https://github.com/ivan-sincek/auto-recon
Not another auto-reconnaissance framework.
https://github.com/ivan-sincek/auto-recon
bug-bounty ethical-hacking offensive-security open-source-intelligence osint penetration-testing python reconnaissance red-team-engagement security threat-intelligence web-penetration-testing
Last synced: about 1 month ago
JSON representation
Not another auto-reconnaissance framework.
- Host: GitHub
- URL: https://github.com/ivan-sincek/auto-recon
- Owner: ivan-sincek
- License: mit
- Created: 2021-07-05T10:26:47.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2025-06-09T20:30:53.000Z (11 months ago)
- Last Synced: 2026-02-21T11:59:36.900Z (2 months ago)
- Topics: bug-bounty, ethical-hacking, offensive-security, open-source-intelligence, osint, penetration-testing, python, reconnaissance, red-team-engagement, security, threat-intelligence, web-penetration-testing
- Language: Python
- Homepage:
- Size: 503 KB
- Stars: 2
- Watchers: 0
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Auto Recon
A custom-built OSINT framework, which is designed to streamline and automate various reconnaissance tasks.
This tool requires significant setup and configuration and will likely not work out of the box unless it is built and installed from the Dockerfile.
The following information is collected:
* [TXT files](https://github.com/ivan-sincek/auto-recon/blob/main/src/auto_recon/utils/config.py#L32)
* [JSON files](https://github.com/ivan-sincek/auto-recon/blob/main/src/auto_recon/utils/config.py#L93)
The list of tools used can be found [here](https://github.com/ivan-sincek/auto-recon/blob/main/src/auto_recon/utils/config.py#L159).
## Table of Contents
* [How to Install](#how-to-install)
* [Build and Install From Dockerfile](#build-and-install-from-the-dockerfile)
* [How to Run](#how-to-run)
* [Usage](#usage)
* [Images](#images)
## How to Install
### Build and Install From the Dockerfile
```bash
git clone https://github.com/ivan-sincek/auto-recon && cd auto-recon
docker build --no-cache -t auto-recon:1.1.0 .
```
## How to Run
```bash
mkdir workdir # place all your wordlists here
docker run --rm -it -v "./workdir:/home/auto-recon" auto-recon:1.1.0 -d example.com -o results
docker run --rm -it -v "./workdir:/home/auto-recon" auto-recon:1.1.0 -d example.com -o results -s subdomains.txt -r resolvers.txt -w wordlist.txt
```
## Usage
```fundamental
Auto Recon v1.1.0 ( github.com/ivan-sincek/auto-recon )
Usage: auto-recon -d domain -o out [-s subdomains ] [-r resolvers ] [-w wordlist ]
Example: auto-recon -d example.com -o results [-s subdomains.txt] [-r resolvers.txt] [-w wordlist.txt]
DESCRIPTION
Not another auto-reconnaissance framework
DOMAIN
Fully qualified domain name to search
-d, --domain = example.com | etc.
EXCLUSIONS
File containing [wildcard] domains, subdomains, and IPs to exclude from the scope
If restoring a session, the exclusions file from the output directory has priority over the specified file
-e, --exclusions = exclusions.txt | etc.
NO FILTERING
Do not limit the scope to the FQDN
Exclusions are still being respected
-nf, --no-filtering
SUBDOMAINS
File containing subdomains to brute force DNS records
-s, --subdomains = subdomains.txt | etc.
RESOLVERS
File containing trusted DNS resolvers to resolve DNS records
-r, --resolvers = resolvers.txt | etc.
WORDLIST
Wordlist to brute force URL paths
-w, --wordlist = wordlist.txt | etc.
COLLABORATOR
Collaborator URL
-c, --collaborator = https://xyz.interact.sh | https://xyz.burpcollaborator.net | etc.
THREADS
Number of parallel tools to run per stage
Default: 5
-th, --threads = 10 | etc.
OUT
Output directory
-o, --out = results | etc.
RESTORE SESSION
Restore the session from the last breakpoint
-rs, --restore-session
```
## Images
Figure 1 - Runtime
Figure 2 - Collected Results
Figure 3 - Specific Results Example