.png)
4 weeks ago
26 BOOK THIS SPACE FOR AD
ARTICLE ADWhen I began working on bug bounty hunting, the first step for every website I tested was conducting initial reconnaissance. This meant finding all the subdomains of the target website and determining which ones were live. After that, the next task was to look for important metafiles like robots.txt, security.txt, and humans.txt.
While there are many tools that can automate these tasks, I noticed a gap — there wasn’t a single tool that could handle all of them in one go. Every task required a separate tool, installation, and manual configuration. This led me to create Inicon, a Python-based tool that combines subdomain enumeration, live subdomain checking, and metafile discovery into one seamless process.
Inicon is a Python3-powered recon tool designed specifically for bug bounty hunters, pentesters, and security researchers. It automates three key steps of the reconnaissance process:
1. Subdomain Enumeration: Inicon can automatically search and list all subdomains related to the target domain.
2. Live Subdomain Checker: It checks which of the found subdomains are live and accessible.
3. Metafile Finder: It scans for important metafiles such as robots.txt, security.txt, and humans.txt in live subdomains, helping you quickly discover useful insights for your bug bounty efforts.
By combining all three functions into a single tool, Inicon eliminates the need to juggle multiple tools, helping you save time and streamline your recon process.
· Consolidation of Tools: No more switching between tools for subdomain enumeration, live checks, and metafile discovery.
· Automation: Inicon automates the entire initial reconnaissance process, providing quick results that would otherwise take much longer to do manually.
· Efficiency: With the verbose option, you can track every step of the process, making it easier to understand the results or debug any issues.
· Simplicity: Bug bounty hunters of all experience levels can use Inicon easily due to its clear and straightforward command structure.
· Adaptable: Since it’s developed in Python, it can be easily extended or integrated into larger automation pipelines.
You can get Inicon by cloning its GitHub repository. Follow these steps:
Clone the repository:
git clone https://github.com/your-repo/inicon.gitMake the installation script executable and run it:
chmod +x install_requirements.sh./install_requirements.sh
The script will set up a virtual environment, install the required Python dependencies, and ensure that Subfinder is installed for subdomain enumeration.
Once you’ve installed Inicon, you can use it with the following commands:
Perform Initial Reconnaissance:
python3 inicon.py -d example.comPerform Subdomain Enumeration:
python3 inicon.py -d example.com --subenumCheck Live Subdomains:
python3 inicon.py -d example.com --livesubCheck for Metafiles:
python3 inicon.py -d example.com --metafiles-d, --domain: Specify the domain to perform reconnaissance on. This flag is required.--subenum: Flag to perform subdomain enumeration using the specified wordlist.--livesub: Flag to check for live subdomains after enumeration.--metafiles: Flag to check for specific metafiles on live subdomains.-w, --wordlist: Specify the wordlist file to use for subdomain enumeration.-v, --verbose: Enable verbose output for detailed information during execution.-h, --help: Show the help message and exit.Ensure the script has execute permissions (chmod +x install_requirements.sh) before running it.
Link to Github repo: Inicon
Inicon is designed to simplify and speed up the recon process for bug bounty hunters, offering a convenient all-in-one solution. With it, you’ll be able to quickly gather information on subdomains, verify live ones, and check for useful metafiles — all in one command. It’s a tool made by a bug bounty hunter, for bug bounty hunters.
Author: JWALANTH EDULAKANTI
Title: Penetration Tester
Bengali (Bangladesh) · 
English (United States) ·