Following are the ReconDog main features,
- Wizard + CLA interface
- Can extracts targets from STDIN (piped input) and act upon them
- All the information is extracted with APIs, no direct contact is made to the target
- Censys: Uses censys.io to gather massive amount of information about an IP address.
- NS Lookup: Does name server lookup
- Port Scan: Scan most common TCP ports
- Detect CMS: Can detect 400+ content management systems
- Whois lookup: Performs a whois lookup
- Detect honeypot: Uses shodan.io to check if target is a honeypot
- Find subdomains: Uses findsubdomains.com to find subdomains
- Reverse IP lookup: Does a reverse IP lookup to find domains associated with an IP address
- Detect technologies: Uses wappalyzer.com to detect 1000+ technologies
- All: Runs all utilities against the target
Recon Dog will run on anything that has a python interpreter installed. However, it has been tested on the following configurations:
Operating Systems: Windows, Linux, Mac
Python Versions: Python2.7, Python 3.6
Recon Dog requires no manual configuration and can be simply run as a normal python script.
However, a debian package can be downloaded from here if you want to install it.
Wizard interface is the most straightforward way you can use Recon Dog in. Just run the program, select what you want to do and enter the target, it’s that simple.
Recon Dog also has a Command Line Argument inteface. Here’s how you can find subdomains:
python dog -t marvel.com -c 7
There’s more to it! Do you have a program that can enumerate subdomains and you want to scan ports of all the subdomains it finds? Don’t worry, Recon Dog is designed for handling with such cases. You can simply do this:
subdomainfinder -t example.com | python dog --domains -c 3
If you just want to print the targets, don’t use the -c option.
Also, it doesn’t matter what kind of output the other program generates, Recon Dog uses regular expressions to find targets which makes it easy to integrate will literally every tool. There are two switchs available:
--domains extract domains from STDIN --ips extract ip addresses from STDIN