Recsech – Web Reconnaissance Tool Developed in PHP

Footprinting and Reconnaissance are the significant phases in the process of Penetration Testing and Bug Hunting. For making a strong methodology of testing, you need to collect essential information about the target domain. Recsech tool is an automated script designed in the PHP language which assists testers in various phases like Footprinting, Reconnaissance, Scanning on the target web. Recsech collects DNS Information, Sub Domains, Honey Spot Detected, Subdomain takeovers, Reconnaissance on GitHub, and much more you can see in Features in tools. This tool contains almost every critical information needed for setting up a hacker’s methodology.

Note: Make Sure You have PHP Installed on your System, as this is a PHP-based tool.

Features of Recsech Tool

1. Recsech tool is used in Footprinting, Reconnaissance, and Scanning phases.
2. Recsech tool is an automated tool designed in PHP language.
3. Recsech tool is open-source and free to use the tool.
4. Recsech tool supports checking of Subdomain Takeover Vulnerability.
5. Recsech tool finds the email address associated with the target domain.
6. Recsech tool performs Reconnaissance on Github about the target domain.

Installation of Recsech Tool on Kali Linux OS

Step 1: Check whether PHP Environment is Established or not, use the following command.

php --version

Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.

cd Desktop

Step 3: You are on Desktop now create a new directory called Recsech using the following command. In this directory, we will complete the installation of the Recsech tool.

mkdir Recsech

Step 4: Now switch to Recsech directory using the following command.

cd Recsech

Step 5: Now you have to install the tool. You have to clone the tool from Github.

sudo git clone –depth 1 https://github.com/radenvodka/Recsech.git Recsech

Step 6: The tool has been downloaded successfully in the Recsech directory. Now list out the contents of the tool by using the below command.

ls

Step 7: You can observe that there is a new directory created of the Recsech tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd Recsech

Step 8: Once again to discover the contents of the tool, use the below command.

ls

Step 9: Give the access rights or permissions to Recsech.php file, use the following command.

sudo chmod u+x Recsech.php

Step 10: Run the Recsech.php file to check whether the tool is successfully configured or not.

php Recsech.php

Working with Recsech Tool in Kali Linux OS

Usage/Example:

1. In this Example, We are performing a Scan on the target domain (geeksforgeeks.org). We have executed the PHP script and provided the target domain URL.

2. In the below Screenshot, We have got the subdomains associated with the target domain geeksforgeeks.org

3. In the below Screenshot, We have got the list of available protection firewalls on the domain and subdomains of geeksforgeeks.org

4. In the below Screenshot, Tool has performed a WordPress CMS audit which has return some possible vulnerabilities that can be triggered in the subdomain (cdn.geeksforgeeks.org).

5. In the below Screenshot, Tool has performed a WordPress CMS audit which has return some possible vulnerabilities that can be triggered in the main domain (geeksforgeeks.org).

6. In the below Screenshot, We have got the information about the HTTP Headers used for Securing Websites from various Cyber Attacks.

7. In the below Screenshot, We have got the results which are retrieved through GitHub Reconnaissance on geeksforgeeks.org. Information related to geeksforgeeks.org on GitHub is displayed in the below Image.

8. In the below Screenshot, We have got information on Honeypot, the IP address of Domains and Subdomains, and the Ports open on the Domain and Subdomain.

9. In the below Screenshot, We have got the associated email addresses which are directly linked to geeksforgeeks.org and the tool has also checked for Subdomain Takeover vulnerability.