Merge pull request #5 from plenumlab/dev/upgrade

New version of lazyrecon
nahamsec · Jul 29, 2019 · a197a4e · a197a4e
2 parents 27f8e0a + 521391a
commit a197a4e
Show file tree

Hide file tree

Showing 5 changed files with 347 additions and 227 deletions.
diff --git a/README.MD b/README.MD
@@ -10,48 +10,74 @@
 # Usage
 
 `./lazyrecon.sh -d target.com`
-![Example Output](https://github.com/plenumlab/lazyrecon/blob/master/lazyrecon2.jpg)
-
-# LazyRecon is now powered by Massdns and can pull way more subdomains than you think
-Subdomain discovery using Sublist3r, certspotter, crt.sh and massdns
 
 # About
 
-This script is intended to automate your reconnaissance process in an organized fashion by performing the following:
+LazyRecon is a script written in Bash, it is intended to automate some tedious tasks of reconnaissance and information gathering.
+This tool allows you to gather some information that should help you identify what to do next and where to look.
+
 
+# Main Features 
 - Create a dated folder with recon notes
-- Grab subdomains using Sublist3r and certspotter
-- Grab a screenshot of responsive hosts 
-- Grab the response header
-- Perform nmap 
-- Perform dirsearch 
+- Grab subdomains using:
+
+      * Sublist3r, certspotter and cert.sh
+      * Dns bruteforcing using massdns
+      
+- Find any CNAME records pointing to unused cloud services like aws
+- Probe for live hosts over ports 80/443
+- Grab a screenshots of responsive hosts 
+- Scrape wayback for data:
+
+      * Extract javascript files
+      * Build custom parameter wordlist, ready to be loaded later into Burp intruder or any other tool
+      * Extract any urls with .jsp, .php or .aspx and store them for further inspection
+      
+- Perform nmap on specific ports 
+- Get dns information about every subdomain
+- Perform dirsearch for all subdomains 
 - Generate a HTML report with output from the tools above
-- Color coding in report.html for easier reading
+- Improved reporting and less output while doing the work
+- Dark mode for html reports
 
 
+# New features
+- Directory search module is now MULTITHREADED (up to 10 subdomains scanned at a time)
+- Enhanced html reports with the ability to search for strings, endpoints, reponse sizes or status codes
+
+# DEMO
+![cli output](https://github.com/plenumlab/lazyrecon/raw/dev/upgrade/recon.gif)
+=================================================================================
+![report demo](https://github.com/plenumlab/lazyrecon/raw/dev/upgrade/report.gif)
 
-# Added features
-- Massdns subdomain discovery
-- Massdns crt.sh subdomain discovery
-- Find dead dns records 
-- Notify for possible NS Subdomain takeover
-- Improved reporting and less output while doing the work
-- Find ip address space of target company
 
-# Requirements
-This requires [Bug Bounty Hunting Tools](https://github.com/nahamsec/bbht) in order for the tools to work. 
+# Installation & Requirements
+- Download the install script from https://github.com/nahamsec/bbht.
+- Go version 1.10 or later.
 
-This requires Massdns installed in the root directory https://github.com/blechschmidt/massdns.
+### System Requirements
+- Recommended to run on vps with 1VCPU and 2GB ram.
 
-Get Asnlookup tool from https://github.com/yassineaboukir/asnlookup and install it into ~/tools/
 
-Make sure you download all.zip and unzip it before using the script the file all.txt is a huge wordlist used by massdns.
+
+# Authors and Thanks
+This script makes use of tools developped by the following people
+- [Tom Hudson - Tomonomnom](https://github.com/tomnomnom)
+- [Ahmed Aboul-Ela - Aboul3la](https://github.com/aboul3la)
+- [B. Blechschmidt - Blechschmidt](https://github.com/blechschmidt)
+- [Thomas D. - Maaaaz](https://github.com/maaaaz)
+- [Daniel Miessler - Danielmiessler](https://github.com/danielmiessler)
+- [Michael Skelton - Codingo](https://github.com/codingo)
 
 # TO DO
-<s>- For instance the script handles wildcard dns very poorly this is going to be addressed next</s>
-- install.sh script
-- Changes in dns records that may reveal a subdomain take over
+- Add aquatone for screenshots
+- Report only mode to generate reports for old dirsearch data
+- SubDomain exclusion
+
+
+
+
 
-**Warning:** This code was originally created for personal use for myself, so it's  a bit messy and hopefully it'll be cleaned up with more features in a later release. 
+**Warning:** This code was originally created for personal use for myself, it generates a substantial amount of traffic, please use with caution.