Lazy-Recon

It is a Bash script to help make recon for bug bounty programs a bit easier and also in an organised fashion.

This tool includes Sublist3r, certspotter, dirsearch.

This tool also takes a WebScreenshot of a responsive host .

It also performs nmap and at the end it creates a HTML report with all the output from all the tools Note: WebScreenshot requires PhantomJS

(https://github.com/maaaaz/webscreenshot/wiki/Phantomjs-installation) Lazy-recon requires Bug Bounty Hunting Tools in order to work, So first we will download Bug Bounty Hunting Tools Lets Start 1. clone the tool in whichever directory you want https://github.com/nahamsec/bbht.git

2. cd bbht and give the permission chmod +x install.sh

3. Than Run it

4. Its gonna ask you couple of times for additional spaces, you just need to say yes (y)

Note: Its gonna take around half an hour to complete the installation, After the installation is done, you can start with lazy-recon Lazyrecon: 1. clone the tool in whichever directory you want https://github.com/nahamsec/lazyrecon.git

2. cd lazyrecon and run it

3. First it gonna start with Sublist3r with different search engines

4. After that, it will show which Subdomain is up And which is not

5. Than it will start taking Screenshot of whatever Subdomain is up (Note: I dont have Phatomjs in my system, Thats y its showing an error, Installation guideline link of Phatomjs is provided above)

6. Than it will start Certspotter for finding which port is open for respective Subdomains

7.Than it will start dirsearch of your targets Subdomain, which is a good thing in Recon ;)

8. At the end it will generate a Html report of your Targets Subdomain

Happy Lazy....................Recon................ :D