WelchSec Recon Suite

FINDINGS 0

CRITICAL 0

ALL 0

LOG

⚠ Only scan targets you own or have explicit written permission to test.

🔍

ENTER TARGET AND SELECT WORDLISTS

🚨

CRITICAL FINDINGS APPEAR HERE

STATUSPATHSIZESEV

SUBDOMAINS 0

LIVE 0

LOG

⚠ Only enumerate domains you own or have permission to test.

🌐

ENTER ROOT DOMAIN AND CLICK ENUMERATE

SUBDOMAINIPSOURCESTATUS

OPEN PORTS 0

CRITICAL 0

LOG

⚠ Port scanning without permission may be illegal. Only scan authorized targets.

🔌

ENTER HOST AND CLICK SCAN PORTS
SCANS COMMON SERVICES FOR OPEN PORTS

🚨

CRITICAL OPEN PORTS APPEAR HERE
RDP, SMB, DATABASES, DOCKER ETC.

ANALYSIS 0

RAW HEADERS

LOG

🛡

ENTER URL AND CLICK ANALYZE
CHECKS SECURITY HEADERS, CORS, COOKIES AND MORE

📋

RAW RESPONSE HEADERS APPEAR HERE

FINDINGS 0

JS FILES 0

ENDPOINTS 0

LOG

⚠ JS analysis may reveal sensitive data. Handle findings responsibly per your bug bounty program rules.

📜

ENTER A PAGE URL OR DIRECT .JS URL
SCANS FOR SECRETS, API KEYS, ENDPOINTS
S3 BUCKETS AND INTERNAL URLS

📁

JS FILE LIST APPEARS HERE

🔗

DISCOVERED API ENDPOINTS APPEAR HERE

DNS RECORDS

WHOIS / RDAP

EMAIL SECURITY

LOG

🌍

ENTER DOMAIN AND CLICK LOOKUP
SHOWS ALL DNS RECORDS, WHOIS DATA
SPF, DMARC AND EMAIL SECURITY

📋

WHOIS / RDAP DATA APPEARS HERE

📧

SPF, DMARC AND DKIM INFO APPEARS HERE

TECHNOLOGIES 0

VERSION INFO

LOG

🖥

ENTER URL AND CLICK FINGERPRINT
DETECTS CMS, FRAMEWORKS, LIBRARIES
SERVERS, CDNs AND SECURITY TOOLS

🏷

VERSION INFORMATION FROM HEADERS

RESULTS 0

LOG

⚠ Only check bucket names for organizations you have permission to test. Accessing public buckets without authorization may still violate terms of service.

☁

ENTER COMPANY NAME AND CLICK CHECK
FINDS PUBLIC OR EXPOSED AWS S3 BUCKETS
CHECKS COMMON NAMING PATTERNS

DORK QUERIES 0

ALL QUERIES 0

HOW TO USE

⚠ Google dorking is a legitimate reconnaissance technique for authorized security testing. Only run these queries against domains you own or have explicit written permission to test. Unauthorized reconnaissance may violate computer fraud laws.

🔎

ENTER YOUR DOMAIN AND CLICK GENERATE DORKS
CREATES TARGETED GOOGLE SEARCH QUERIES TO FIND
EXPOSED SENSITIVE DATA INDEXED BY GOOGLE

📋

ALL GENERATED QUERIES APPEAR HERE AS A FLAT LIST
EASY TO COPY AND SHARE WITH YOUR SECURITY TEAM

HOW GOOGLE DORKING WORKS
Google indexes publicly accessible web content. If sensitive files are accidentally exposed on a web server, Google may index them and they become searchable. Dorking uses advanced search operators to find this data.
COMMON OPERATORS:

            site: — restrict results to a specific domain

            filetype: — search for specific file types

            inurl: — search for keywords in URLs

            intitle: — search for keywords in page titles

            intext: — search for keywords in page content

            ext: — alternative to filetype:

            "quotes" — exact phrase matching
          
WHAT TO DO IF YOU FIND RESULTS:

            1. Document the finding with screenshots

            2. Remove the exposed file from the web server immediately

            3. Rotate any credentials or keys that were exposed

            4. Request Google removal via Search Console

            5. Check your web server logs to see if the file was accessed

            6. Review how the file became publicly accessible

REPORT VIEW

STATISTICS

📄

RUN SCANS ACROSS THE OTHER MODULES
THEN CLICK GENERATE REPORT TO COMPILE
ALL FINDINGS INTO A BUG BOUNTY REPORT

📊

STATISTICS SUMMARY APPEARS HERE