tugarecon
TugaRecon
TugaRecon is an advanced subdomain enumeration and DNS reconnaissance tool built for security researchers, penetration testers, and OSINT professionals.
It combines multiple passive and active modules to extract, verify, and map subdomains of a target domain efficiently.
TugaRecon, tribute to Portuguese explorers reminding glorious past of this country.
During the 15th and 16th centuries, Portuguese explorers were at the forefront of European overseas exploration, which led them to reach India, establish multiple trading posts in Asia and Africa, and settle what would become Brazil, creating one of the most powerful empires.
skynet0x01
π Features
- π Passive and active subdomain enumeration using various OSINT sources
- π‘ Built-in brute-force mode using custom wordlists
- π DNS resolution with fallback mechanisms
- π§ Multi-module integration (Certspotter, DNSDumpster, HackerTarget, etc.)
- πΊοΈ Optional subdomain map generation (interactive or visual)
- π Clean output in
.txt,.json,.html, or.csv - π No API keys required for most modules
π¦ Installation
git clone https://github.com/skynet0x01/tugarecon.git
cd tugarecon
pip3 install -r requirements.txt
β Recommended: Run in a Python virtual environment
python3 -m venv venv && source venv/bin/activate
βοΈ Basic Usage
python3 tugarecon.py -d example.com
Common Options
| Option | Description |
|---|---|
-d DOMAIN |
Target domain (required) |
--bruteforce |
Enable subdomain brute-forcing |
--full |
Run all available modules |
--map |
Save interactive map of discovered hosts |
--output FILE |
Specify output filename |
--help |
Show full list of options |
π Example
python3 tugarecon.py -d google.pt --map
π Output:
output/
βββ tugarecon/results/google.com/2025-07-18/subdomains_clustered.svg
βββ tugarecon/results/google.com/2025-07-18/subdomains_clustered.pdf
βββ tugarecon/results/google.com/2025-07-18/tuga_bruteforce.txt
βββ tugarecon/results/google.com/2025-07-18/subdomains.txt
𧩠Modules Overview
| Module | Type | Source/Functionality |
|---|---|---|
certspotter |
Passive | Queries certificate transparency logs |
hackertarget |
Passive | Uses HackerTarget public API |
dnsdumpster |
Passive | Extracts data from dnsdumpster.com |
bruteforce |
Active | Dictionary-based subdomain brute-force |
dnsresolve |
Resolver | Resolves IPs with optional fallback DNS |
mapbuilder |
Visual | Generates HTML/Graphviz subdomain maps |
π Project Structure
tugarecon/
βββ modules/
β βββ certspotter.py
β βββ hackertarget.py
β βββ ...
βββ wordlists/
β βββ first_names.txt
β βββ next_names.txt
βββ results/
βββ tugarecon.py
βββ requirements.txt
βββ README.md
π§ Roadmap
- Add support for export to PDF/SVG maps
- Integrate
httpxto detect live HTTP/HTTPS services - ASN-based grouping in visual maps
- Web-based frontend interface for remote analysis
πΈ Example Map Output
π€ Contributing
We welcome contributions!
Please read the CONTRIBUTING.md file before submitting pull requests.
π§ͺ Related Tools
π€ Author
Skynet0x01
Cybersecurity Researcher & Tool Developer
π Portugal
π License
This project is licensed under the MIT License.
π Support & Donations
If you find this project useful, consider supporting its continued development.
Your contributions help add new features, improve stability, and keep the tool updated.
π Donate with your favorite cryptocurrency:
- Bitcoin (BTC):
18Zg2qiypXRj7QnGWCpcXrKywmcfKkcUSs - Ethereum (ETH):
0x177c81746009cd7ab02adf85d28fbf27aca7a240 - Litecoin (LTC):
Le1jfoWqVoEJtm4BYbQRJbggiauMQNqjWy - Dogecoin (DOGE):
DSnRY69q1k6xhFkKULSTcSCQdJpVuGeB7k - Harmony (ONE):
one1cv90mednznu629p3jr7gqgmqd6qcm368stalwp - Solana (SOL):
5yRzoxDp17B5XEHSzmgTHWY4NYTWnk7s4qT48t941wyP
Every contribution, no matter how small, makes a big difference. Thank you!
