sinX
/
scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
scripts/README.md

3.7 KiB
Raw Permalink Blame History

DeadHydra Scripts Collection

Elite hacker tools and penetration testing scripts.

🎯 Recon Scanner

Advanced reconnaissance tool for penetration testing and security research.

Features

  • DNS Resolution - Resolve hostnames to IP addresses
  • Port Scanning - Multi-threaded TCP port scanning
  • Banner Grabbing - Service version detection
  • DNS Enumeration - Query all DNS record types
  • Subdomain Discovery - Brute-force subdomain enumeration
  • Web Technology Detection - Identify CMS, frameworks, libraries
  • WHOIS Lookup - Domain registration information
  • JSON Export - Structured output format

Installation

# Install dependencies
pip3 install dnspython requests urllib3

# Make script executable
chmod +x recon_scanner.py recon.sh

Usage

Quick Start

# Basic scan
./recon.sh -t example.com

# Quick scan (common ports only)
./recon.sh -t example.com --quick

# With output file
./recon.sh -t example.com -o results.json

Advanced Usage

# Full port scan (1-65535)
./recon.sh -t example.com --full

# Custom port range
./recon.sh -t 192.168.1.1 -p 1-1000

# Specific ports
./recon.sh -t example.com -p 22,80,443,8080

# Subdomain enumeration with custom wordlist
./recon.sh -t example.com --subdomains subdomains.txt

# Scan IP address
./recon.sh -t 192.168.1.1 --quick

Command Line Options

-t, --target TARGET       Target domain or IP address (required)
-p, --ports PORTS        Port range (e.g., 1-1000) or comma-separated
-o, --output OUTPUT      Output file for results (JSON format)
--subdomains WORDLIST    Subdomain wordlist file
--quick                  Quick scan (common ports only)
--full                   Full scan (all 65535 ports)

What It Scans

  1. Network Layer: IP resolution, reverse DNS
  2. Transport Layer: TCP port scanning (multi-threaded)
  3. Application Layer: HTTP/HTTPS, FTP, SSH, SMTP, MySQL, RDP, etc.
  4. DNS Infrastructure: A, AAAA, MX, NS, TXT, SOA, CNAME records
  5. Subdomain Discovery: Brute-force with customizable wordlists
  6. Web Stack: Server headers, CMS detection, framework identification
  7. Registration Data: WHOIS domain information

Output Format

Results are saved in JSON format with the following structure:

{
    "target": "example.com",
    "scan_time": "2025-11-07T00:00:00",
    "ip_addresses": ["93.184.216.34"],
    "open_ports": [80, 443],
    "services": [...],
    "subdomains": [...],
    "dns_records": {...},
    "web_technologies": {...}
}

Files

  • recon_scanner.py - Main scanner script
  • recon.sh - Convenience wrapper script
  • subdomains.txt - Default subdomain wordlist (100+ entries)

Examples

Scan a website

./recon.sh -t example.com -o example_scan.json

Quick security assessment

./recon.sh -t target.com --quick --subdomains subdomains.txt

Full infrastructure scan

./recon.sh -t target.com --full -o full_scan.json

Network range scan

./recon.sh -t 192.168.1.1 -p 1-1000

Security Notes

⚠️ Authorization Required: Only use this tool on systems you own or have explicit permission to test.

⚠️ Legal Compliance: Unauthorized port scanning and reconnaissance may be illegal in your jurisdiction.

⚠️ Ethical Usage: This tool is intended for:

  • Authorized penetration testing
  • Security research with permission
  • CTF competitions
  • Educational purposes
  • Testing your own infrastructure

Contributing

This is part of the DeadHydra Collective security toolkit. Contributions welcome!

License

MIT License - Use responsibly and ethically.

HACK THE PLANET // DeadHydra Collective