In the fast-paced world of cybersecurity, staying ahead of potential threats requires thorough reconnaissance and vulnerability assessments. This blog post introduces you to a powerful bash script designed to automate these crucial tasks. Whether you’re a security professional or a cybersecurity enthusiast, this script provides a comprehensive approach to uncovering vulnerabilities and mapping out your target domain.
Tools Used:
Expected Output: Detailed DNS records and zone transfer attempts, highlighting hidden aspects of the domain’s DNS configuration.
IP Resolution and Reverse Lookup 🌐
Purpose: Resolve subdomains to IP addresses and perform reverse DNS lookups to identify associated infrastructure.
Tools Used:
Expected Output: A list of resolved IP addresses and associated domain names.
Port Scanning 🕵️♂️
Purpose: Identify open ports and services to understand potential attack vectors.
Tools Used:
- nmap: Versatile network discovery and security auditing.
- masscan: High-speed port scanner.
- rustscan: Modern port scanner with Nmap integration.
Expected Output: Scan results detailing open ports and services.
Web Probing and WAF Detection 🌐
Purpose: Check for live web applications and detect protective mechanisms like Web Application Firewalls (WAFs).
Tools Used:
Expected Output: A list of live subdomains and WAF detection results.
Screenshots and Content Discovery 📸
Purpose: Capture screenshots and discover web content to gain visual and contextual insights.
Tools Used:
- gowitness: Captures web page screenshots.
- ffuf: Fuzzing tool for hidden directories and files.
- dirsearch: Brute-forces directories and files.
Expected Output: Screenshots of web pages and lists of discovered directories and files.
Vulnerability Scanning 🔎
Purpose: Identify known vulnerabilities in web applications and services.
Tools Used:
- nuclei: Customizable vulnerability detection.
- nikto: Web server vulnerability scanner.
- sqlmap: SQL injection testing.
- xsser: XSS vulnerability scanning.
- subjack: Subdomain takeover checks.
Expected Output: Detailed vulnerability scan results, highlighting potential security issues.
Additional Checks 🔍
Purpose: Cover a wide range of potential issues beyond core vulnerabilities.
Tools Used:
- s3scanner: Detects exposed Amazon S3 buckets.
- getJS: Extracts and analyzes JavaScript files.
- sslyze and testssl.sh: Assess SSL/TLS configurations.
- corscanner: Checks for CORS misconfigurations.
- smuggler: Tests for HTTP request smuggling vulnerabilities.
- cacheblaster: Scans for web cache poisoning vulnerabilities.
- csti-scanner: Detects client-side template injection (CSTI).
- xmlrpcscan: Scans for XML external entity (XXE) injection.
- crlfuzz: Checks for CRLF injection vulnerabilities.
- wscat: Analyzes WebSocket security.
- graphql-cop: Checks for GraphQL Vulnerabilities.
Expected Output: Comprehensive results covering additional vulnerabilities and security issues.
Certificate Transparency Logs and Wayback Machine Crawling 📜
Purpose: Retrieve historical data and past issues from certificate transparency logs and the Wayback Machine.
Tools Used:
- crt.sh: Certificate transparency logs.
- waybackurls: Historical URLs from the Wayback Machine.
Expected Output: Certificate transparency logs and historical URLs.

Thank you
God bless you