Home
In reconnaissance process, workflow and Methodology, useful tools and clean result is importat
Hashtag-Recon use efficient tools in recon process and make clean nosiy outputs for better analysis
Hashtag-Recon able to automate almost all recon steps with External(Wide) and Internal(Narrow) Modules
Also in Others modules help for Extract or split, Fuzz or Tamper.
Subfinder, Sublist3r, assetfinder, amass, github-subdomains, dnsx, shuffledns, massdns, cut-cdn, ffuf, httpx
Goal of these module is earn more subdomains or asset with avaiable services for increase Attack surface on wide and *.scope targets
gau, waybackurls, getJS, katana, unfurl, fallparams, RoboFinder, trufflehog, wad, x8
Goal of these module is earn more Endpoint or path for increase Attack surface on socpe/* targets
Use curl, grep ,diff and regex in these module more than other modules for extract or split data earn in last two module
All tools are use in these modules are top tools in Recon process
First do all step in Installation section in main page of repo
After install tools time to run app and see modules:
└─# ./hashtag-Recon -h
_ _ _ ______
(_) (_) | | _ (_____ \
______ _____ ___| |__ _| |_ _____ ____ _____ _____) )_____ ____ ___ ____
| ___ (____ |/___| _ (_ _(____ |/ _ (_____| __ /| ___ |/ ___/ _ \| _ \
| | | / ___ |___ | | | || |_/ ___ ( (_| | | | \ \| ____( (__| |_| | | | |
|_| |_\_____(___/|_| |_| \__\_____|\___ | |_| |_|_____)\____\___/|_| |_|
(_____|
Hashtag_AMIN
https://github.com/hashtag-amin
Example:
./hashtag-Recon dnsBrute [options]
./hashtag-Recon JSEnum [options]
./hashtag-Recon Extractor [options]
./hashtag-Recon [modules] [-h|--help]
Use these Modules:
External:
subdomain, Resolver, ptResolver, dnsBrute, tldBrute
dnsLooter, IPLooter, openSSL, whois, favicon, portScan
vhostScan, apkExtract, liveProbe, Shoter
Internal:
crawler, JSEnum, roboMap, dorcker, techDetect
paramExtract, hiddenParam, hiddenHeader
others:
Fuzzer, Tamper, Extractor, SpliterFor Execute app with spesific module, run command:
./hashtag-Recon [modules] [-h|--help]
./hashtag-Recon techDetect [Flags]Example for execute subdomain Help:
└─# ./hashtag-Recon subdomain -h
_ _ _ ______
(_) (_) | | _ (_____ \
______ _____ ___| |__ _| |_ _____ ____ _____ _____) )_____ ____ ___ ____
| ___ (____ |/___| _ (_ _(____ |/ _ (_____| __ /| ___ |/ ___/ _ \| _ \
| | | / ___ |___ | | | || |_/ ___ ( (_| | | | \ \| ____( (__| |_| | | | |
|_| |_\_____(___/|_| |_| \__\_____|\___ | |_| |_|_____)\____\___/|_| |_|
(_____|
Hashtag_AMIN
https://github.com/hashtag-amin
usage:
Find subdomain with diffrent ways(Passive), Such as:
Providers, SSL, Reverse Whois, Github, WebHistory & ...
Example:
./hashtag-Recon subdomain -light -domain example.com
./hashtag-Recon subdomain -heavy -domain example.com
./hashtag-Recon subdomain -recursive -subs example.com.subs.txt
Output:
example.com-provider.txt
example.com-recursive.txt
positional arguments:
Mode Mode to Run Script
options:
-h, --help show this help message and exit
-domain DOMAIN Domain which find Subdomains
-light Find subdomain fast, But not completely
-heavy Find subdomain completely, But slow
-subs SUBS File that include Domains/Subdomains to find Subdomains with recursive flag
-recursive Find subdomains RecursivelyAt the same, you can see help of all modules :)