MagicRecon version 2.0 released. This time I have focused on automating as much as possible the process of collecting data on a target and searching for common vulnerabilities in web applications (XSS, SQLi, CORS Missconfiguration, SSRF, Open Redirect, etc). The list of new features is as follows:
- Menu added to script.
- The script now has multiple options, keeping the core of the first version (Option “All in one! (Original MagicRecon)”).
- A function has been added to install all the necessary tools and dependencies to be able to use the script, thus facilitating its installation.
- New tools such as Nuclei, Kxss, Httpx, Notify, etc. have been added.
- Obsolete tools have been removed or those that their use did not contribute a good performance to the execution of the script.
- The script has been modulated using functions to make it easier to modify the code.
- Gobuster has been replaced by Wfuzz in the directory and file enumeration.
- An option has been added to perform a massive vulnerability scan to multiple targets with the possibility of receiving alerts for positives found through applications such as Telegram, Discord or Slack. This option is intended for use on VPS systems such as Digital Ocean or AWS instances.
- All the information obtained will be stored in an orderly manner in directories.
- And many more improvements!
HAPPY HUNTING!