Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server
DiscordRecon server allows you to do your reconnaissance process from your discord server.
git clone https://github.com/demon1a/discord-recon/
cd discord-recon/
python3
, golang
and pip3
on your system.sudo bash ./bin/installer.sh
settings.py
file with the options you likeapp.py
with the command: python3 app.py
and feel free to open an issue if something isn't workingnote: running discord-recon on a vps will be much cooler, since it uses a lot of internet and memory based on your usage. and you don't really want to harm your machine.
note: discord-recon has been tested only on linux, and most of the commands on the code are based on bash, it's not possible to run discord-recon on windows os
DISCORD_TOKEN
- your discord bot tokenUSER
- path to your os userRECON_PATH
- path to your recon dataADMIN_ROLE
- the admin role name on your serverDEBUG
- debug modeCOMMANDS_PREFIX
- the perfix of all bot commandsADMIN_CHANNEL
- admin channel id for important messages.DISABLE_NUCLEI_INFO
- disable nuclei from sending inf bugsNUCLEI_WEBHOOK
- the webhook nuclei will be using to post bugsDEFAULT_DISCORD_WEBHOOK
- the default discord-webhook discord-recon gonna send results withTOOLS
- paths for the tools names inside your systemRCE
- command injection protection. don't ever remove one of it's items..exec
- execute shell commands on the server..sudo
- give discord roles to users.unsudo
- remove discord roles from users.compile
- execute a python3 code on the server.shutdown
- shutdown the bot.restart
- restart the bot..ip
- get the domain ip.dig
- run dig.prips
- genrate ips from a company ip range.nslookup
- run nslookup.whois
- run whois.statuscode
- get status codes of subdomain/url.dirsearch
- start dirsearch scan.arjun
- start arjun scan.gitgraber
- start gitgraber scan.waybackurls
- start waybackurls.subfinder
- start subfinder.assetfinder
- start assetfinder.findomain
- start findomain.paramspider
- start paramspider.trufflehog
- start trufflehog.gitls
- start gitls.recon
- read internal recon file.subdomains
- collect subdomains.show
- show targets we have on the database.count
- show subdomains/hosts count in the database..history
- show the users commands from the logs..nuclei
- perform nuclei scan on collected subdomains.subjack
- perform subjack scan on collected subdomains.subjs
- run subjs on collected subdomains.smuggler
- run smuggler on collected subdomains.we care about discord-recon security specially because it interacts with the internal server and any security issues can result in server-side issues, if you think that you found a security issue on discord-recon with working proof of concept on the bot on our server. then you can report this issue via huntr to get awarded and help me fixing the issue by sumitting code fixes, otherwise you can just open an issue with it on github or email me at my personal email and i will respond asap.
it's really not safe to run discord-recon from your system with high privileges, i would suggest creating a user with low privileges and run the bot from it, then give the user the access into the tools.