Reconas is a powerful and customizable reconnaissance tool designed to assist in information gathering and vulnerability assessment during security assessments and bug hunting. It provides a comprehensive set of features and modules that automate various reconnaissance tasks, helping security professionals gather valuable intelligence about target systems and identify potential vulnerabilities.

• Getting domain IP.
• Gathering all DNS records.
• Performing DNS enumeration.
• Scanning for DNS zone transfer.
• Collecting emails.
• Identifying domain technologies.
• Gathering information about the domain.
• Collecting subdomains.
• Extracting live subdomains.
• Converting live subdomains into IP addresses.
• Conducting port scanning on IP addresses.
• Utilizing Shodan dorks.
• Utilizing GitHub dorks.
• Scanning for CORS misconfiguration.
• Scanning for subdomain takeover.
• Scanning for CRLF injection.

• Obtaining IP addresses of subdomains.
• Performing directory fuzzing.
• Performing backup files fuzzing.
• Collecting parameters using ParamSpider and Arjun.
• Gathering all links from the Wayback Machine.
• Extracting and scanning JavaScript (JS) files.
• Scanning for Cross-Site Scripting (XSS).
• Collecting possible vulnerable parameters with xss,sqli,lfi,ssrf, and open redirect.
• Conducting port scanning.
• Running Nuclei on collected parameters.

• whois
• dig
• host
• dnsrecon
• whatweb
• emailharvester
• subfinder
• assetfinder
• amass
• naabu
• nmap
• gitdorks_go
• corscanner
• crlfuzz
• subzy
• dirsearch
• arjun
• paramspider
• nuclei
• waybackurls
• kxss
• gf
• gf-patterns
• subjs

• Improving the performance of the code.
• Shodan dorking.
• Google dorking.
• Saving the results of each function in a single directory.
• Saving the results of each command in a single file.
• Cheking required tools.
• Installing non existed tools.

git clone https://github.com/0x0anas/reconas.git
cd reconas/
sudo chmod +x setup.sh reconas.sh
sudo ./setup.sh
pip3 install -r dorks_hunter/requirements.txt
echo "Your_Github_Token" > files/token.txt
./reconas -h

./reconas.sh -h This will display the help menu, providing an overview of the available options and their usage.

• The -t option is required for GitHub dorking.
• Specify the target domain by using the -d flag followed by the domain name and -t flag followed by your github token file path. For example:

sudo ./reconas.sh -d domain.com -t files/token.txt

• The -s option is required alone to perform reconnaissance on this subdomain.
• Specify the target subdomain by using -s flag followed by the subdomain name. For example:

sudo ./reconas.sh -s sub.domain.com