Skip to content

Somchandra17/TrashRecon

BranchesTags

Repository files navigation

TrashRecon

TrashRecon is an automated reconnaissance framework for security researchers and penetration testers. It chains 17 tools across 10 phases to enumerate subdomains, extract DNS records, map ASN/CIDR ranges, scan ports, take screenshots, check for subdomain takeovers, crawl endpoints, search for vulnerability patterns, scan for exposed API keys, and optionally run nuclei — all from a single command inside Docker.

Features

  • Subdomain Enumeration — puredns (brute-force), subfinder, amass, assetfinder, waybackurls, and waymore run in parallel
  • Wildcard DNS Detection — warns before enumeration if the target has wildcard DNS
  • HTTP Probing — httpx filters live hosts by status code
  • DNS Record Extraction — A records, CNAME records, and raw IPs via dnsx
  • ASN & CIDR Mapping — maps discovered IPs to autonomous systems and CIDR ranges via asnmap
  • Port Scanning — full port scan (0–65535) on unique IPs via smap
  • Screenshot Capture — aquatone screenshots of all live hosts
  • Subdomain Takeover Check — subzy checks CNAME dangling references
  • Endpoint Crawling — katana crawls live hosts for endpoints (optional, interactive)
  • Vulnerability Pattern Search — gf matches 14 patterns (XSS, SQLi, SSRF, SSTI, LFI, RCE, IDOR, etc.)
  • API Key Scanning — secretx scans endpoints for exposed keys (optional, interactive)
  • Nuclei Scanning — nuclei vulnerability scanner against live hosts (optional, interactive)
  • Colored Terminal Output — clear, color-coded status messages for every phase
  • Scan Logging — full log with timestamps saved to each scan folder (trashrecon.log)
  • Structured JSON Outputresults.json with all findings, consumable by other tools
  • Resume Support — re-run against the same domain and completed steps are skipped automatically

Phase Flow

Phase 1  · Subdomain Enumeration       (puredns + 5 passive tools in parallel)
Phase 2  · DNS Record Extraction        (A, CNAME, IPs via dnsx)
Phase 3  · ASN & CIDR Enumeration       (asnmap)
Phase 4  · Port Scanning                (smap, all ports)
Phase 5  · Screenshots                  (aquatone + chromium)
Phase 6  · Subdomain Takeover Check     (subzy)
Phase 7  · Endpoint Crawling            (katana — interactive, can skip)
  Phase 8  · GF Pattern Enumeration     (14 patterns — only if Phase 7 ran)
  Phase 9  · API Key Scanning           (secretx — interactive, only if Phase 7 ran)
Phase 10 · Nuclei Vulnerability Scan    (nuclei — interactive, independent)

Output Files

All results are saved to ~/TrashRecon/<domain>/ (bind-mounted in Docker):

File Description
final_subdomains.txt Deduplicated subdomains from all sources
workingdomains.txt Live hosts (HTTP 200/3xx)
a_records.txt A records with responses
cname.txt CNAME records
IPs.txt Unique IPs
asn_info.json ASN data per IP (JSONL)
cidr_ranges.txt Unique CIDR ranges
port_scan.json Full port scan results
aquatone/ Screenshots and HTML report
subdomains_takeover.txt Subdomain takeover results
endpoints.txt Crawled endpoints
GF/ Per-pattern GF results (xss.txt, sqli.txt, etc.)
api.txt Exposed API keys
nuclei.jsonl Nuclei findings (JSONL)
results.json Structured summary of everything
trashrecon.log Timestamped scan log

Installation

Docker (recommended)

docker pull 0xs0m/trashrecon:latest
docker run --rm -v ~/TrashRecon:/root/TrashRecon trashrecon example.com

Or run interactively (prompts for domain):

docker run -it --rm -v ~/TrashRecon:/root/TrashRecon trashrecon

Build from source

git clone https://github.com/Somchandra17/TrashRecon.git
cd TrashRecon
docker buildx build -t trashrecon .
docker run --rm -v ~/TrashRecon:/root/TrashRecon trashrecon example.com

Updating Wordlists & Resolvers

The bundled resolvers.txt and subdomains-top1million-110000.txt are baked into the Docker image at build time. To refresh them before rebuilding:

./update-lists.sh
docker buildx build -t trashrecon .

The script pulls the latest versions from trickest/resolvers and danielmiessler/SecLists. If a download fails, the existing file is kept.

Tools

TrashRecon bundles these tools inside the Docker image:

Tool Purpose
puredns DNS brute-force with massdns
subfinder Passive subdomain discovery
amass Subdomain enumeration (v3)
assetfinder Asset discovery
waybackurls Wayback Machine URL extraction
waymore Extended archive URL collection
httpx HTTP probing and filtering
dnsx DNS record extraction
asnmap IP to ASN/CIDR mapping
smap Shodan-backed port scanning
aquatone Screenshot capture
subzy Subdomain takeover detection
katana Endpoint crawling
gf + patterns Vulnerability pattern matching
secretx API key scanning
nuclei Vulnerability scanning
massdns High-performance DNS resolver

License

MIT — see LICENSE.

About

Ultimate Automation using tools like puredns, httpx, dnsx, smap, aquatone, waybackurls, gf, massdns, subzy, waymore, assetfinder, subfinder, and amass. Runs in Docker.

Topics

python api osint tools cybersecurity pentesting recon reconnaissance redteam vapt subdomains-enumeration reconnaissance-tool

Resources

Readme

License

MIT license
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages