Automated basic digital reconnaissance. Great for getting an initial footprint of your targets.
- Direct and reverse DNS lookups
- MX and NS lookups
- Domain and IP Whois lookups
- Google queries to get subdomains
- Shodan lookups
- Reverse DNS lookups on entire CIDRs looking for subdomains
InstaRecon will never scan a target directly. Information is retrieved from DNS/Whois servers, Google, and Shodan.
###Installing with pip Simply install dependencies using pip. Tested on Ubuntu 14.04 and Kali Linux 1.1.0a.
pip install -r requirements.txt
or
pip install pythonwhois ipwhois ipaddress shodan
###Example
$ ./instarecon.py -s <shodan_key> -o ~/Desktop/github.csv github.com
# Scanning 1/1 hosts
# Shodan key provided - <shodan_key>
# ____________________ Scanning github.com ____________________ #
# DNS lookups
[*] Domain: github.com
[*] IPs & reverse DNS:
192.30.252.128 - github.com
[*] NS records:
ns4.p16.dynect.net
204.13.251.16 - ns4.p16.dynect.net
ns3.p16.dynect.net
208.78.71.16 - ns3.p16.dynect.net
ns2.p16.dynect.net
204.13.250.16 - ns2.p16.dynect.net
ns1.p16.dynect.net
208.78.70.16 - ns1.p16.dynect.net
[*] MX records:
ASPMX.L.GOOGLE.com
173.194.72.27 - tf-in-f27.1e100.net
ALT2.ASPMX.L.GOOGLE.com
173.194.74.26 - qe-in-f26.1e100.net
ALT3.ASPMX.L.GOOGLE.com
74.125.21.26 - yv-in-f26.1e100.net
ALT4.ASPMX.L.GOOGLE.com
173.194.76.26 - qc-in-f26.1e100.net
ALT1.ASPMX.L.GOOGLE.com
74.125.25.26 - pa-in-f26.1e100.net
# Whois lookups
[*] Whois domain:
Domain Name: github.com
Registry Domain ID: 1264983250_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2015-01-08T04:00:18-0800
Creation Date: 2007-10-09T11:20:50-0700
Registrar Registration Expiration Date: 2020-10-09T11:20:50-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
Registry Registrant ID:
Registrant Name: GitHub Hostmaster
Registrant Organization: GitHub, Inc.
Registrant Street: 88 Colin P Kelly Jr St,
Registrant City: San Francisco
Registrant State/Province: CA
Registrant Postal Code: 94107
Registrant Country: US
Registrant Phone: +1.4157354488
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: hostmaster@github.com
Registry Admin ID:
Admin Name: GitHub Hostmaster
Admin Organization: GitHub, Inc.
Admin Street: 88 Colin P Kelly Jr St,
Admin City: San Francisco
Admin State/Province: CA
Admin Postal Code: 94107
Admin Country: US
Admin Phone: +1.4157354488
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: hostmaster@github.com
Registry Tech ID:
Tech Name: GitHub Hostmaster
Tech Organization: GitHub, Inc.
Tech Street: 88 Colin P Kelly Jr St,
Tech City: San Francisco
Tech State/Province: CA
Tech Postal Code: 94107
Tech Country: US
Tech Phone: +1.4157354488
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: hostmaster@github.com
Name Server: ns2.p16.dynect.net
Name Server: ns4.p16.dynect.net
Name Server: ns1.p16.dynect.net
Name Server: ns3.p16.dynect.net
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2015-04-13T17:23:13-0700 <<<
The Data in MarkMonitor.com\'s WHOIS database is provided by MarkMonitor.com for
information purposes, and to assist persons in obtaining information about or
related to a domain name registration record. MarkMonitor.com does not guarantee
its accuracy. By submitting a WHOIS query, you agree that you will use this Data
only for lawful purposes and that, under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via e-mail (spam); or
(2) enable high volume, automated, electronic processes that apply to
MarkMonitor.com (or its systems).
MarkMonitor.com reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.
MarkMonitor is the Global Leader in Online Brand Protection.
MarkMonitor Domain Management(TM)
MarkMonitor Brand Protection(TM)
MarkMonitor AntiPiracy(TM)
MarkMonitor AntiFraud(TM)
Professional and Managed Services
Visit MarkMonitor at http://www.markmonitor.com
Contact us at +1.8007459229
In Europe, at +44.02032062220
--
[*] Whois IP:
asn: 36459
asn_cidr: 192.30.252.0/22
asn_country_code: US
asn_date: 2012-11-15
asn_registry: arin
query: 192.30.252.128
net 0:
abuse_emails: abuse@github.com
address: 88 Colin P Kelly Jr Street
cidr: 192.30.252.0/22
city: San Francisco
country: US
created: 2012-11-15T00:00:00
description: GitHub, Inc.
handle: NET-192-30-252-0-1
misc_emails: None
name: GITHUB-NET4-1
postal_code: 94107
range: 192.30.252.0 - 192.30.255.255
state: CA
tech_emails: hostmaster@github.com
updated: 2013-01-05T00:00:00
# Querying Shodan for open ports
[*] Shodan:
IP: 192.30.252.128
Organization: GitHub
ISP: GitHub
Port: 80
Banner: HTTP/1.1 301 Moved Permanently
Content-length: 0
Location: https://192.30.252.128/
Connection: closePort: 22
Banner: SSH-2.0-libssh-0.6.0
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PH
kccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETY
P81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoW
f9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lG
HSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
Fingerprint: 16:27:ac:a5:76:28:2d:36:63:1b:56:4d:eb:df:a6:48
# Querying Google for subdomains and Linkedin pages, this might take a while
[*] Possible LinkedIn page: https://au.linkedin.com/company/github
[*] Subdomains:
addyosmani.github.com
199.27.78.133
ajaxorg.github.com
199.27.78.133
akkadotnet.github.com
199.27.78.133
arshad.github.com
199.27.78.133
ask.github.com
199.27.78.133
assaf.github.com
199.27.78.133
cocoapods.github.com
199.27.78.133
daid.github.com
199.27.78.133
designmodo.github.com
199.27.78.133
developer.github.com
199.27.78.133
education.github.com
50.17.253.231 - ec2-50-17-253-231.compute-1.amazonaws.com
23.23.134.127 - ec2-23-23-134-127.compute-1.amazonaws.com
50.19.229.116 - ec2-50-19-229-116.compute-1.amazonaws.com
enterprise.github.com
54.235.132.86 - ec2-54-235-132-86.compute-1.amazonaws.com
54.235.148.255 - ec2-54-235-148-255.compute-1.amazonaws.com
eonasdan.github.com
199.27.78.133
eternicode.github.com
199.27.78.133
fabriziogiordano.github.com
199.27.78.133
fontforge.github.com
199.27.78.133
fortawesome.github.com
199.27.78.133
gist.github.com
192.30.252.141 - gist.github.com
greggman.github.com
199.27.78.133
guides.github.com
199.27.78.133
help.github.com
199.27.78.133
hexchat.github.com
199.27.78.133
imakewebthings.github.com
199.27.78.133
jgilfelt.github.com
199.27.78.133
jobs.github.com
54.163.15.207 - ec2-54-163-15-207.compute-1.amazonaws.com
joey711.github.com
199.27.78.133
kangax.github.com
199.27.78.133
launch.github.com
192.30.252.128 - github.com
learnboost.github.com
199.27.78.133
mac.github.com
199.27.78.133
mapbox.github.com
199.27.78.133
matplotlib.github.com
199.27.78.133
mbostock.github.com
199.27.78.133
mgcrea.github.com
199.27.78.133
mindmup.github.com
199.27.78.133
mrdoob.github.com
199.27.78.133
msysgit.github.com
199.27.78.133
mustache.github.com
199.27.78.133
mxcl.github.com
199.27.78.133
necolas.github.com
199.27.78.133
nltk.github.com
199.27.78.133
osxfuse.github.com
199.27.78.133
pages.github.com
199.27.78.133
panrafal.github.com
199.27.78.133
pcottle.github.com
199.27.78.133
philogb.github.com
199.27.78.133
pnts.github.com
199.27.78.133
raw.github.com
199.27.78.133
rg3.github.com
199.27.78.133
shop.github.com
192.30.252.128 - github.com
status.github.com
107.20.225.214 - ec2-107-20-225-214.compute-1.amazonaws.com
184.73.218.119 - ec2-184-73-218-119.compute-1.amazonaws.com
thoughtbot.github.com
199.27.78.133
tomchristie.github.com
199.27.78.133
training.github.com
199.27.78.133
try.github.com
199.27.78.133
twbs.github.com
199.27.78.133
twitter.github.com
199.27.78.133
windows.github.com
199.27.78.133
yui.github.com
199.27.78.133
# Reverse DNS lookup on range(s) 192.30.252.0/22 (related to github.com)
192.30.252.80 - ns1.github.com
192.30.252.81 - ns2.github.com
192.30.252.86 - live.github.com
192.30.252.87 - live.github.com
192.30.252.88 - live.github.com
192.30.252.97 - ops-lb-ip1.iad.github.com
192.30.252.98 - ops-lb-ip2.iad.github.com
192.30.252.128 - github.com
192.30.252.129 - github.com
192.30.252.130 - github.com
192.30.252.131 - github.com
192.30.252.132 - assets.github.com
192.30.252.133 - assets.github.com
192.30.252.134 - assets.github.com
192.30.252.135 - assets.github.com
192.30.252.136 - api.github.com
192.30.252.137 - api.github.com
192.30.252.138 - api.github.com
192.30.252.139 - api.github.com
192.30.252.140 - gist.github.com
192.30.252.141 - gist.github.com
192.30.252.142 - gist.github.com
192.30.252.143 - gist.github.com
192.30.252.144 - codeload.github.com
192.30.252.145 - codeload.github.com
192.30.252.146 - codeload.github.com
192.30.252.147 - codeload.github.com
192.30.252.148 - ssh.github.com
192.30.252.149 - ssh.github.com
192.30.252.150 - ssh.github.com
192.30.252.151 - ssh.github.com
192.30.252.152 - pages.github.com
192.30.252.153 - pages.github.com
192.30.252.154 - pages.github.com
192.30.252.155 - pages.github.com
192.30.252.156 - githubusercontent.github.com
192.30.252.157 - githubusercontent.github.com
192.30.252.158 - githubusercontent.github.com
192.30.252.159 - githubusercontent.github.com
192.30.252.192 - github-smtp2-ext1.iad.github.net
192.30.252.193 - github-smtp2-ext2.iad.github.net
192.30.252.194 - github-smtp2-ext3.iad.github.net
192.30.252.195 - github-smtp2-ext4.iad.github.net
192.30.252.196 - github-smtp2-ext5.iad.github.net
192.30.252.197 - github-smtp2-ext6.iad.github.net
192.30.252.198 - github-smtp2-ext7.iad.github.net
192.30.252.199 - github-smtp2-ext8.iad.github.net
192.30.253.1 - ops-puppetmaster1-cp1-prd.iad.github.com
192.30.253.2 - janky-nix101-cp1-prd.iad.github.com
192.30.253.3 - janky-nix102-cp1-prd.iad.github.com
192.30.253.4 - janky-nix103-cp1-prd.iad.github.com
192.30.253.5 - janky-nix104-cp1-prd.iad.github.com
192.30.253.6 - janky-nix105-cp1-prd.iad.github.com
192.30.253.7 - janky-nix106-cp1-prd.iad.github.com
192.30.253.8 - janky-nix107-cp1-prd.iad.github.com
192.30.253.9 - janky-nix108-cp1-prd.iad.github.com
192.30.253.10 - gw.internaltools-esx1-cp1-prd.iad.github.com
192.30.253.11 - janky-chromium101-cp1-prd.iad.github.com
192.30.253.12 - gw.internaltools-esx2-cp1-prd.iad.github.com
192.30.253.13 - github-mon2ext-cp1-prd.iad.github.net
192.30.253.16 - github-smtp2a-ext-cp1-prd.iad.github.net
192.30.253.17 - github-smtp2b-ext-cp1-prd.iad.github.net
192.30.253.23 - ops-bastion1-cp1-prd.iad.github.com
192.30.253.30 - github-slowsmtp1-ext-cp1-prd.iad.github.net
192.30.254.1 - github-lb3a-cp1-prd.iad.github.com
192.30.254.2 - github-lb3b-cp1-prd.iad.github.com
192.30.254.3 - github-lb3c-cp1-prd.iad.github.com
192.30.254.4 - github-lb3d-cp1-prd.iad.github.com
# Saving output csv file
# Done