Advanced Bug Bounty Reconnaissance Framework
⚡ Advanced Bug Bounty Reconnaissance Framework
Built for speed, automation, and real-world security workflows
---
## 🚀 Overview
**KAYSOCIETY (kay_recon) ** is a powerful, multi-threaded reconnaissance tool designed for bug bounty hunters and penetration testers.
It automates the full recon pipeline — from subdomain discovery to vulnerability indicators — while maintaining a clean and professional CLI interface.
---
## 🎯 Features
* 🔍 Subdomain Enumeration (Subfinder)
* 🌐 Live Host Detection (httpx)
* 🕸️ URL Crawling (Katana)
* 📜 JavaScript Analysis & Secret Detection
* 🔎 Endpoint Extraction from JS
* ⚔️ Parameter Discovery (Fuzzing)
* 💉 XSS Reflection Detection (Light)
* 🚨 Subdomain Takeover Detection(Light)
* 🧠 Vulnerability Hint Engine(Super Investigation)
* 🎯 Target Prioritization (High-value endpoints)
* ⚡ Multi-threaded scanning (Speed Mode)
* 📊 HTML Report Generation (Super-Clean)
---
## ⚙️ Installation
### 1. Clone the Repository
git clone https://github.com/kaysociety/kay_recon.git
cd kay_recon
---
### 2. Run Installer
chmod +x install.sh
./install.sh
chmod +x kay_recon
---
## 🧪 Usage
### Basic Scan
python3 kay_recon.py example.com
---
### Speed Mode (Threads)
python3 kay_recon.py example.com --threads 20
⚠️ Recommended: 10–20 threads to avoid blocking
---
## 📂 Output Structure
### 📁 output/
| File | Description |
| -------------- | --------------------- |
| subdomains.txt | Discovered subdomains |
| live.txt | Active hosts |
| urls.txt | Crawled URLs |
| js.txt | JavaScript files |
| endpoints.txt | Extracted endpoints |
| param_fuzz.txt | Parameter discovery |
| xss.txt | XSS reflection hints |
| takeover.txt | Takeover candidates |
| secrets.txt | API keys / tokens |
| hints.txt | Vulnerability hints |
| priority.txt | High-value targets |
| risk.txt | Risk summary |
---
### 📁 reports/
* target_report.html → Visual recon report
Run Command on Terminal to view html report<<
->firefox target_report.html
---
## 🖥️ CLI Preview
\[➤] Subdomains
✔ SUCCESS Completed in 2.1s
\[➤] Live Hosts
✔ SUCCESS Completed in 1.3s
==============================
  ✔ SCAN COMPLETED
==============================
Target: example.com
---
## 🧠 Workflow
ReconX follows a structured pipeline:
1. Recon → Subdomains + Live hosts
2. Discovery → URLs + JS files
3. Analysis → Params + Endpoints + Secrets
4. Detection → XSS + Takeover + Hints
5. Reporting → Risk + HTML output
---
##
This tool is for **educational and authorized security testing only**.
* ✅ Use on Penetration Testing programs
* ✅ Use on bug bounty programs
* ✅ Use on assets you own
* ✅ Use on your Homelab
* ❌ Do NOT scan unauthorized targets
---
## 👨💻 Author
**Karabo Kosi**
Penetration Tester| Ethical Hacker| Bug Bounty Hunter | Cybersecurity Eng |
---
## ⭐ Support
If you like this project:
* ⭐ Star the repo
* 🍴 Fork it
* 🧠 Contribute ideas
---
## 🔥 Future Improvements
* Nuclei integration
* Advanced vulnerability detection
* Dashboard UI (Web-based)
* Automated reporting (PDF)
---
## 💀 KAYSOCIETY
"Top 1% of the 1% underground hackers"
“Recon is where the real hacking begins.”
## ⭐ SCREENSHOTS OF A REAL-WORLD PENETRATION TEST RECONNAISSANCE
## ⭐ SCREENSHOTS OF THE CLEAN REPORT PRODUCED BY THE TOOL
