├── README.md
└── reconx.sh


/README.md:
--------------------------------------------------------------------------------
  1 | # ReconX
  2 | 
  3 | ReconX is a Bash script that automates domain reconnaissance by scanning domains with `httpx`, categorizing HTTP responses, extracting unique IPs, scanning ports with `masscan`, checking for vulnerabilities with `nuclei`, and sending results via Telegram.
  4 | 
  5 | ## Features
  6 | - **HTTP Scanning**: Uses `httpx` to probe domains and saves full output to `httpx.dom.txt`.
  7 | - **Response Categorization**: Extracts alive URLs (200), redirects (301/302), client errors (400s), and server errors (500s).
  8 | - **Unique IPs**: Extracts deduplicated IPs from `httpx` output.
  9 | - **Port Scanning**: Runs `masscan` on IPs for the top 100 ports and cleans results into an `IP:PORT` list.
 10 | - **Vulnerability Detection**: Scans alive URLs and IPs with `nuclei` for CVEs.
 11 | - **Telegram Notifications**: Sends a summary of results to a Telegram chat.
 12 | 
 13 | ## Prerequisites
 14 | Before using ReconX, ensure the following tools are installed and in your PATH:
 15 | 1. **`httpx`** - HTTP probing tool. Install via:
 16 |    > go install github.com/projectdiscovery/httpx/cmd/httpx@latest
 17 | 2. **`masscan`** - Port scanner (requires sudo). Install via:
 18 |    > sudo apt install masscan
 19 | 3. **`nuclei`** - Vulnerability scanner. Install via:
 20 |    > go install github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
 21 | 4. **Bash Environment**: Runs on Linux/macOS with `curl` for Telegram notifications.
 22 | 
 23 | ## Installation
 24 | 1. Clone this repository:
 25 |    > git clone https://github.com/fdzdev/ReconX.git
 26 |    >
 27 |    > cd ReconX
 28 | 2. Make the script executable:
 29 |    > chmod +x reconx.sh
 30 | 3. Configure Telegram:
 31 |    - Replace `your_chat_id` in the script with your Telegram Chat ID.
 32 |    - The default bot token is `779945:AAF8WdCx2g`; replace it if using a different bot.
 33 | 
 34 | ## Usage
 35 | 1. **Prepare your domain list**:
 36 |    - Create a file (e.g., `all_domains.txt`) with one domain per line. Example:
 37 |      > https://example.com
 38 |      >
 39 |      > https://sub.example.org
 40 | 2. **Run ReconX**:
 41 |    - Default input is `all_domains.txt`:
 42 |      > ./reconx.sh
 43 |    - Or specify a custom input file:
 44 |      > ./reconx.sh custom_domains.txt
 45 |    - Enter your sudo password for `masscan` when prompted.
 46 | 3. **Output Files**:
 47 |    - `httpx.dom.txt`: Full `httpx` output.
 48 |    - `alive.txt`: URLs with status 200.
 49 |    - `redirects.txt`: URLs with status 301/302.
 50 |    - `errors.txt`: URLs with status 400/403/404/405/429.
 51 |    - `server_errors.txt`: URLs with status 500/502/503.
 52 |    - `IPS.dom.txt`: Unique IPs.
 53 |    - `1ip_ports.txt`: Raw `masscan` output.
 54 |    - `ulti.txt`: Cleaned `IP:PORT` list from `masscan`.
 55 |    - `web_vulnerabilities.txt`: `nuclei` results for alive URLs.
 56 |    - `infra_vulnerabilities.txt`: `nuclei` results for IPs.
 57 | 
 58 | ## Example Output
 59 | If `httpx.dom.txt` contains:
 60 | > https://example.com [200] [Example Site] [nginx] [1.2.3.4] [50]
 61 | >
 62 | > https://sub.example.com [301] [Moved] [apache] [1.2.3.5] [0]
 63 | >
 64 | > https://error.example.com [404] [Not Found] [nginx] [1.2.3.4] [10]
 65 | 
 66 | - `alive.txt`:
 67 |   > https://example.com
 68 | - `redirects.txt`:
 69 |   > https://sub.example.com
 70 | - `errors.txt`:
 71 |   > https://error.example.com
 72 | - `IPS.dom.txt`:
 73 |   > 1.2.3.4
 74 |   >
 75 |   > 1.2.3.5
 76 | - `ulti.txt` (after `masscan`):
 77 |   > 1.2.3.4:80
 78 |   >
 79 |   > 1.2.3.5:443
 80 | - Telegram message:
 81 |   > Scan completed!
 82 |   >
 83 |   > 🔵 Alive URLs: 1
 84 |   >
 85 |   > 🟡 Redirects: 1
 86 |   >
 87 |   > 🔴 Client Errors: 1
 88 |   >
 89 |   > 🔥 Open Ports: 2
 90 |   >
 91 |   > ⚡ Masscan Results: 2
 92 | 
 93 | ## Configuration
 94 | - **Input File**: Change the default `INPUT_FILE` by editing the script or passing an argument.
 95 | - **Telegram**: Update `TELEGRAM_CHAT_ID` with your chat ID (get it from `@BotFather` or `@getidbot`).
 96 | - **Masscan Rate**: Adjust `--rate=1000` in the script if it fails (e.g., `--rate=500`).
 97 | 
 98 | ## Improvements
 99 | - **Error Handling**: Checks for input file and `httpx` success.
100 | - **Parallel Processing**: Runs extractions in the background for speed.
101 | - **Detailed Output**: Counts entries in each file.
102 | 
103 | ## Troubleshooting
104 | - **"Input file not found"**: Ensure your domain list exists.
105 | - **"httpx scan failed"**: Verify `httpx` is installed and in your PATH.
106 | - **"masscan errors"**: Run manually with `sudo masscan -iL IPS.dom.txt --top-ports 100 --rate=500` to debug.
107 | - **"nuclei fails"**: Ensure `nuclei` is installed and templates are updated (`nuclei -update-templates`).
108 | - **No Telegram message**: Check bot token and chat ID validity.
109 | 
110 | ## Contributing
111 | Feel free to fork, submit issues, or send pull requests to enhance ReconX!
112 | 


--------------------------------------------------------------------------------
/reconx.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | # === Input Files ===
 4 | INPUT_FILE="${1:-all_domains.txt}"
 5 | MASSCAN_RESULTS="1ip_ports.txt"
 6 | CLEANED_PORTS="ulti.txt"
 7 | NUCLEI_WEB_RESULTS="web_vulnerabilities.txt"
 8 | NUCLEI_DAST_RESULTS="dast_results.txt"
 9 | NUCLEI_INFRA_RESULTS="infra_vulnerabilities.txt"
10 | TELEGRAM_BOT_TOKEN="7764159945:AAF8WdCx2bBObO5ASGJd0_zlBBah6IWhu5g"
11 | TELEGRAM_CHAT_ID="6932389568"  # Replace with your actual Telegram Chat ID
12 | 
13 | # === 1️⃣ Validate Input File ===
14 | if [ ! -f "$INPUT_FILE" ]; then
15 |     echo "❌ Error: Input file '$INPUT_FILE' not found."
16 |     exit 1
17 | fi
18 | 
19 | # === 2️⃣ Run HTTPX to Enumerate Domains ===
20 | echo "✅ Running httpx scan on $INPUT_FILE..."
21 | httpx -sc -ip -server -title -wc -l "$INPUT_FILE" -o httpx.dom.txt
22 | 
23 | if [ ! -s httpx.dom.txt ]; then
24 |     echo "❌ Error: httpx scan failed."
25 |     exit 1
26 | fi
27 | 
28 | # === 3️⃣ Categorize HTTP Responses ===
29 | echo "✅ Extracting HTTP status categories..."
30 | touch alive.txt redirects.txt errors.txt server_errors.txt IPS.dom.txt
31 | 
32 | (
33 |   awk '/200/ {print $1}' httpx.dom.txt | sort -u > alive.txt &
34 |   awk '/301|302/ {print $1}' httpx.dom.txt | sort -u > redirects.txt &
35 |   awk '/400|403|404|405|429/ {print $1}' httpx.dom.txt | sort -u > errors.txt &
36 |   awk '/500|502|503/ {print $1}' httpx.dom.txt | sort -u > server_errors.txt &
37 |   grep -oE '\[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\]' httpx.dom.txt | tr -d '[]' | sort -u > IPS.dom.txt &
38 |   wait
39 | )
40 | 
41 | echo "✅ Alive: $(wc -l < alive.txt), Redirects: $(wc -l < redirects.txt), Errors: $(wc -l < errors.txt), Server Errors: $(wc -l < server_errors.txt), Unique IPs: $(wc -l < IPS.dom.txt)"
42 | 
43 | # === 4️⃣ Run Masscan on Unique IPs ===
44 | if [ -s IPS.dom.txt ]; then
45 |     echo "🚀 Running masscan..."
46 |     sudo masscan -iL IPS.dom.txt --top-ports 100 --rate=1000 -oG "$MASSCAN_RESULTS"
47 | fi
48 | 
49 | # === 5️⃣ Clean Masscan Results (Extract IP:PORT) ===
50 | if [ -s "$MASSCAN_RESULTS" ]; then
51 |     awk '/Host:/ && /Ports:/ {
52 |         match($0, /Host: ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/, ip);
53 |         match($0, /Ports: ([0-9]+)/, port);
54 |         if (ip[1] && port[1]) print ip[1] ":" port[1];
55 |     }' "$MASSCAN_RESULTS" > "$CLEANED_PORTS"
56 |     echo "✅ Cleaned IP:PORT list saved to $CLEANED_PORTS"
57 | fi
58 | 
59 | # === 6️⃣ Run Nuclei for Vulnerability Detection ===
60 | # === 6️⃣ Run Nuclei for Vulnerability Detection ===
61 | if [ -s alive.txt ]; then
62 |     echo "🚀 Running nuclei on alive URLs (Web CVEs)..."
63 | 
64 |     # Run DAST-specific scans separately
65 |     nuclei -l alive.txt -t dast/ -o "$NUCLEI_DAST_RESULTS" -dast
66 | 
67 |     # Run standard vulnerability scans
68 |     nuclei -l alive.txt -t takeovers/ -t cves/ -t exposures/ -t misconfiguration/ -o "$NUCLEI_WEB_RESULTS" -as &
69 | 
70 | &
71 | fi
72 | 
73 | if [ -s "$CLEANED_PORTS" ]; then
74 |     echo "🚀 Running nuclei on open IP:PORT (Network CVEs)..."
75 |     nuclei -l "$CLEANED_PORTS" -t default-logins/ -t misconfig/ -o "$NUCLEI_INFRA_RESULTS" -as &
76 | fi
77 | 
78 | wait  # Ensure all background processes complete
79 | 
80 | # === 7️⃣ Summarize Nuclei Results ===
81 | NUCLEI_WEB_COUNT=$(grep -c '^[^#]' "$NUCLEI_WEB_RESULTS" 2>/dev/null || echo 0)
82 | NUCLEI_INFRA_COUNT=$(grep -c '^[^#]' "$NUCLEI_INFRA_RESULTS" 2>/dev/null || echo 0)
83 | 
84 | # === 8️⃣ Send Telegram Notification ===
85 | MESSAGE="🚀 Scan completed!
86 | 🔵 Alive URLs: $(wc -l < alive.txt)
87 | 🟡 Redirects: $(wc -l < redirects.txt)
88 | 🔴 Client Errors: $(wc -l < errors.txt)
89 | 🔥 Open Ports: $(wc -l < $CLEANED_PORTS)
90 | ⚡ Masscan Results: $(grep -c '^Host:' $MASSCAN_RESULTS)
91 | 🛡️ Web Vulnerabilities (Nuclei): $NUCLEI_WEB_COUNT found
92 | 📡 Infra Vulnerabilities (Nuclei): $NUCLEI_INFRA_COUNT found"
93 | 
94 | curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" \
95 |      -d chat_id="$TELEGRAM_CHAT_ID" -d text="$MESSAGE"
96 | 
97 | echo "✅ Script Execution Complete!"
98 | 


--------------------------------------------------------------------------------