# DeadHydra Scripts Collection Elite hacker tools and penetration testing scripts. ## 🎯 Recon Scanner Advanced reconnaissance tool for penetration testing and security research. ### Features - **DNS Resolution** - Resolve hostnames to IP addresses - **Port Scanning** - Multi-threaded TCP port scanning - **Banner Grabbing** - Service version detection - **DNS Enumeration** - Query all DNS record types - **Subdomain Discovery** - Brute-force subdomain enumeration - **Web Technology Detection** - Identify CMS, frameworks, libraries - **WHOIS Lookup** - Domain registration information - **JSON Export** - Structured output format ### Installation ```bash # Install dependencies pip3 install dnspython requests urllib3 # Make script executable chmod +x recon_scanner.py recon.sh ``` ### Usage #### Quick Start ```bash # Basic scan ./recon.sh -t example.com # Quick scan (common ports only) ./recon.sh -t example.com --quick # With output file ./recon.sh -t example.com -o results.json ``` #### Advanced Usage ```bash # Full port scan (1-65535) ./recon.sh -t example.com --full # Custom port range ./recon.sh -t 192.168.1.1 -p 1-1000 # Specific ports ./recon.sh -t example.com -p 22,80,443,8080 # Subdomain enumeration with custom wordlist ./recon.sh -t example.com --subdomains subdomains.txt # Scan IP address ./recon.sh -t 192.168.1.1 --quick ``` ### Command Line Options ``` -t, --target TARGET Target domain or IP address (required) -p, --ports PORTS Port range (e.g., 1-1000) or comma-separated -o, --output OUTPUT Output file for results (JSON format) --subdomains WORDLIST Subdomain wordlist file --quick Quick scan (common ports only) --full Full scan (all 65535 ports) ``` ### What It Scans 1. **Network Layer**: IP resolution, reverse DNS 2. **Transport Layer**: TCP port scanning (multi-threaded) 3. **Application Layer**: HTTP/HTTPS, FTP, SSH, SMTP, MySQL, RDP, etc. 4. **DNS Infrastructure**: A, AAAA, MX, NS, TXT, SOA, CNAME records 5. **Subdomain Discovery**: Brute-force with customizable wordlists 6. **Web Stack**: Server headers, CMS detection, framework identification 7. **Registration Data**: WHOIS domain information ### Output Format Results are saved in JSON format with the following structure: ```json { "target": "example.com", "scan_time": "2025-11-07T00:00:00", "ip_addresses": ["93.184.216.34"], "open_ports": [80, 443], "services": [...], "subdomains": [...], "dns_records": {...}, "web_technologies": {...} } ``` ### Files - `recon_scanner.py` - Main scanner script - `recon.sh` - Convenience wrapper script - `subdomains.txt` - Default subdomain wordlist (100+ entries) ### Examples #### Scan a website ```bash ./recon.sh -t example.com -o example_scan.json ``` #### Quick security assessment ```bash ./recon.sh -t target.com --quick --subdomains subdomains.txt ``` #### Full infrastructure scan ```bash ./recon.sh -t target.com --full -o full_scan.json ``` #### Network range scan ```bash ./recon.sh -t 192.168.1.1 -p 1-1000 ``` ### Security Notes ⚠️ **Authorization Required**: Only use this tool on systems you own or have explicit permission to test. ⚠️ **Legal Compliance**: Unauthorized port scanning and reconnaissance may be illegal in your jurisdiction. ⚠️ **Ethical Usage**: This tool is intended for: - Authorized penetration testing - Security research with permission - CTF competitions - Educational purposes - Testing your own infrastructure ### Contributing This is part of the DeadHydra Collective security toolkit. Contributions welcome! ## License MIT License - Use responsibly and ethically. --- **HACK THE PLANET** // DeadHydra Collective