recon-quick

Fast OSINT and reconnaissance presets using bbot and nmap. One-command subdomain enumeration, port scanning, and web fingerprinting for bug bounty recon.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "recon-quick" with this command: npx skills add hostilespider/recon-quick

Recon Quick — Fast OSINT Presets

One-command recon using bbot and nmap. Preset workflows for common bug bounty recon tasks.

Prerequisites

pipx install bbot
# nmap: apt install nmap / brew install nmap

Quick Start

# Full subdomain enumeration + web probe
python3 {baseDir}/scripts/recon.py target.com --preset full

# Just subdomains
python3 {baseDir}/scripts/recon.py target.com --preset subdomains

# Quick port scan top 100
python3 {baseDir}/scripts/recon.py target.com --preset ports

Presets

PresetWhat it doesTime
subdomainsSubdomain enum via bbot2-10 min
portsTop 100 ports + service detection1-5 min
webHTTP probe + tech fingerprint2-5 min
fullSubdomains + ports + web + nuclei10-30 min
passivePassive recon only (DNS, certs, APIs)1-3 min

Options

  • --preset PRESET — Recon preset (default: subdomains)
  • --output DIR — Output directory (default: ./recon-output)
  • --json — Output as JSON
  • --threads N — Thread count (default: 10)
  • --wordlist FILE — Custom wordlist for subdomain brute
  • --proxy URL — Proxy for web requests

Output Structure

recon-output/
├── target.com/
│   ├── subdomains.txt      # Discovered subdomains
│   ├── live-hosts.txt       # Alive HTTP services
│   ├── ports.txt            # Open ports
│   ├── tech-fingerprints.txt # Detected technologies
│   ├── nuclei-findings.txt  # Vulnerability scan results
│   └── full-report.json     # Everything combined

Integration with Bug Bounty

# Run recon, generate report
python3 recon.py target.com --preset full --output ./bounties/target
bb-report-template --type recon --target target.com -o report.md

Notes

  • bbot handles rate limiting and scope validation automatically
  • Nuclei findings are informational — manual verification required
  • Always check program scope before scanning
  • Use --proxy socks5://127.0.0.1:9050 for Tor

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

Harbor Skills

Harbor 镜像仓库综合管理技能。用于 Harbor 日常运维、项目与镜像管理、安全扫描、清理策略、CI/CD 集成、GitOps、复制规则、存储管理、备份恢复、webhook 联动等所有 Harbor 相关操作。当用户提到 Harbor、镜像仓库管理、Docker 镜像、镜像安全扫描、CI/CD 镜像推送/拉...

Registry SourceRecently Updated
791qiutoo
Automation

Dynamics Crm

Microsoft Dynamics 365 integration. Manage crm and sales data, records, and workflows. Use when the user wants to interact with Microsoft Dynamics 365 data.

Registry SourceRecently Updated
4030membranedev
Automation

Jira

Jira integration. Manage project management and ticketing data, records, and workflows. Use when the user wants to interact with Jira data.

Registry SourceRecently Updated
5290membranedev
Automation

Generate Education Ad Creative Brief

Plan campaign visuals and hooks for education promotions. Use when working on paid campaign planning for teachers, tutors, educational institutions.

Registry SourceRecently Updated
70tobeyrebecca