recontool

command module
v1.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 14, 2026 License: MIT Imports: 22 Imported by: 0

README ΒΆ

 β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ•—   β–ˆβ–ˆβ•—    β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•— β–ˆβ–ˆβ•—
 β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•”β•β•β•β•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ•‘    β•šβ•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘
 β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—  β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•”β–ˆβ–ˆβ•— β–ˆβ–ˆβ•‘       β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘
 β–ˆβ–ˆβ•”β•β•β–ˆβ–ˆβ•—β–ˆβ–ˆβ•”β•β•β•  β–ˆβ–ˆβ•‘     β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘β•šβ–ˆβ–ˆβ•—β–ˆβ–ˆβ•‘       β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘   β–ˆβ–ˆβ•‘β–ˆβ–ˆβ•‘
 β–ˆβ–ˆβ•‘  β–ˆβ–ˆβ•‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ•‘ β•šβ–ˆβ–ˆβ–ˆβ–ˆβ•‘       β–ˆβ–ˆβ•‘   β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β•šβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•”β•β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ•—
 β•šβ•β•  β•šβ•β•β•šβ•β•β•β•β•β•β• β•šβ•β•β•β•β•β• β•šβ•β•β•β•β•β• β•šβ•β•  β•šβ•β•β•β•       β•šβ•β•    β•šβ•β•β•β•β•β•  β•šβ•β•β•β•β•β• β•šβ•β•β•β•β•β•β•

A unified, terminal-based recon tool for bug bounty hunters and pentesters.
Combines subfinder Β· httpx Β· chaos Β· uncover Β· Wayback CDX into one powerful CLI.

Go Version License Author Release


⚑ Installation

go install -v github.com/hackthacker/recontool@latest

Requires Go 1.21+. After install, the recontool binary is available in $GOPATH/bin (or ~/go/bin).

From Source

git clone https://github.com/hackthacker/recontool
cd recontool
go build -o recontool .
./recontool -h

πŸš€ Quick Start

# Full automated recon pipeline (everything at once)
recontool -d example.com

# With chaos (projectdiscovery cloud key)
recontool scan -d example.com -key YOUR_PDCP_KEY

# With uncover OSINT search
recontool scan -d example.com -key PDCP_KEY -uq "ssl:example.com" -ue shodan,censys

πŸ“– Commands

recontool [command] [flags]

COMMANDS:
  scan        Full automated recon pipeline
  subfinder   Run subfinder subdomain enumeration
  httpx       Run httpx HTTP probing
  chaos       Run chaos subdomain search
  uncover     Run uncover OSINT search

GLOBAL:
  -v, --version    Show version info
  -h, --help       Show help
  -u, --update     Check for updates on GitHub

πŸ” Full Pipeline β€” recontool scan

Runs 5 tools in sequence, saves all output inside a <domain>/ folder:

recontool scan -d example.com

Pipeline Steps

Step Tool Output File
1 Wayback CDX (4 queries) wayback_main.txt, wayback_wildcard.txt, wayback_specific.txt, wayback_sensitive.txt
2 subfinder subfinder.txt
3 chaos (optional, needs -key) chaos.txt
4 httpx (all status codes) httpx.txt, 1xx.txt, 2xx.txt, 3xx.txt, 4xx.txt, 5xx.txt
5 uncover (optional, needs -uq) uncover.txt

Scan Flags

  -d string       target domain (required)
  -key string     ProjectDiscovery Cloud API key (or set PDCP_API_KEY env)
  -uq string      uncover search query  (e.g. 'ssl:example.com')
  -ue string      uncover engine(s)     (default: shodan)
  -ul int         uncover result limit  (default: 100)
  -sf-all         use ALL subfinder sources (slow but thorough)
  -sf-timeout int subfinder timeout in seconds (default: 30)
  -sf-threads int subfinder goroutines (default: 10)
  -hx-threads int httpx threads (default: 50)
  -hx-timeout int httpx timeout (default: 10)
  -hx-title       show page titles in httpx results
  -hx-td          show technologies (wappalyzer)
  -silent         suppress progress logs
  -o string       custom output folder name

πŸ” subfinder

Full subfinder subdomain enumeration with all flags:

recontool subfinder -d example.com
recontool subfinder -d example.com -all -silent -o subs.txt
recontool subfinder -dL domains.txt -s shodan,crtsh -json
recontool subfinder -h   # show all flags
Flag Description
-d Domain(s) to enumerate (comma-separated)
-dL File containing list of domains
-s Specific sources (-s crtsh,github,shodan)
-all Use all available sources (slow)
-recursive Use only recursive sources
-es Exclude sources
-o Output file
-oJ JSONL output
-silent Only print subdomains
-rl Rate limit (requests/sec)
-t Threads (default: 10)
-timeout Timeout in seconds
-proxy HTTP proxy
-config Config file path
-pc Provider config file

🌐 httpx

Full HTTP probing with all flags + status-family splitting:

recontool httpx -l subfinder.txt -sc -title
recontool httpx -l hosts.txt -mc 200 -o live.txt -save-filtered
recontool httpx -u example.com -sc -json -o results.json
recontool httpx -h   # show all flags
Flag Description
-l Input file of hosts
-u Target host(s) to probe
-sc Show status code
-title Show page title
-server Show server name
-td Show technologies (wappalyzer)
-ct Show content-type
-rt Show response time
-ip Show host IP
-cdn Show CDN/WAF
-mc Match status codes (-mc 200,301)
-fc Filter status codes (-fc 404,403)
-ms Match response string
-fs Filter response string
-j JSONL output
-o Output file
-save-filtered Save 1xx/2xx/3xx/4xx/5xx.txt files
-t Threads (default: 50)
-timeout Timeout (default: 10s)
-proxy HTTP/SOCKS proxy
-fr Follow redirects

πŸ’₯ chaos

ProjectDiscovery Cloud subdomain dataset:

recontool chaos -d example.com -key YOUR_PDCP_KEY
recontool chaos -dL domains.txt -key PDCP_KEY -o subs.txt
recontool chaos -d example.com -key PDCP_KEY -count
recontool chaos -h   # show all flags
Flag Description
-key PDCP API key (or set PDCP_API_KEY env)
-d Domain to search
-dL File of domains
-count Show subdomain count only
-json JSONL output
-o Output file
-silent Only print results

Get your free API key at cloud.projectdiscovery.io


πŸ”­ uncover

OSINT search across 15+ engines (Shodan, Censys, Fofa, etc.):

recontool uncover -q "org:example.com" -e shodan,censys,fofa
recontool uncover -shodan "ssl:example.com" -j -o results.json
recontool uncover -fofa "domain=example.com" -l 500
recontool uncover -h   # show all flags
Flag Description
-q Search query
-e Engine(s): shodan,fofa,censys,quake,hunter,zoomeye,netlas,criminalip,publicwww,hunterhow,google,onyphe,driftnet,daydaymap
-asq Awesome search queries (e.g. jira)
-s Query for shodan
-ff Query for fofa
-cs Query for censys
-l Limit results (default: 100)
-j JSONL output
-f Field: ip,port,host (default: ip:port)
-o Output file
-proxy HTTP proxy

Configure engine API keys in: ~/.config/uncover/provider-config.yaml


πŸ•°οΈ Wayback CDX

Automatically queries 4 Wayback Machine CDX endpoints per domain:

File Query
wayback_main.txt url=www.domain/* β€” all archived URLs
wayback_wildcard.txt url=*.www.domain/* β€” wildcard subdomains
wayback_specific.txt url=https://www.domain/en/* β€” specific path
wayback_sensitive.txt Filtered: xls,xml,pdf,sql,zip,env,key,pem,config,bak,log...

πŸ“ Output Structure

Running recontool -d example.com creates:

example.com/
β”œβ”€β”€ subfinder.txt         ← all discovered subdomains
β”œβ”€β”€ chaos.txt             ← chaos subdomains (if -key given)
β”œβ”€β”€ httpx.txt             ← ALL HTTP probe results
β”œβ”€β”€ 1xx.txt               ← informational (100–199)
β”œβ”€β”€ 2xx.txt               ← success (200–299)
β”œβ”€β”€ 3xx.txt               ← redirects (300–399)
β”œβ”€β”€ 4xx.txt               ← client errors (400–499)
β”œβ”€β”€ 5xx.txt               ← server errors (500–599)
β”œβ”€β”€ wayback_main.txt
β”œβ”€β”€ wayback_wildcard.txt
β”œβ”€β”€ wayback_specific.txt
β”œβ”€β”€ wayback_sensitive.txt
└── uncover.txt           ← OSINT results (if -uq given)

πŸ› οΈ Requirements

  • Go 1.21+
  • Optional: PDCP API key for chaos
  • Optional: Engine API keys in ~/.config/uncover/provider-config.yaml for uncover

πŸ“¦ Powered By

Package Purpose
projectdiscovery/subfinder Subdomain enumeration
projectdiscovery/httpx HTTP probing
projectdiscovery/chaos-client Chaos DB subdomains
projectdiscovery/uncover OSINT engine search
Wayback CDX API Historical URL discovery

πŸ“œ License

MIT License β€” see LICENSE


Made with ❀️ by hackthacker

Documentation ΒΆ

The Go Gopher

There is no documentation for this package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL