Skip to content
Related Articles

Related Articles

Improve Article
Save Article
Like Article

3klCon – Automation Recon Tool for Small & Medium Scopes

  • Last Updated : 20 Sep, 2021

Reconnaissance or Information Gathering is the initial step or the starting step of the Ethical Hacking or Penetration Testing process. Knowing about the target is very important while performing penetration testing. The information about the target collected serves as the milestone while penetrating the target. Targets can be of two types 1) Organization 2) Individual, so as per the target, penetration tester should collect essential information like open ports, IP addresses, MAC Addresses, Whois Records, etc., while Social Media Account Information, Personal Details if the target is an individual.

While penetrating web-based applications, every tester should collect subdomains, service info, Web database info, information exposure, hidden directories and parameters, juicy links, which may be vulnerable.

Area of Scope in Reconnaissance

Penetration Tester can divide the scope of Testing into primarily three types:

1. Small Area of Scope

While performing the penetration testing on any organization, the terms and conditions a re-applied in which the area of scope is decided and explained to the tester. So in the Small scope, the areas of testing are only for subdomains that are allowed by the organization,  all the activity beyond this scope can be considered as malpractice. All the information collected should only belong to the related subdomain.

The information which is collected in small scope is :

  1. Directory enumeration
  2. Github Dorking
  3. Parameter Discovery
  4. Port Scan
  5. Database Enumeration
  6. Backend Enumeration
  7. Github Search links

2. Medium Area of Scope 

In the Medium Area of Scope, the testing area will be increased to contain all subdomains related to a specific domain. Any organization can allow the penetration testers to test the * and find any loopholes. In this scope, the information collected is more than the previous cope, i.e., small area, the data collected can be related to various subdomains of specified or allowed domain.

The information which is collected in Medium scope is :

  1. Waybackurls Enumeration
  2. JS file Enumeration
  3. Port Scan
  4. WAF Detection
  5. Misconfiguration in Storage
  6. Subdomains Takeover

3. Large Area of Scope

This is the best scope for penetration tester as there is no restriction of subdomains and domains. The tester can test any subdomain in his way and methodology. For example, Google Organization can specify the Testers to test Any Google domains and subdomains without restrictions.

The information which is collected in Large scope is :

  • ASN to get IP ranges
  • DNS and SSL Enumeration
  • Seeds or Roots
  • Automation Vulnerability Scanning
  • Sensitive Files
  • List of Subdomains

Methodology Used in Reconnaissance

Methodology for Reconnaissance

The methodology serves as a roadmap for the penetration testing process. The methodology can be different for individual testers. It depends upon the understanding and the scope of the target. A step-wise methodology is essential for less confusion and efficient results.

What is the 3klCon Tool?

3klCon tool is an Automation Recon Framework that works with medium and large scopes. 3klCon is a python language-based tool. It performs more than 20 tasks and gets all results into separate files. Complete Automation Recon tool, which works with Small and Medium ranges. If you use Virtual Private Server (VPS), it’ll discover secrets and search for vulnerabilities. 3klCon will collect all the results into one directory with your target name.

3klCon uses various tools to get information 

  • Subfinder
  • Assetfinder
  • Altdns
  • Dirsearch
  • Httpx
  • Waybackurls
  • Gau
  • Git-hound
  • Naabu
  • Gf
  • Gf-templates
  • Nuclei
  • Nuclei-templates
  • Subjack

Installation of 3klCon Tool on Kali Linux

Step 1:

At first,open the Kali Linux terminal and move to the desktop using the following command. On the desktop, we have to create a directory in which we will install the tool or clone the tool from GitHub.

cd Desktop/

Step 2:

 Now, we are on the desktop. We will create a new directory called 3klCon using the following command.

mkdir 3klCon

Step 3:

 You have created the directory 3klCon on the Desktop. Move to this directory using the following command.

cd 3klCon/

Step 4:

Now you are under 3klCon directory. Here you have to clone the 3klCon tool. GitHub To clone the tool, use the following command.

git clone

Step 5:

 Now, the tool has been cloned successfully to the 3klCon directory. Now list out the contents of the tool using the following commands.


Step 6:

You can see a new directory here. 3klCon created. Move to this directory using the following command.

cd 3klcon

Step 7:

 List out the content of the directory using the following command.


Step 8:

 We have downloaded the tool, and now we have to authorize the tool using the following command.

sudo chmod +x

Step 9:

 Run the file using Python

python3 --help

Working with 3klCon Tool

Example :

python -t

Tool is collecting information from various platforms and tools as I mentioned above.

Separate files are created for separate purposes, like for subdomains we have all_subdomains.txt.

We can see all the subdomains in all_subdomains.txt.

Active Subdomains are stored in active_subdomains.txt.

This tool is a multipurpose tool. It finds a lot of information about the target and saves it in a sorted manner in separate text files on a system.

My Personal Notes arrow_drop_up
Recommended Articles
Page :

Start Your Coding Journey Now!