Skip to content

MuzakirLone/ALLRECON

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

1 Commit
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

ALLRECON - Modern Bug Bounty Reconnaissance Framework

Version License Bash

ALLRECON is a comprehensive, modular reconnaissance framework designed for bug bounty hunters and security researchers. It automates the entire recon workflow with parallel execution, intelligent error handling, and extensive customization options.

πŸš€ Features

Core Capabilities

  • Modular Architecture: Clean separation of concerns with reusable modules
  • Parallel Execution: Run multiple tools simultaneously for 60-70% faster scans
  • Configuration System: YAML-based config with profiles (quick, deep)
  • Comprehensive Logging: Multiple log levels with file and console output
  • Error Handling: Graceful failure recovery and detailed error messages
  • Progress Tracking: Real-time progress indicators and job statistics

Reconnaissance Modules

πŸ” Subdomain Enumeration

  • crt.sh certificate transparency logs
  • SubFinder (passive subdomain discovery)
  • Assetfinder (cross-platform subdomain finder)
  • dnsx (brute-force and resolver)
  • DNS resolution and validation
  • HTTP/HTTPS service detection
  • Subdomain takeover detection (subzy, subjack)

πŸ“œ JavaScript Analysis

  • Multi-source JS file discovery (gau, waybackurls, katana, robots.txt)
  • Endpoint extraction (LinkFinder)
  • Secret detection (SecretFinder + custom regex)
  • API key extraction
  • GF pattern matching (API keys, AWS keys, sensitive data)

🌐 URL Collection

  • Historical URL gathering (gau, waybackurls)
  • URL validation (FFUF)
  • Custom wordlist generation
  • Parameter extraction
  • GF pattern matching (XSS, SQLi, LFI, SSRF, IDOR, etc.)

πŸ” Vulnerability Scanning

  • CORS misconfiguration detection
  • Nuclei - CVEs, vulnerabilities, misconfigurations
  • XSS - kxss + dalfox scanning
  • SQLi - SQLMap integration
  • LFI - Local file inclusion detection
  • Open Redirect - OpenRedireX scanning

πŸ“Š Reporting

  • Summary text reports
  • Scan statistics and metrics
  • File location mapping
  • Scan duration tracking

πŸ“¦ Installation

Prerequisites

  • Bash 4.0+
  • Go 1.19+ (for Go-based tools)
  • Python 3.6+ (for Python tools)
  • curl, jq, grep, sed, awk

Quick Start

# Clone or download ALLRECON
cd /path/to/ALLRECON

# Check dependencies
chmod +x install.sh
./install.sh --check

# Install missing tools
./install.sh --install

# Run ALLRECON
chmod +x allrecon.sh
./allrecon.sh

For detailed installation instructions, see INSTALLATION.md

🎯 Usage

Basic Usage

# Interactive menu (default)
./allrecon.sh

# Single domain reconnaissance
Select option [1] and enter domain: example.com

# Massive recon with subdomains
Select option [2] and enter domain: example.com

Advanced Usage

# Use custom configuration
./allrecon.sh --config my-config.yaml

# Use quick scan profile
./allrecon.sh --profile quick

# Enable debug logging
./allrecon.sh --log-level DEBUG

# Disable parallel execution
./allrecon.sh --no-parallel

# Disable colors (for piping)
./allrecon.sh --no-color

For more examples, see USAGE.md

πŸ“ Output Structure

example.com/
β”œβ”€β”€ domain_enum/          # Subdomain enumeration results
β”‚   β”œβ”€β”€ crt.txt
β”‚   β”œβ”€β”€ subfinder.txt
β”‚   β”œβ”€β”€ assetfinder.txt
β”‚   β”œβ”€β”€ dnsx.txt
β”‚   └── all.txt
β”œβ”€β”€ final_domains/        # Resolved and validated domains
β”‚   β”œβ”€β”€ domains.txt
β”‚   └── httpx.txt
β”œβ”€β”€ js/                   # JavaScript analysis
β”‚   β”œβ”€β”€ all_js.txt
β”‚   β”œβ”€β”€ endpoints.txt
β”‚   β”œβ”€β”€ secrets.txt
β”‚   └── api_keys.txt
β”œβ”€β”€ waybackurls/          # URL collection
β”‚   β”œβ”€β”€ wayback.txt
β”‚   └── valid.txt
β”œβ”€β”€ gf/                   # GF pattern results
β”‚   β”œβ”€β”€ xss.txt
β”‚   β”œβ”€β”€ sqli.txt
β”‚   └── lfi.txt
β”œβ”€β”€ vulnerabilities/      # Vulnerability scan results
β”‚   β”œβ”€β”€ cors/
β”‚   β”œβ”€β”€ xss_scan/
β”‚   β”œβ”€β”€ sqli/
β”‚   β”œβ”€β”€ LFI/
β”‚   └── openredirect/
β”œβ”€β”€ nuclei_scan/          # Nuclei results
β”‚   β”œβ”€β”€ cves.txt
β”‚   β”œβ”€β”€ vulnerabilities.txt
β”‚   └── misconfiguration.txt
β”œβ”€β”€ takeovers/            # Subdomain takeover results
└── report.txt            # Summary report

βš™οΈ Configuration

ALLRECON uses YAML configuration files for flexibility:

# config/default.yaml
scan:
  threads: 30
  timeout: 300
  parallel_enabled: true
  max_parallel_jobs: 5

logging:
  level: "INFO"
  file: "logs/allrecon.log"

Profiles

Quick Scan (--profile quick):

  • Fast, essential tools only
  • Limited to subfinder, httpx, nuclei
  • Timeout: 60s

Deep Scan (--profile deep):

  • Comprehensive, all tools
  • Increased parallelism
  • Timeout: 3600s

Create custom profiles in config/profiles/

πŸ”§ Technical Details

Architecture

allrecon.sh (Main Entry Point)
β”œβ”€β”€ lib/
β”‚   β”œβ”€β”€ colors.sh         # Color management
β”‚   β”œβ”€β”€ logger.sh         # Logging system
β”‚   β”œβ”€β”€ utils.sh          # Utility functions
β”‚   β”œβ”€β”€ parallel.sh       # Parallel execution
β”‚   β”œβ”€β”€ validators.sh     # Input validation
β”‚   └── config_parser.sh  # YAML config parser
└── modules/
    β”œβ”€β”€ subdomain_enum.sh # Subdomain discovery
    β”œβ”€β”€ js_analysis.sh    # JavaScript analysis
    β”œβ”€β”€ vuln_scan.sh      # Vulnerability scanning
    β”œβ”€β”€ url_collection.sh # URL gathering
    └── reporting.sh      # Report generation

Parallel Execution

ALLRECON can run multiple tools concurrently:

  • Job pooling with configurable max workers
  • Progress tracking
  • Timeout handling
  • Resource monitoring

πŸ“Έ Screenshots

image image image image

🀝 Contributing

Contributions are welcome! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Submit a pull request

πŸ“„ License

MIT License - See LICENSE file for details

πŸ‘€ Author

Muzakir Lone

πŸ™ Acknowledgments

Thanks to all the amazing tool creators:

  • ProjectDiscovery team (subfinder, httpx, nuclei, katana, dnsx)
  • Tom Hudson (assetfinder, gau, waybackurls, anew, qsreplace, unfurl, gf)
  • Various security researchers for specialized tools

πŸ“š Resources

⚠️ Disclaimer

This tool is for authorized security testing only. Always obtain proper permission before testing any systems you don't own.


Version 2.0.0 - Complete rewrite with modular architecture, parallel execution, and professional tooling.

About

No description, website, or topics provided.

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages