Tool:: Ultimate Web Recon

UltimateWebRecon :: Download 

UltimateWebRecon :: Intro

With the prevalence of frame-busting scripts or X-Frame-Options header,  our web-based  Recon page is likely to be unusable soon in the future. So, we've coded a small Windows-based application that does the same.

UltimateWebRecon :: Minimum System Requirement

- Microsoft .NET Framework 4+

UltimateWebRecon :: Database Update

- Select Help > Update Database.

UltimateWebRecon :: Program Update

- The application should detect automatically at next launch after database update.

UltimateWebRecon :: Database Structure

The application uses an XML data file reconDb.xml which contains a list of common web resources that we use in our daily penetration testing projects.   You can examine the file's XML tag and attribute structure to add your own favorite URLs under classified categories.  An example goes like this:

<link name="Shodan" value="" compatible="yes" ontextfield="" />

compatible (yes|no)  -  If it's set to 'Yes', it means the site is compatible with the IE rendering engine of the  application. And the application will load the site.

ontextfield (string) - text field input ID or name of site page. Once the page is loaded, Query text value of the application will be copied into the site page text field input so that you do not need type it.  This is applicable for those sites that allows only HTTP POST request.  This feature may not be reliable at all times due to time out triggered by long loading time of multiple page elements like js, css, ...etc.all - fill query string in all input text fields.  We may update the application to support POST-based request in the future but not for now.

UltimateWebRecon :: License

Ultimate Web Recon is under Freeware license. Permission is granted for use at your own risk.

UltimateWebRecon :: Legality

To comply with each web site's Terms of Service, the program does not/will not have automated query feature. It is designed to assist in human's manual research and analysis of information to be gathered.

Popular posts from this blog

CubeCart 3.0.20 (3.0.x) and lower | Multiple Cross Site Scripting Vulnerabilities

Open-Realty CMS 3.x | Persistent Cross Site Scripting (XSS) Vulnerability