A powerful Bash-based automated reconnaissance toolkit for bug bounty hunters and penetration testers. Includes subdomain enumeration, port scanning, live host detection, fuzzing, and more. π
Enterprise-Grade Reconnaissance Toolkit
Developed by FORTIS SECURITY
π Documentation
For detailed installation guides and sample scan results, see the docs/ directory.
-
- π°οΈ Subdomain Enumeration (Amass + Subfinder)
-
- π Live Host Detection (httpx)
-
- π Port Scanning (Nmap)
-
- π Web Path Fuzzing (FFuF)
-
- ποΈ Visual Recon (Aquatone)
-
- π‘οΈ Vulnerability Scanning (Nuclei)
Clone the repository
git clone https://github.com/yourusername/RECON-GHOST.gitMake scripts executable
cd RECON-GHOST
chmod +x install.sh reconghost.shRun the installer
./install.sh # Installs all tools automaticallyπ Usage
./reconghost.sh -d example.com -o ./scan_results [-w wordlist.txt]| Flag | Description | Required |
|---|---|---|
-d |
Target domain | Yes |
-o |
Output directory | Yes |
-w |
Custom wordlist path | No |
-h |
Show help | No |
-v |
Show version | No |
βΉοΈ Default wordlist is used if
-wis not specified.
π Silence output:
./reconghost.sh -d example.com -o ./scan_results [-w wordlist.txt] > /dev/null 2>&1π Output File Structure
When the scan completes, the following directory structure is generated:
scan_results/
βββ subdomains.txt
βββ live_hosts.txt
βββ ports.txt
βββ fuzzing.txt
βββ screenshots/
βββ nuclei_results.txt
π‘ This helps you organize recon data and import it into reporting tools easily.
This project is licensed under the MIT License.
Feel free to fork, star, and send PRs. Letβs build a powerful recon community together!