# recon.sh

\#!/bin/bash

## Colors for formatting output

green="\e\[32m" yellow="\e\[33m" red="\e\[31m" reset="\e\[0m"

## Starting Findomain

echo -e "${green}\[+] Starting Findomain \[+]${reset}" findomain -t "$1" | anew findomain.txt -silent

## Starting Assetfinder

echo -e "${green}\[+] Starting Assetfinder \[+]${reset}" assetfinder -subs-only "$1" | sed 's/".//g' | anew assetfinder.txt

## Starting Subfinder

echo -e "${green}\[+] Starting Subfinder \[+]${reset}" subfinder -d "$1" -silent -all | anew subfinder.txt

## Starting GitHub Subdomains Enumeration

echo -e "${green}\[+] Starting GitHub Subdomains Enumeration \[+]${reset}" #python3 /root/tools/github-search/github-subdomains.py -t ghp\_WcICEZChnSC8iza)iskBIOMLIEDPAMTAVL -d "$1" | anew github.txt

## Starting Permutation of Subdomains / Bruteforcing

echo -e "${yellow}\[+] Starting Permutation of Subdomains / Bruteforcing \[+]${reset}" #shuffledns -d "$1" -u \~/bugbounty/lists/all.txt -r \~/bugbounty/lists/resolvers.txt | anew shuffledns.txt

## Removing Duplicates

echo -e "${red}\[-] Removing Duplicates \[-]${reset}" cat findomain.txt subfinder.txt assetfinder.txt github.txt shuffledns.txt | sort -u > subdomains.txt

## Removing Temporary Files

echo -e "${red}\[-] Removing Temporary Files \[-]${reset}" rm -f findomain.txt subfinder.txt assetfinder.txt github.txt

## Notify the number of subdomains found

subdomains\_count=$(cat subdomains.txt | wc -l) echo "Recon completed, $subdomains\_count subdomains found" | notify -silent

## Port Scanning & IP Enumeration

echo -e "${green}\[+] Port Scanning & IP Enumeration \[+]${reset}" dnsx -l subdomains.txt -resp -silent | awk '{print $2}' | tr -d '\[]' | anew ips.txt masscan -iL ips.txt -p0-65535 -oG masscan\_output.txt > /dev/null grep -oP '\d{1,5}/open' masscan\_output.txt | cut -d '/' -f 1 | sort -nu > open\_ports.txt

## Check for active ports with HTTP response

echo "\[+] Ports and IPs found:" echo "- $(cat ips.txt | wc -l) IPs found" echo "- $(cat open\_ports.txt | wc -l) ports found" httpx -l open\_ports.txt -silent -status-code | anew http\_ports.txt

## Notify the number of active ports

echo "- $(cat http\_ports.txt | wc -l) active ports" | notify -silent

## Checking for alive subdomains

echo -e "${yellow}\[=] Checking for alive subdomains \[<]${reset}" cat subdomains.txt | httpx -status-code -ac 260 -silent | anew alive\_subdomains.txt echo "We have $(cat alive\_subdomains.txt | wc -l) active subdomains" | notify -silent

echo "Recon script completed!"


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://morgan-bin-bash.gitbook.io/scripts-and-codes-pentester/recon.sh.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.