Following are the ReconDog main features,

  • Wizard + CLA interface
  • Can extracts targets from STDIN (piped input) and act upon them
  • All the information is extracted with APIs, no direct contact is made to the target

ReconDog Utilities

  • Censys: Uses to gather massive amount of information about an IP address.
  • NS Lookup: Does name server lookup
  • Port Scan: Scan most common TCP ports
  • Detect CMS: Can detect 400+ content management systems
  • Whois lookup: Performs a whois lookup
  • Detect honeypot: Uses to check if target is a honeypot
  • Find subdomains: Uses to find subdomains
  • Reverse IP lookup: Does a reverse IP lookup to find domains associated with an IP address
  • Detect technologies: Uses to detect 1000+ technologies
  • All: Runs all utilities against the target

Also ReadSandsifter – The x86 Processor Fuzzer For Hidden Instructions & Hardware Bugs


Recon Dog will run on anything that has a python interpreter installed. However, it has been tested on the following configurations:

Operating Systems: Windows, Linux, Mac
Python Versions: Python2.7, Python 3.6


Recon Dog requires no manual configuration and can be simply run as a normal python script.
However, a debian package can be downloaded from here if you want to install it.


Wizard Interface

Wizard interface is the most straightforward way you can use Recon Dog in. Just run the program, select what you want to do and enter the target, it’s that simple.

CLA Interface

Recon Dog also has a Command Line Argument inteface. Here’s how you can find subdomains:

python dog -t -c 7

There’s more to it! Do you have a program that can enumerate subdomains and you want to scan ports of all the subdomains it finds? Don’t worry, Recon Dog is designed for handling with such cases. You can simply do this:

subdomainfinder -t | python dog --domains -c 3

If you just want to print the targets, don’t use the -c option.
Also, it doesn’t matter what kind of output the other program generates, Recon Dog uses regular expressions to find targets which makes it easy to integrate will literally every tool. There are two switchs available:

--domains    extract domains from STDIN
--ips        extract ip addresses from STDIN

Video Tutorial

Credit: Somdev Sangwan