Skip to content
This repository was archived by the owner on Jun 13, 2026. It is now read-only.

roy0x01/maneuvers

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

maneuvers

A reconnaissance framework to visualise data gathered using open-source tools.


Overview

maneuvers automates the recon phase of a penetration test or bug bounty engagement. It chains together multiple open-source tools and passive API sources, collects subdomain intel, HTTP data, historical URLs, reverse IP lookups, and web technology fingerprints — storing everything in a local MongoDB instance for querying and visualisation.

This project was built in 2019 and is archived for reference. It is not actively maintained.


Features

  • Subdomain enumeration via sublist3r, subfinder, assetfinder, findomain
  • Passive discovery from crt.sh, CertSpotter, RapidDNS, Anubis, VirusTotal
  • DNS resolution + ASN / BGP data via BGPView API
  • HTTP probing via httpx
  • Historical URL collection via gau
  • Reverse IP / subnet walking via crobat
  • Web technology fingerprinting via webanalyze + Wappalyzer signatures
  • All results persisted in MongoDB

Requirements

Python

pip install -r requirements.txt

External binaries

The following tools must be installed and available on $PATH:

Tool Purpose
httpx HTTP probing
gau Historical URL collection
subfinder Subdomain enumeration
assetfinder Subdomain enumeration
findomain Subdomain enumeration
crobat Reverse IP lookup
webanalyze Technology fingerprinting

Services

  • MongoDB running locally on localhost:27017

Configuration

Set your VirusTotal API key as an environment variable before running:

export VT_API_KEY=your_virustotal_api_key

Usage

from app import backend

b = backend("example.com")
b.subenum()

Results are stored across the following MongoDB collections under the recondata database:

Collection Contents
domain Target domain record
subdomains All discovered subdomains
nslookupdata DNS + ASN info per subdomain
http_data HTTP probe results
url_data Historical URLs per subdomain
reverseipdata Reverse IP results per subnet
webanalyzerdata Technology fingerprints
logs Timestamped task log

Disclaimer

This tool is intended for use only against systems you have explicit permission to test. The authors are not responsible for any misuse.

About

maneuvers automates the recon phase of a penetration test or bug bounty engagement. It chains together multiple open-source tools and passive API sources, collects subdomain intel, HTTP data, historical URLs, reverse IP lookups, and web technology fingerprints — storing everything in a local MongoDB instance for querying and visualisation.

Topics

Resources

Stars

0 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages