This repository provides two Bash scripts for performing reconnaissance on websites and domains. They are ideal for security researchers, penetration testers, and DevSecOps professionals conducting footprinting or passive information gathering.
A simple and fast CLI tool that gathers basic domain and server information using native Linux tools.
- DNS lookups (A, AAAA, MX, CNAME, NS, SOA)
- Reverse DNS (PTR)
- WHOIS query
- HTTP header inspection
- IP geolocation via ipinfo.io
- Quick Nmap scan (common ports)
chmod +x domain_recon.sh
./domain_recon.sh example.comA comprehensive HTML report generator that automates the same recon tasks and formats them into a readable report (recon_report.html).
- All the same data as above
- Nicely styled HTML file
- Suitable for reporting and documentation
chmod +x domain_recon_report.sh
./domain_recon_report.sh example.com
xdg-open recon_report.html # or open manuallyInstall the following dependencies:
sudo apt install whois dnsutils curl nmapOptional (for advanced fingerprinting, not used by default):
whatwebsubfindergowitness
Use this toolkit to:
- Investigate a deployed web appβs configuration
- Conduct footprinting before active scanning
- Validate domain hosting and security header setup
- Document findings in a professional HTML report
MIT License. Feel free to modify and contribute.
Pull requests and feature suggestions are welcome!