About:
This script is intended to automate your reconnaissance process in an organized fashion by performing the following:
[*]Create a dated folder with recon notes
[*]Grab subdomains using Sublist3r and certspotter
[*]Grab a screenshot of responsive hosts
[*]Grab the response header
[*]Perform nmap
[*]Perform dirsearch
[*]Generate a HTML report with output from the tools above
[*]Color coding in report.html for easier reading
[*]Massdns subdomain discovery
[*]Massdns crt.sh subdomain discovery
[*]Find dead dns records
[*]Notify for possible NS Subdomain takeover
[*]Improved reporting and less output while doing the work
[*]Find ip address space of target company
Requirements:
This requires Bug Bounty Hunting Tools in order for the tools to work.
This requires Massdns installed in the root directory https://github.com/blechschmidt/massdns
Get Asnlookup tool from https://github.com/yassineaboukir/asnlookup and install it into ~/tools/
Make sure you download all.zip and unzip it before using the script the file all.txt is a huge wordlist used by massdns.
Usage:
[su_quote]./lazyrecon.sh -d target.com[/su_quote]
DOWNLOAD: https://github.com/plenumlab/lazyrecon
