RecoX is an immensely versatile and powerful tool intended primarily to aid in the identification and classification of vulnerabilities in web applications. The script can detect vulnerabilities that are not generally featured in the OWASP top ten list. Making it a significant addition to the toolset of any security expert.
RecoX’s capacity to recursively gather knowledge on the target system is one of its primary capabilities. The script is intended to cover all subdomains and IP addresses. That could be used in a sophisticated attack. This enables security professionals to uncover possible vulnerabilities in even the most complex online applications quickly and efficiently.
RecoX also has the ability to automate certain functions that are usually performed manually during a penetration test. Such as URL extraction, parameter identification, and SQL injection testing are examples of such tasks. RecoX is capable of significantly reduce the amount of time and effort required for a full web application security assessment by automating these processes.
RecoX presents the information acquired in a straightforward and organised style. Making it simple for security professionals to identify and fix the vulnerabilities. The script creates a complete report that includes information about each vulnerability as well as recommended remedial measures.
However, RecoX is a vital tool for any security professional wanting to increase the security of their web applications. RecoX is a very effective tool that may help organisations detect and manage potential security problems before they are exploited by attackers. Thanks to its extensive capabilities, innovative approach, and user-friendly interface. Please read this document for more information.
Usage
git clone https://github.com/samhaxr/recox
chmod +x recox.sh
./recox.sh
Paste the below command to run the tool from anywhere in the terminal.
mv recox.sh /usr/local/bin/recoxThe deep scanner is a comprehensive function that runs a number of tests to find potential security flaws in a web application. Such as Subdomain takeover, a record analysis, passive and active scanning, CORS misconfiguration testing, zone transfer testing. And online content discovery are among its numerous capabilities.
One of the deep scanner’s significant strengths is its ability to execute subdomain takeover checks. This is a serious security issue since deleting an external service can result in the subdomain redirecting to a non-existent website.
The deep scanner can swiftly determine whether a subdomain is vulnerable to a takeover assault by running subdomain takeover tests.
In addition to subdomain takeover checks, the deep scanner analyses A records for probable DNS misconfigurations. This prevents attackers from using DNS system flaws to obtain unwanted access to the web application.
In addition, the deep scanner conducts both passive and active scans to uncover potential vulnerabilities in the online application. This includes recognising typical flaws like SQL injection, remote file inclusion and cross-site scripting.
Download: ReconX
Also Read:
Pen-Andro: The Ultimate Penetration Testing Tool