sinX
/
scripts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
scripts/README.md

154 lines
3.7 KiB
Markdown
Raw Permalink Blame History

# DeadHydra Scripts Collection
Elite hacker tools and penetration testing scripts.
## 🎯 Recon Scanner
Advanced reconnaissance tool for penetration testing and security research.
### Features
- **DNS Resolution** - Resolve hostnames to IP addresses
- **Port Scanning** - Multi-threaded TCP port scanning
- **Banner Grabbing** - Service version detection
- **DNS Enumeration** - Query all DNS record types
- **Subdomain Discovery** - Brute-force subdomain enumeration
- **Web Technology Detection** - Identify CMS, frameworks, libraries
- **WHOIS Lookup** - Domain registration information
- **JSON Export** - Structured output format
### Installation
```bash
# Install dependencies
pip3 install dnspython requests urllib3
# Make script executable
chmod +x recon_scanner.py recon.sh
```
### Usage
#### Quick Start
```bash
# Basic scan
./recon.sh -t example.com
# Quick scan (common ports only)
./recon.sh -t example.com --quick
# With output file
./recon.sh -t example.com -o results.json
```
#### Advanced Usage
```bash
# Full port scan (1-65535)
./recon.sh -t example.com --full
# Custom port range
./recon.sh -t 192.168.1.1 -p 1-1000
# Specific ports
./recon.sh -t example.com -p 22,80,443,8080
# Subdomain enumeration with custom wordlist
./recon.sh -t example.com --subdomains subdomains.txt
# Scan IP address
./recon.sh -t 192.168.1.1 --quick
```
### Command Line Options
```
-t, --target TARGET Target domain or IP address (required)
-p, --ports PORTS Port range (e.g., 1-1000) or comma-separated
-o, --output OUTPUT Output file for results (JSON format)
--subdomains WORDLIST Subdomain wordlist file
--quick Quick scan (common ports only)
--full Full scan (all 65535 ports)
```
### What It Scans
1. **Network Layer**: IP resolution, reverse DNS
2. **Transport Layer**: TCP port scanning (multi-threaded)
3. **Application Layer**: HTTP/HTTPS, FTP, SSH, SMTP, MySQL, RDP, etc.
4. **DNS Infrastructure**: A, AAAA, MX, NS, TXT, SOA, CNAME records
5. **Subdomain Discovery**: Brute-force with customizable wordlists
6. **Web Stack**: Server headers, CMS detection, framework identification
7. **Registration Data**: WHOIS domain information
### Output Format
Results are saved in JSON format with the following structure:
```json
{
"target": "example.com",
"scan_time": "2025-11-07T00:00:00",
"ip_addresses": ["93.184.216.34"],
"open_ports": [80, 443],
"services": [...],
"subdomains": [...],
"dns_records": {...},
"web_technologies": {...}
}
```
### Files
- `recon_scanner.py` - Main scanner script
- `recon.sh` - Convenience wrapper script
- `subdomains.txt` - Default subdomain wordlist (100+ entries)
### Examples
#### Scan a website
```bash
./recon.sh -t example.com -o example_scan.json
```
#### Quick security assessment
```bash
./recon.sh -t target.com --quick --subdomains subdomains.txt
```
#### Full infrastructure scan
```bash
./recon.sh -t target.com --full -o full_scan.json
```
#### Network range scan
```bash
./recon.sh -t 192.168.1.1 -p 1-1000
```
### Security Notes
⚠️ **Authorization Required**: Only use this tool on systems you own or have explicit permission to test.
⚠️ **Legal Compliance**: Unauthorized port scanning and reconnaissance may be illegal in your jurisdiction.
⚠️ **Ethical Usage**: This tool is intended for:
- Authorized penetration testing
- Security research with permission
- CTF competitions
- Educational purposes
- Testing your own infrastructure
### Contributing
This is part of the DeadHydra Collective security toolkit. Contributions welcome!
## License
MIT License - Use responsibly and ethically.
---
**HACK THE PLANET** // DeadHydra Collective
Reference in New Issue View Git Blame Copy Permalink