Z","dependencies_parsed_at":"2024-07-22T13:35:29.947Z","dependency_job_id":"4beca0bb-b297-4e56-a27a-77b39bfc52ca","html_url":"https://github.com/robotshell/magicRecon","commit_stats":{"total_commits":119,"total_committers":2,"mean_commits":59.5,"dds":"0.10924369747899154","last_synced_commit":"1705ec156c5edcc825b03741f1410700e4d48158"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robotshell%2FmagicRecon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robotshell%2FmagicRecon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robotshell%2FmagicRecon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/robotshell%2FmagicRecon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/robotshell","download_url":"https://codeload.github.com/robotshell/magicRecon/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247732876,"owners_count":20986946,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash-script","bug","bugbounty","bugbounty-tool","bugbountytricks","infosec","nuclei","scanner","sql-injection","subdomain","subdomains-enumeration","tool","vulnerability-scanners","xss-vulnerability"],"created_at":"2024-08-01T15:06:09.993Z","updated_at":"2025-04-07T21:33:37.120Z","avatar_url":"https://github.com/robotshell.png","language":"Shell","readme":"\u003ch1 align=\"center\"\u003e\n  \u003cbr\u003e\n  \u003ca href=\"https://ibb.co/kG6XBMQ\"\u003e\u003cimg src=\"https://i.ibb.co/QJjMQXr/magicrecon.png\" alt=\"magicrecon\" style=\"width:100%\"\u003e\u003c/a\u003e\n  \u003cbr\u003e\n  MagicRecon: Fast, simple and effective \n  \u003cbr\u003e\n\u003c/h1\u003e\n\n\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/robotshell/magicRecon/releases\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/v/release/robotshell/magicrecon?include_prereleases\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://www.gnu.org/licenses/gpl-3.0.en.html\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/robotshell/magicrecon\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/robotshell/magicRecon/issues?q=is%3Aissue+is%3Aclosed\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/issues-closed/robotshell/magicrecon\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/robotshell/magicRecon/commits/master\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/last-commit/robotshell/magicrecon\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/robotshell/magicRecon/commits/master\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/languages/code-size/robotshell/magicrecon\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"\"\u003e\n    \u003cimg src=\"https://img.shields.io/twitter/follow/robotshelld?style=social\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\nMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.\n\nWith Magic Recon you can perform passive and active reconnaissance, vulnerability analysis, subdomain scan and many more!\n\n-------------------------------------\n\n# Main features :boom: \n- Save the results in an organized way in different formats.\n- Subdomain enumeration.\n- Check if the domains are alive.\n- Get whois information about every subdomain.\n- Get dns information about every subdomain.\n- Extract the technologies used in the domain.\n- Get information about the certificate used in the domain .\n- Take a screenshot on the domain.\n- Searches for emails on the domain, users and more things.\n- Enumerate public resources in AWS, Azure, and Google Cloud. \n- Search juicy information via GitHub Dorks.\n- Check all entrys in robots.txt file.\n- Get all endpoints on the web.\n- Perform a parameter scan.\n- Perform a port scan to discover open ports. \n- Perform a dirsearch to find directories and files.\n- Check if is possible to bypass 403 HTTP status code.\n- Perform a massive recon and vulnerability scan via Nuclei every X seconds.\n- Search missing security headers.\n- Check if the domain is vulnerable to Email spoofing.\n- Check if the domain is vulnerable to Subdomain takeover.\n- Check if the domain is vulnerable to Cross-Origin Resource Sharing (CORS).\n- Check if different endpoints are vulnerable to CSRF. \n- Look for entry points in the URL and check if it is vulnerable to Open Redirect.\n- Look for entry points in the URL and check if it is vulnerable to Cross-site scripting (XSS). \n- Look for entry points in the URL and check if it is vulnerable to SQL Injection (SQLi).\n- Look for entry points in the URL and check if it is vulnerable to Server-side request forgery (SSRF).\n- Search all JS files in the domain and perform a scan for API Keys, access tokens, endpoints, etc.\n- Check if the domain use a CMS and scan it.\n- And many more...\n\n-------------------------------------\n\n# Installation :hammer:\n\n```bash\n$ git clone https://github.com/robotshell/magicRecon\n$ cd magicRecon\n$ chmod +x install.sh\n$ ./install.sh\n```\n\n-------------------------------------\n\n# Configuration :wrench:\nTo configure MagicRecon tool you must open the `configuration.cfg` file and change variables defined by user data.\n\nIt is also important to correctly configure tools such as `Subfinder` and `Notify` to guarantee the correct functioning of magicRecon.\n\n\n-------------------------------------\n\n# Usage :eyes:\n**TARGET OPTIONS**\n \n| Parameter | Description |\n|------|-------------|\n| -d | Target domain |\n| -w | Wildcard domain |\n| -l | Target list  |\n \n**MODE OPTIONS**\n \n| Parameter | Description |\n|------|-------------|\n| -a, --all | All mode - Full scan with full target recognition and vulnerability scanning |\n| -p, --passive | Passive reconnaissance (Footprinting) - Performs only passive recon with multiple tools |\n| -x, --active | Active reconnaissance (Fingerprinting) - Performs only active recon with multiple tools |\n| -r, --recon | Reconnaissance - Perform active and passive reconnaissance |\n| -v, --vulnerabilities | Vulnerabilities - Check multiple vulnerabilities in the domain/list domains |\n| -m, --massive | Massive recon - Massive vulnerability analysis with repetitions every X seconds |\n \n**EXTRA OPTIONS**\n \n| Parameter | Description |\n|------|-------------|\n| -n, --notify | Notify - This option is used to receive notifications via Discord, Telegram or Slack |\n| -h, --help | Help - Show help |\n\n\n\n```\n./magicrecon.sh -h                 \n __  __             _      ____                      \n|  \\/  | __ _  __ _(_) ___|  _ \\ ___  ___ ___  _ __  \n| |\\/| |/ _` |/ _` | |/ __| |_) / _ \\/ __/ _ \\| '_ \\ \n| |  | | (_| | (_| | | (__|  _ \u003c  __/ (_| (_) | | | |\n|_|  |_|\\__,_|\\__, |_|\\___|_| \\_\\___|\\___\\___/|_| |_|\n              |___/                                  \nMagicRecon v.3.0 - Open Source Project | Author: Robotshell | Twitter: @robotshelld\n\n\nUSAGE\n./magicrecon.sh [-d domain.com] [-w domain.com] [-l listdomains.txt]\n                      [-a] [-p] [-x] [-r] [-v] [-m] [-n] [-h] \n\nTARGET OPTIONS\n   -d domain.com     Target domain\n   -w domain.com     Wildcard domain\n   -l list.txt       Target list\n \nMODE OPTIONS\n   -a, --all         All mode - Full scan with full target recognition and vulnerability scanning\n   -p, --passive     Passive reconnaissance (Footprinting) - Performs only passive recon with multiple tools\n   -x, --active      Active reconnaissance (Fingerprinting) - Performs only active recon with multiple tools\n   -r, --recon       Reconnaissance - Perform active and passive reconnaissance\n   -v, --vulnerabilities         Vulnerabilities - Check multiple vulnerabilities in the domain/list domains\n   -m, --massive     Massive recon - Massive vulnerability analysis with repetitions every X seconds\n \nEXTRA OPTIONS\n   -n, --notify      Notify - This option is used to receive notifications via Discord, Telegram or Slack\n   -h, --help                Help - Show this help\n\n```\n\n-------------------------------------\n# Example Usage :speak_no_evil:\n\n All:\n ```\n ./magicrecon.sh -d domain.com -a\n  ```\n Passive reconnaissance to a list of domains:\n  ```\n ./magicrecon.sh -l domainlist.txt -p\n  ```\n Active reconnaissance to a domain:\n  ```\n ./magicrecon.sh -d domain.com -x\n  ```\n \n Full reconnaissance:\n  ```\n ./magicrecon.sh -d domain.com -r\n  ```\n \n Full reconnaissance and vulnerabilities scanning:\n  ```\n ./magicrecon.sh -d domain.com -r -v\n  ```\n \n Full reconnaissance and vulnerabilities scanning to a wildcard:\n  ```\n ./magicrecon.sh -w domain.com \n  ```\n \n Massive reconnaissance and vulnerabilities scanning:\n  ```\n ./magicrecon.sh -w domain.com -m \n  ```\n\n-------------------------------------\n\n# Sample video: passive reconnaissance :movie_camera:\n\n![Example image](https://github.com/robotshell/magicRecon/blob/master/images/poc.gif)\n\n-------------------------------------\n\n# To do :mage_man:\n- [x] Change tool operation to parameters.\n- [x] Improve the use of Notify.  \n- [ ] Add new interesting tools to find more vulnerabilities.\n- [ ] Save results in other formats.\n- [ ] Save the results in a document as a report.\n- [ ] Check if the emails found by the tool are leaked. \n- [x] Integrate RobotScraper.\n\n-------------------------------------\n\n# Contribution \u0026 License :family:\n\nYou can contribute in following ways:\n\n- [Report bugs \u0026 add issues](https://github.com/robotshell/magicRecon/issues).\n- Fix something and open a pull request.\n- Give suggestions **(Ideas)** to make it better.\n- Spread the word.\n\n***MagicRecon*** is licensed under [GPL-3.0 License](https://github.com/robotshell/magicRecon/blob/master/LICENSE)\n\n-------------------------------------\n\n# Special thanks\n* Special Thanks to Mohd Shibli for his great contributions in the article [Fasten your Recon process using Shell Scripting](https://medium.com/bugbountywriteup/fasten-your-recon-process-using-shell-scripting-359800905d2a#id_token=eyJhbGciOiJSUzI1NiIsImtpZCI6ImRiMDJhYjMwZTBiNzViOGVjZDRmODE2YmI5ZTE5NzhmNjI4NDk4OTQiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20iLCJuYmYiOjE1NzQxODIxNTUsImF1ZCI6IjIxNjI5NjAzNTgzNC1rMWs2cWUwNjBzMnRwMmEyamFtNGxqZGNtczAwc3R0Zy5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsInN1YiI6IjEwNjQzNTQ3NTE5MTA1NzIzOTYzOSIsImVtYWlsIjoicm9ib3RzaGVsbGRAZ21haWwuY29tIiwiZW1haWxfdmVyaWZpZWQiOnRydWUsImF6cCI6IjIxNjI5NjAzNTgzNC1rMWs2cWUwNjBzMnRwMmEyamFtNGxqZGNtczAwc3R0Zy5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbSIsIm5hbWUiOiJSb2JvdCBTaGVsbCIsInBpY3R1cmUiOiJodHRwczovL2xoMy5nb29nbGV1c2VyY29udGVudC5jb20vYS0vQUF1RTdtQnhZZklJNndVLXQ5OVNxbzFlaElpc1E4dzY4a2VJbWZrbE4yOD1zOTYtYyIsImdpdmVuX25hbWUiOiJSb2JvdCIsImZhbWlseV9uYW1lIjoiU2hlbGwiLCJpYXQiOjE1NzQxODI0NTUsImV4cCI6MTU3NDE4NjA1NSwianRpIjoiODYzMTNhZTQ3YTQ5NjJiNTdhMTBlZDA0NGJhYWUyMGQwZWM2Y2FlNCJ9.obOev9FLt7DWW2NbSIbFwPoUC-vNFrf5nru--6uL6knW1S6CjjqXAP_D0sedfukNC0DcJnqQDz88Yh48ECppB4wEv0ozgunc9Yx24m5OiNaEKvWr0D2WJsMsV9yN7Vxt7gJxTeVIstCLvWDYCl_1JBrDvJ2eXF4V9yamk61KCqmwoAJMjXEpwaDuzITFPIZM9V-nTpIgnsBh-BCERYqAcUc7Si0IpRAlyM9YG78va7o0Pe_zYrt4NbV8Cl--BzAzrFOfhIOxvk3CYWRfc9lrSz09TJRCEn4q-rR9v7LVIboKJAedhbkr8ShClMru8xRsdfne3fRIzV1iZxNn4GuW6A) \n* Special Thanks to @KingOfBugbounty for his great contributions in the repository [KingOfBugBountyTips](https://github.com/KingOfBugbounty/KingOfBugBountyTips)\n* [@TomNomNom](https://twitter.com/TomNomNom)\n* [@pdiscoveryio](https://twitter.com/pdiscoveryio)\n* [@NahamSec](https://twitter.com/NahamSec)\n* [@s0md3v](https://twitter.com/s0md3v)\n* [@ofjaaah](https://twitter.com/ofjaaah)\n* [@KingOfBugbounty](https://twitter.com/KingOfBugbounty)\n-------------------------------------\n\n# Disclaimer\n\nThis tool is intended for educational and research purposes only. The author and contributors are not responsible for any misuse of this tool. Users are advised to use this tool responsibly and only on systems for which they have explicit permission. Unauthorized access to systems, networks, or data is illegal and unethical. Always obtain proper authorization before conducting any kind of activities that could impact other users or systems.\n","funding_links":["https://github.com/sponsors/robotshell","https://www.paypal.com/paypalme/robotshell"],"categories":["Shell","Shell (473)","bugbounty"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobotshell%2FmagicRecon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobotshell%2FmagicRecon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobotshell%2FmagicRecon/lists"}