samhaxr/recox samhaxr/recox

  • Stars
    star
    316
  • Rank 132,587 (Top 3 %)
  • Language
    Shell
  • License
    GNU General Publi...
  • Created over 4 years ago
  • Updated 6 months ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
samhaxr/recox
github

samhaxr

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Master script for web reconnaissance

GitHub release GitHub stars GitHub forks GitHub issues GitHub pulls GitHub license

Recox v2.0

RecoX is an incredibly versatile and powerful tool that is specifically designed to aid in the identification and classification of vulnerabilities within web applications. The script is able to detect vulnerabilities that are not typically included in the OWASP top ten vulnerabilities list, making it a valuable addition to any security professional's toolkit.

One of the key strengths of RecoX is its ability to recursively gather information about the target system. The script is designed to thoroughly cover all subdomains and IP addresses that could potentially be used in a sophisticated attack. This allows security professionals to quickly and efficiently identify potential vulnerabilities in even the most complex web applications.

Another important feature of RecoX is its ability to automate several functions that are typically performed manually during a penetration test. This includes tasks such as URL extraction, parameter identification, and SQL injection testing. By automating these functions, RecoX is able to significantly reduce the amount of time and effort required for a comprehensive web application security assessment.

The information gathered by RecoX is presented in a clear and organized format, making it easy for security professionals to understand and address the vulnerabilities. The script generates a detailed report that includes information about each vulnerability, along with recommended actions for remediation.

RecoX is an invaluable asset for any security professional looking to improve their web application security. With its advanced features, unique methodology, and user-friendly interface, RecoX is a highly effective tool that can help organizations identify and address potential security risks before they can be exploited by attackers.
For more detail please read this document.

Usage

git clone https://github.com/samhaxr/recox
chmod +x recox.sh
./recox.sh

Paste the below command to run the tool from anywhere in the terminal.

mv recox.sh /usr/local/bin/recox

The deep scanner is a comprehensive function that performs a variety of check-ups to identify potential security vulnerabilities within a web application. Its many features include subdomain takeover, A record analysis, passive and active scanning, CORS misconfiguration testing, zone transfer testing, and web content discovery.

One of the key strengths of the deep scanner is its ability to perform subdomain takeover checks. This is a critical security concern as a deleted external service can leave the subdomain pointing to a non-existent website. By performing subdomain takeover checks, the deep scanner can quickly identify whether a subdomain is vulnerable to a takeover attack.

In addition to subdomain takeover checks, the deep scanner also performs A record analysis to identify potential DNS misconfigurations. This helps to prevent attackers from exploiting weaknesses in the DNS system to gain unauthorized access to the web application.

The deep scanner also performs both passive and active scans to identify potential vulnerabilities within the web application. This includes identifying common vulnerabilities such as SQL injection, cross-site scripting (XSS), and remote file inclusion.

CORS misconfiguration testing is another important feature of the deep scanner, as it can help identify potential security risks related to cross-origin resource sharing (CORS). Zone transfer testing is also performed, as it can help identify potential security vulnerabilities related to DNS zone transfers.

Finally, web content discovery is a crucial component of the deep scanner, as it can help identify sensitive information that may be exposed on the web application. This includes files, directories, and other resources that could be exploited by attackers.

The deep scanner is an incredibly powerful function that can help organizations identify and address potential security risks within their web applications. Its many features and comprehensive approach make it an invaluable asset for any security professional looking to improve the security of their web applications.

Alt text

Update

New version v2.0 includes bug fixes and CVE Reporting.

Youtube Tutorial

RecoX

Credit

Ruhr University Bochum - Chair for Network and Data Security , David García, Jobert Abma, antichown

More Repositories

1

hackbox

HackBox is a powerful and comprehensive tool that combines a variety of techniques for web application and network security assessments, including XSS testing, subdomain scanning, SSRF injection, and more. Its user-friendly interface and wide range of features make it a valuable asset for security professionals.
Python
371
star
2

TakeOver-v1

Takeover script extracts CNAME record of all subdomains at once. TakeOver saves researcher time and increase the chance of finding subdomain takeover vulnerability.
Shell
101
star
3

SXDork

A powerful tool that utilizes the technique of google dorking to search for specific information on the internet.
Python
97
star
4

VTScanner

A comprehensive Python-based security tool for file scanning, malware detection, and analysis in an ever-evolving cyber landscape.
Python
92
star
5

XXRF-Shots

XXRF Shots - Useful for testing SSRF vulnerability
JavaScript
74
star
6

AnonX

An Encrypted File transfer via AES-256-CBC
Shell
43
star
7

ASSAMEE

Free Advance encryptor for Anon Cloud
Shell
17
star
8

ssrfpayload4digitalocean

6
star
9

xsrf-webshots

Python
4
star
10

BlockChain-v1.2

Blockchain v1.2 is a BTC lookup script written in Bash. The script can be used to track any Bitcoin address including total transactions, total received amount, final amount etc.
Shell
4
star
11

exp-db-script

Shell
3
star
12

Prototype-pollution-exploit-ctf

RCE exploit via prototype pollution vulnerability
Python
2
star
13

pstrom

Shell
1
star
14

luhn

Luhn checksum formula from Luhn algorithm/ mod10
Shell
1
star
15

BlockCypherv1.0

BlockCypher script extracts information from Bitcoin transaction ID including Transaction Code, Fee, Transacted amount, Final amount, Block hash, Block size and the date and time when the transaction was comepleted.
Shell
1
star