{"id":13389947,"url":"https://github.com/x1mdev/ReconPi","last_synced_at":"2025-03-13T14:32:16.191Z","repository":{"id":33726671,"uuid":"133430992","full_name":"x1mdev/ReconPi","owner":"x1mdev","description":"ReconPi - A lightweight recon tool that performs extensive scanning with the latest tools.","archived":false,"fork":false,"pushed_at":"2022-05-06T17:05:34.000Z","size":30682,"stargazers_count":722,"open_issues_count":8,"forks_count":112,"subscribers_count":27,"default_branch":"master","last_synced_at":"2025-03-08T17:55:42.677Z","etag":null,"topics":["docker","hacking","hacking-tool","hacktoberfest","nuclei","raspberry-pi","recon","recon-pi","shell"],"latest_commit_sha":null,"homepage":"https://x1m.nl/posts/recon-pi/","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/x1mdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-14T23:00:02.000Z","updated_at":"2025-03-08T15:59:45.000Z","dependencies_parsed_at":"2022-08-08T03:00:18.202Z","dependency_job_id":null,"html_url":"https://github.com/x1mdev/ReconPi","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x1mdev%2FReconPi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x1mdev%2FReconPi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x1mdev%2FReconPi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/x1mdev%2FReconPi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/x1mdev","download_url":"https://codeload.github.com/x1mdev/ReconPi/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243422697,"owners_count":20288503,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","hacking","hacking-tool","hacktoberfest","nuclei","raspberry-pi","recon","recon-pi","shell"],"created_at":"2024-07-30T13:01:41.774Z","updated_at":"2025-03-13T14:32:16.141Z","avatar_url":"https://github.com/x1mdev.png","language":"Shell","funding_links":[],"categories":["Shell","Shell (473)"],"sub_categories":[],"readme":"# Recon Pi\n\n```\n__________                          __________.__ \n\\______   \\ ____   ____  ____   ____\\______   \\__|\n |       _// __ \\_/ ___\\/  _ \\ /    \\|     ___/  |\n |    |   \\  ___/\\  \\__(  \u003c_\u003e )   |  \\    |   |  |\n |____|_  /\\___  \u003e\\___  \u003e____/|___|  /____|   |__|\n        \\/     \\/     \\/           \\/             \n                            \n\t\t\tv2.2 - @x1m_martijn \n```\n\nReconPi - A lightweight recon tool that performs extensive reconnaissance with the latest tools using a Raspberry Pi.\n\nStart using that Raspberry Pi -- I know you all have one laying around somewhere ;)\n\n\u003e Since version 2.1 ReconPi is usable on your VPS, thanks to [Sachin Grover](https://github.com/mavericknerd) for putting in a lot of work.\n\nThe latest [HypriotOS](https://blog.hypriot.com/downloads/) image works perfect for Raspberry Pi's!\n\n### Easy installation\n\nConnect to your ReconPi or VPS with SSH:\n\n`ssh pirate@192.168.2.16 [Edit IP address if needed]`\n\nCurl the `install.sh` script and run it:\n`curl -L https://raw.githubusercontent.com/x1mdev/ReconPi/master/install.sh | bash`\n\n### Manual installation\n\nConnect to your system with SSH:\n\n\n`$ ssh pirate@192.168.2.16 [Edit IP address if needed]`\n\nNow we can set up everything, it's quite simple:\n\n - `git clone https://github.com/x1mdev/ReconPi.git`\n - `cd ReconPi`\n - `./install.sh`\n\nGrab a cup of coffee since this will take a while.\n\n## Usage\n\nAfter installing all of the dependencies for the ReconPi you can finally start doing some recon!\n\n```\n$ recon \u003cdomain.tld\u003e\n```\n\n`recon.sh` will first gather resolvers for the given target, followed by subdomain enumeration and checking those assets for potential subdomain takeover. When this is done the IP addresses of the target are enumerated. Open ports will be discovered accompanied by a service scan provided by Nmap.\n\n[Nuclei](https://github) and its templates have been implemented in the routine!\n\nFinally the live targets will be screenshotted and evaluated to discover endpoints.\n\nResults will be stored on the Recon Pi and can be viewed by running `python -m SimpleHTTPServer 1337\" in your results directory. Your results will be accessible from any system with a browser that exists in the same network. \n\nMake sure to add your SLACK token to the tokens.txt file if you want to get slack notification after the completion of recon process.\n\n## Sample Token.txt ($HOME/ReconPi/configs/tokens.txt)\n\n```\ngithub_subdomains_token=\"\"\nSLACK_WEBHOOK_URL=\"https://hooks.slack.com/services/xxx/xxx/xxx\"\nfindomain_spyse_token=\"\"\nfindomain_virustotal_token=\"\"\nfindomain_securitytrails_token=\"\"\nCHAOS_KEY=\"\"\nhackerhandle=\"reconpi\"\n```\n\n## Config Files (Note: config file for amass, subfinder and naabu are stored inside ReconPi/configs/ folder, provide your api keys in these files)\n\n**Input your API keys in these files to get better results**\n\nSubfinder Config file path : $HOME/ReconPi/configs/config.yaml\n\nAmass Config file path : $HOME/ReconPi/configs/config.ini\n\nWe have added a `$hackerhandle` which is used in the nuclei scans. An additional `x-bug-bounty: reconpi` header will be added, please update this with your own handle :) \n\n## Scripts\n\n- Script folder contains a script named **daily** which can be used as a cronjob to run subdomain enumeration automatically.\n\n- Methodology is to take already enumerated subdomains as input and use amass on top of them, then track their last 2 result, and alert new subdomains on slack.\n\n## Tools\n\nTools that will be installed:\n- [Go](https://github.com/golang)\n- [Subfinder](https://github.com/projectdiscovery/subfinder/cmd/subfinder)\n- [Subjack](https://github.com/haccer/subjack)\n- [Aquatone](https://github.com/michenriksen/aquatone)\n- [httprobe](https://github.com/tomnomnom/httprobe)\n- [assetfinder](https://github.com/tomnomnom/assetfinder)\n- [meg](https://github.com/tomnomnom/meg)\n- [tojson](https://github.com/tomnomnom/hacks/tojson)\n- [unfurl](https://github.com/tomnomnom/unfurl)\n- [gf](https://github.com/tomnomnom/gf)\n- [anew](https://github.com/tomnomnom/anew)\n- [qsreplace](https://github.com/tomnomnom/qsreplace)\n- [ffuf](https://github.com/ffuf/ffuf)\n- [gobuster](https://github.com/OJ/gobuster)\n- [amass](https://github.com/OWASP/Amass)\n- [getJS](https://github.com/003random/getJS)\n- [gau](https://github.com/lc/gau)\n- [shuffledns](https://github.com/projectdiscovery/shuffledns/cmd/shuffledns)\n- [dnsprobe](https://github.com/projectdiscovery/dnsprobe)\n- [naabu](https://github.com/projectdiscovery/naabu/cmd/naabu)\n- [nuclei](https://github.com/projectdiscovery/nuclei/cmd/nuclei)\n- [nuclei-template](https://github.com/projectdiscovery/nuclei-templates)\n- [cf-check](https://github.com/dwisiswant0/cf-check)\n- [massdns](https://github.com/blechschmidt/massdns)\n- [jq](https://stedolan.github.io/jq/)\n- [masscan](https://github.com/robertdavidgraham/masscan)\n- [Corsy](https://github.com/s0md3v/Corsy)\n- [Arjun](https://github.com/s0md3v/Arjun)\n- [Diggy](https://github.com/s0md3v/Diggy)\n- [Dnsgen](https://github.com/ProjectAnte/dnsgen)\n- [Sublert](https://github.com/yassineaboukir/sublert)\n- [Findomain](https://github.com/Edu4rdSHL/findomain)\n- [github-subdomain](https://raw.githubusercontent.com/gwen001/github-search/master/github-subdomains.py)\n- [linkfinder](https://github.com/GerbenJavado/LinkFinder)\n- [bass](https://github.com/Abss0x7tbh/bass)\n- [interlace](https://github.com/codingo/Interlace)\n- [nmap](https://nmap.org)\n- [Seclist](https://github.com/danielmiessler/SecList)\n- [Dirsearch](https://github.com/maurosoria/dirsearch)\n- [Dalfox](https://github.com/hahwul/dalfox)\n- [Hakrawler](https://github.com/hakluke/hakrawler)\n- [Naabu](https://github.com/projectdiscovery/naabu)\n- [chaos](https://github.com/projectdiscovery/chaos-client)\n- [httpx](https://github.com/projectdiscovery/httpx)\n- [altdns](https://github.com/infosec-au/altdns)\n\n## Methodology\n- gatherResolvers\n- gatherSubdomains\n- checkTakeovers\n- getCNAME\n- gatherIPs\n- gatherScreenshots\n- startMeg\n- fetchArchive\n- fetchEndpoints\n- runNuclei\n- portScan\n- notifySlack\n\n**Subdomain Enumeration:**\n- Sublert\n- Subfinder\n- assetfinder\n- amass\n- findomain (Add findomain sources token to get better result)\n- chaos dataset\n- github-subdomains\n- dns.bufferover.run\n- Mutate above Subdomains using commonspeak subdomain list\n\n- Combine and Sort above result -\u003e Use shuffledns to resolve -\u003e dnsgen(to mutate) -\u003e httprobe (to get alive hosts)\n\n- Check takeover using subjack and nuclei\n\n- Get CNAME to check manually for takeovers\n\n- Use dnsprobe to gather IP, ignore if they fall in cloudflare ip range\n\n- Do masscan and then nmap scan on them, also use http-title and vulners script.\n\n- Take Screenshot for visual recon\n\n- Use gau to to get archive urls, get paramlist, jsurls, phpurls, aspxurls, and jspurls in there own files.\n\n- Get Endpoints using Linkfinder\n\n- Run Nuclei Scripts on alive hosts\n\n- Notify on Slack channel if token is specified.\n\n- Directory Buteforcing (Not enabled, as it takes long time, it is better to do manually)\n\nMore tools will be added in the future, feel free to make a pull request!\n\n## Contributors\n\n  - [Sachin Grover](https://github.com/mavericknerd) (Twitter: @mavericknerd)\n  - [Damian Ebelties](https://github.com/ebelties)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fx1mdev%2FReconPi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fx1mdev%2FReconPi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fx1mdev%2FReconPi/lists"}