MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
GPL-3.0 License
MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
With Magic Recon you can perform passive and active reconnaissance, vulnerability analysis, subdomain scan and many more!
$ git clone https://github.com/robotshell/magicRecon
$ cd magicRecon
$ chmod +x install.sh
$ ./install.sh
To configure MagicRecon tool you must open the configuration.cfg
file and change variables defined by user data.
It is also important to correctly configure tools such as Subfinder
and Notify
to guarantee the correct functioning of magicRecon.
TARGET OPTIONS
Parameter | Description |
---|---|
-d | Target domain |
-w | Wildcard domain |
-l | Target list |
MODE OPTIONS
Parameter | Description |
---|---|
-a, --all | All mode - Full scan with full target recognition and vulnerability scanning |
-p, --passive | Passive reconnaissance (Footprinting) - Performs only passive recon with multiple tools |
-x, --active | Active reconnaissance (Fingerprinting) - Performs only active recon with multiple tools |
-r, --recon | Reconnaissance - Perform active and passive reconnaissance |
-v, --vulnerabilities | Vulnerabilities - Check multiple vulnerabilities in the domain/list domains |
-m, --massive | Massive recon - Massive vulnerability analysis with repetitions every X seconds |
EXTRA OPTIONS
Parameter | Description |
---|---|
-n, --notify | Notify - This option is used to receive notifications via Discord, Telegram or Slack |
-h, --help | Help - Show help |
./magicrecon.sh -h
__ __ _ ____
| \/ | __ _ __ _(_) ___| _ \ ___ ___ ___ _ __
| |\/| |/ _` |/ _` | |/ __| |_) / _ \/ __/ _ \| '_ \
| | | | (_| | (_| | | (__| _ < __/ (_| (_) | | | |
|_| |_|\__,_|\__, |_|\___|_| \_\___|\___\___/|_| |_|
|___/
MagicRecon v.3.0 - Open Source Project | Author: Robotshell | Twitter: @robotshelld
USAGE
./magicrecon.sh [-d domain.com] [-w domain.com] [-l listdomains.txt]
[-a] [-p] [-x] [-r] [-v] [-m] [-n] [-h]
TARGET OPTIONS
-d domain.com Target domain
-w domain.com Wildcard domain
-l list.txt Target list
MODE OPTIONS
-a, --all All mode - Full scan with full target recognition and vulnerability scanning
-p, --passive Passive reconnaissance (Footprinting) - Performs only passive recon with multiple tools
-x, --active Active reconnaissance (Fingerprinting) - Performs only active recon with multiple tools
-r, --recon Reconnaissance - Perform active and passive reconnaissance
-v, --vulnerabilities Vulnerabilities - Check multiple vulnerabilities in the domain/list domains
-m, --massive Massive recon - Massive vulnerability analysis with repetitions every X seconds
EXTRA OPTIONS
-n, --notify Notify - This option is used to receive notifications via Discord, Telegram or Slack
-h, --help Help - Show this help
All:
./magicrecon.sh -d domain.com -a
Passive reconnaissance to a list of domains:
./magicrecon.sh -l domainlist.txt -p
Active reconnaissance to a domain:
./magicrecon.sh -d domain.com -x
Full reconnaissance:
./magicrecon.sh -d domain.com -r
Full reconnaissance and vulnerabilities scanning:
./magicrecon.sh -d domain.com -r -v
Full reconnaissance and vulnerabilities scanning to a wildcard:
./magicrecon.sh -w domain.com
Massive reconnaissance and vulnerabilities scanning:
./magicrecon.sh -w domain.com -m
You can contribute in following ways:
MagicRecon is licensed under GPL-3.0 License
This tool is intended for educational and research purposes only. The author and contributors are not responsible for any misuse of this tool. Users are advised to use this tool responsibly and only on systems for which they have explicit permission. Unauthorized access to systems, networks, or data is illegal and unethical. Always obtain proper authorization before conducting any kind of activities that could impact other users or systems.