Merge branch 'master' of https://github.com/robotshell/magicRecon

robotshell · robotshell · commit 08ea640cd3db · 2020-04-04T13:24:11.000+02:00
diff --git a/README.md b/README.md
@@ -4,12 +4,14 @@
 Recon is an essential element of any penetration testing. This repository contain a powerful shell script to maximize the recon and data collection process of an objective. With this script you can easily find:
 
 * Sensitive information disclosure.
+* Missing HTTP headers
 * Open S3 buckets.
 * Subdomain takeovers.
 * Open ports and services.
 * Endpoints.
 * Directories.
 * Javascript files with senstive info
+* CORS missconfigurations
 * Other quick bugs.
 
 
@@ -25,6 +27,7 @@ Recon is an essential element of any penetration testing. This repository contai
 * [Assetfinder](https://github.com/tomnomnom/assetfinder)
 * [Subjack](https://github.com/haccer/subjack)
 * [httprobe](https://github.com/tomnomnom/httprobe)
+* [Corsy](https://github.com/s0md3v/Corsy)
 * [Aquatone](https://github.com/michenriksen/aquatone)
 * [curl](https://curl.haxx.se/)
 * [relative-url-extractor](https://github.com/jobertabma/relative-url-extractor)
@@ -37,15 +40,15 @@ Recon is an essential element of any penetration testing. This repository contai
 # How does it work?
 The script has 5 phases:
 
-1. Subdomain enumeration: Amass, Certsh.py, Github-subdomains.py, Gobuster DNS and Assetfinder tools are used to find the maximum possible number of subdomains. httprobe is used to probe for working http and https servers. Then Subjack is used to quickly check if it exists subdomains takeover. Finally, Aquatone takes screenshots of each subdomain.
+1. Subdomain enumeration: Amass, Certsh.py, Github-subdomains.py, Gobuster DNS and Assetfinder tools are used to find the maximum possible number of subdomains. httprobe is used to probe for working http and https servers. Then Subjack is used to quickly check if it exists subdomains takeover. Corsy tool is used to find CORS missconfigurations. Finally, Aquatone takes screenshots of each subdomain.
 
-2. Headers: curl is used to obtain the headers of each subdomain. 
+2. Javascript: relative-url-extractor and Jsearch.py are used to inspect the javascript files of each subdomain for endpoints and sensitive information.
 
-3. Javascript: relative-url-extractor and Jsearch.py are used to inspect the javascript files of each subdomain for endpoints and sensitive information.
+3. Directories and hidden files: Gobuster DIR is used to collect hidden files and directories through a dictionary. You can change the dictionary in the script configuration.
 
-4. Directories and hidden files: Gobuster DIR is used to collect hidden files and directories through a dictionary. You can change the dictionary in the script configuration.
+4. Nmap: Nmap is used to scan ports and services quiclky.
 
-5. Nmap: Nmap is used to scan ports and services quiclky.
+5. Headers: curl is used to obtain the headers of each subdomain. 
 
 ###  All the data generated in the different processes are saved in different files and directories in different formats.
 ![Example image](https://raw.githubusercontent.com/robotshell/magicRecon/master/example.png)
