Posts

Showing posts from February, 2018

ReconUI - Open Source Reconnaissance (Alpha version)

Image
About ReconUI is a simple web application that combines different recon methods to find attack surface and identify assets of the in-scope targets. When you are given a scope like *.domain.com in bug bounty / vulnerability disclosure policies, it gives you a chance to find vulnerabilities in as many targets as possible. While that has its advantages, it also has its own disadvantages. Just for an example lets take yahoo.com. Yahoo's bug bounty accepts any vulnerability under *.yahoo.com. When you start looking for bugs, you end up finding thousands of subdomains and end up getting confused on what you should look for or how you should target something. In those cases, recon tools become handy  because you can let them do the hard work and help identify possible crucial assets. However, as we (the bug bounty community) grow, multiple tools are released on GitHub that we can use. Simply running each of these tools on every scan or opening multiple terminals (despite how cool it loo…