R
hanzo@bushidocyber ~ % man rickyrecon

RickyRecon

An interactive, menu-driven reconnaissance framework that consolidates 30+ penetration-testing tools into one workflow.

Recon BashPentestEnumeration
View on GitHub ↗ Get it running

What it is

RickyRecon is a Bash framework that wraps the recon and enumeration phase of a penetration test into a single, menu-driven workflow. Instead of manually chaining dozens of separate commands, you pick a module and it launches the right industry-standard tools for you.

It's built for pentesters who want streamlined enumeration across every attack surface — from the first port scan all the way through Active Directory.

How it works

  • One menu, the whole recon phase — categorized submenus span initial discovery through Active Directory exploitation, each launching the right tools for you.
  • Dedicated terminal windows — every tool opens in its own window and prints the exact command before it runs, so parallel scans stay readable and auditable.
  • Automated dependency install — missing tools are detected on first run and installed in a single batch prompt — no chasing binaries mid-engagement.
  • Structured reporting — output lands in recon_reports_<hostname>/ with <tool>_<target> naming, plus a dedicated EyeWitness directory.
  • Alternate-port aware — set extra ports once and every web & fuzzing tool automatically repeats across them, with protocol auto-detection (443/8443 → HTTPS).
  • Quick-scan shortcuts — one-key full recon, a lightweight RustScan + Nuclei + dirsearch pass, or RustScan/Nuclei on their own.

The modules

01 Port scanning

  • RustScan
  • Nmap TCP (full -p- + scripts)
  • Nmap UDP (top 1000)

02 SNMP

  • Nmap SNMP scripts
  • OneSixtyOne · SNMPWalk
  • SNMP-Check · v3 enum
  • SNMP Write RCE

03 Web scanning

  • Nikto · Wapiti · Nuclei
  • WhatWeb · WPScan
  • Wafw00f · Arjun

04 Directory fuzzing

  • Dirb · Gobuster
  • DirSearch · FFuF
  • Feroxbuster (recursive)

05 DNS & OSINT

  • DNSRecon · Amass
  • Subfinder · FFuF subs
  • theHarvester

06 SMB

  • Enum4linux-ng
  • NetExec (9 protocols)
  • SAM/LSA/NTDS dumping

07 AD / Kerberos

  • LDAPSearch
  • Responder (NTLMv2)
  • bloodyAD (GET/SET/ADD)

08 Brute force & utils

  • Hydra (multi-protocol)
  • EyeWitness screenshots
  • SearchSploit

NetExec drives interactive credential testing across smb, ldap, winrm, rdp, ssh, mssql, ftp, vnc, and wmi — with password, NTLM-hash, Kerberos, and null-session auth, RID brute force, BloodHound collection, kerberoasting, and ASREPRoasting.

Requirements

PlatformKali Linux or a Debian-based distribution
Privilegessudo — needed for Nmap, Responder, and tool installation
ConnectivityInternet on first run for installs and SNMP MIB downloads
WordlistsSecLists & rockyou.txt for fuzzing and brute force

Get it running

It's a single self-contained script. Clone, make it executable, and launch the menu — one line:

git clone https://github.com/BushidoCyb3r/rickyrecon.git && cd rickyrecon && chmod +x rickyrecon.sh && ./rickyrecon.sh

Use only on systems you are authorized to test. RickyRecon launches active scanning and exploitation tooling. See the README for the full module list and options.

R

Recon, streamlined

Stop chaining commands by hand. Drive your whole enumeration phase from one menu.

View on GitHub ↗ ← All projects