No description

Shell 100%

Find a file

Blade34242 9e0c2e6f6f update		2026-05-11 10:35:58 +07:00
docs	First with All	2026-05-11 10:03:09 +07:00
jenkins	update	2026-05-11 10:35:58 +07:00
scripts	First with All	2026-05-11 10:03:09 +07:00
.gitignore	First with All	2026-05-11 10:03:09 +07:00
README.md	First with All	2026-05-11 10:03:09 +07:00

README.md

recon-pipeline

Automated subdomain enumeration, HTTP probing, and vulnerability scanning pipeline for bug bounty recon. Runs entirely in Jenkins, sends findings to Matrix.

Jobs

Job	Schedule	Purpose
`recon-subfinder`	every 2 days	Enumerate subdomains via subfinder + resolve with dnsx
`recon-httpx`	every 30 min	Probe live HTTP services, diff state, feed nuclei queue
`recon-nuclei`	every 1 hour	Scan queue for exposures, misconfigs, default logins

Quick Start

1. Install tools

bash scripts/setup.sh

2. Create Jenkins credentials

MATRIX_TOKEN — Secret text: your Matrix access token
MATRIX_ROOM_ID — Secret text: your room ID (!xxx:matrix.org)

3. Create 3 Pipeline jobs in Jenkins

For each job:

New Item → Pipeline
Definition: Pipeline script from SCM
or paste the Jenkinsfile content directly

Job name	Jenkinsfile
`recon-subfinder`	`jenkins/Jenkinsfile-recon-subfinder`
`recon-httpx`	`jenkins/Jenkinsfile-recon-httpx`
`recon-nuclei`	`jenkins/Jenkinsfile-recon-nuclei`

4. First run

Trigger recon-subfinder manually with your domains
Wait for it to finish
Trigger recon-httpx once manually to verify
Let cron take over

Parameters

recon-subfinder

Parameter	Default	Description
`DOMAINS`	—	One root domain per line
`RESOLVERS`	Cloudflare + Google + Quad9	DNS resolvers
`DNSX_THREADS`	50	dnsx thread count
`DNSX_RATE_LIMIT`	500	dnsx max queries/sec

recon-httpx

Parameter	Default	Description
`CHUNK_SIZE`	300	Hosts per run
`HTTPX_THREADS`	25	httpx threads
`HTTPX_TIMEOUT`	10	Timeout in seconds
`NUCLEI_BLACKLIST`	—	Domains to skip (one per line, wildcards ok: `*.hubspot.com`)
`GREP_PATTERNS`	(long list)	Pipe-separated patterns for interesting findings

recon-nuclei

Parameter	Default	Description
`QUEUE_CHUNK_SIZE`	50	Max hosts per run
`NUCLEI_SEVERITY`	low,medium,high,critical	Severity filter
`NUCLEI_CONCURRENCY`	10	Parallel templates
`NUCLEI_RATE_LIMIT`	50	Max requests/sec
`NUCLEI_BLACKLIST`	—	Defensive second-pass blacklist
`LOGIN_PATTERNS`	(login/admin/...)	Patterns for default-login scan

Monitoring

# Queue size
cat /var/jenkins_home/recon-state/nuclei/nuclei-queue.txt | wc -l

# httpx last run stats
cat /var/jenkins_home/recon-state/httpx/metadata.txt

# Today's new/changed hosts
cat /var/jenkins_home/recon-state/httpx/daily-digest.txt

# All nuclei findings
cat /var/jenkins_home/recon-state/nuclei/nuclei-findings-cumulative.txt

# Top findings by template
sort /var/jenkins_home/recon-state/nuclei/nuclei-findings-cumulative.txt \
    | uniq -c | sort -rn | head -20

Docs

Architecture — design decisions, file layout, timelines
Changes — what was fixed and why
Ops Checklist — daily/weekly/monthly checks

Requirements

Jenkins with pipeline plugin
Go 1.22+ (for tool installation)
Tools: subfinder, httpx, dnsx, nuclei
Matrix account for notifications
VPS with at least 2GB RAM, 20GB disk

Notes

This pipeline is intended for authorised security testing only. Only add domains to DOMAINS that you have explicit permission to test.