🔍 NullSec Recon

Advanced Reconnaissance & OSINT Toolkit

    ███▄    █  █    ██  ██▓     ██▓      ██████ ▓█████  ▄████▄  
    ██ ▀█   █  ██  ▓██▒▓██▒    ▓██▒    ▒██    ▒ ▓█   ▀ ▒██▀ ▀█  
   ▓██  ▀█ ██▒▓██  ▒██░▒██░    ▒██░    ░ ▓██▄   ▒███   ▒▓█    ▄ 
   ▓██▒  ▐▌██▒▓▓█  ░██░▒██░    ▒██░      ▒   ██▒▒▓█  ▄ ▒▓▓▄ ▄██▒
   ▒██░   ▓██░▒▒█████▓ ░██████▒░██████▒▒██████▒▒░▒████▒▒ ▓███▀ ░
   ░ ▒░   ▒ ▒ ░▒▓▒ ▒ ▒ ░ ▒░▓  ░░ ▒░▓  ░▒ ▒▓▒ ▒ ░░░ ▒░ ░░ ░▒ ▒  ░
     ░    ░    ░   ░   ░         ░            ░   ░   ░        
   ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
   █░░░░░░░░░░░░░░░░░░ R E C O N ░░░░░░░░░░░░░░░░░░░░░░░░░░░░░█
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
                       bad-antics

🔓 Join discord.gg/killers for premium features!

🎯 Features

Tool	Language	Description	Free	Premium
subfinder	Go	Fast subdomain discovery	✅	🔥
dnsrecon	Go	DNS enumeration & zone transfer	✅	🔥
wayback	Python	Wayback Machine scraper	✅	🔥
gitscan	Go	GitHub/GitLab secret scanner	❌	🔥
emailhunter	Python	Email address harvester	✅	🔥
techdetect	Go	Technology stack detector	✅	🔥

📁 Structure

nullsec-recon/
├── go/
│   ├── subfinder/       # Subdomain enumeration
│   ├── dnsrecon/        # DNS reconnaissance
│   ├── techdetect/      # Tech stack detection
│   └── gitscan/         # Git repository scanner
├── python/
│   ├── wayback.py       # Wayback Machine scraper
│   ├── emailhunter.py   # Email harvester
│   ├── whois_lookup.py  # WHOIS information
│   └── shodan_search.py # Shodan integration
└── scripts/
    ├── full_recon.sh    # Complete recon automation
    └── report_gen.py    # Report generator

🚀 Quick Start

# Subdomain enumeration
./subfinder -d example.com -o subdomains.txt

# DNS reconnaissance
./dnsrecon -d example.com --all

# Wayback URLs
python3 wayback.py -d example.com -o urls.txt

# Full automated recon
./scripts/full_recon.sh example.com

🔧 Tool Details

subfinder (Go) - Subdomain Discovery

Sources:

Certificate Transparency (crt.sh)
DNS bruteforce
Search engines (Google, Bing, Yahoo)
VirusTotal, SecurityTrails
Web archives

# Basic enumeration
./subfinder -d target.com

# With custom wordlist
./subfinder -d target.com -w subdomains.txt

# Multiple sources
./subfinder -d target.com --all -o results.txt

# JSON output
./subfinder -d target.com -json | jq

techdetect (Go) - Technology Detection

Detects:

Web frameworks (React, Angular, Vue)
CMS (WordPress, Drupal, Joomla)
Web servers (nginx, Apache, IIS)
Programming languages
CDN providers
Analytics/tracking

# Scan single URL
./techdetect -u https://example.com

# Scan list of URLs
./techdetect -l urls.txt -o tech_report.json

⚠️ Legal Disclaimer

For authorized security testing only. Only perform reconnaissance on systems you have permission to test.

NullSec Framework | GitHub | Discord

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
go		go
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

🔍 NullSec Recon

Advanced Reconnaissance & OSINT Toolkit

🔓 Join discord.gg/killers for premium features!

🎯 Features

📁 Structure

🚀 Quick Start

🔧 Tool Details

subfinder (Go) - Subdomain Discovery

techdetect (Go) - Technology Detection

⚠️ Legal Disclaimer

About

Uh oh!

Releases

Packages

Languages

bad-antics/nullsec-recon

Folders and files

Latest commit

History

Repository files navigation

🔍 NullSec Recon

Advanced Reconnaissance & OSINT Toolkit

🔓 Join discord.gg/killers for premium features!

🎯 Features

📁 Structure

🚀 Quick Start

🔧 Tool Details

subfinder (Go) - Subdomain Discovery

techdetect (Go) - Technology Detection

⚠️ Legal Disclaimer

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages