Question 1

How to use Raccoon with Tor for anonymous scanning?

Accepted Answer

Enable Tor routing with the --tor-routing flag; it uses port 9050 by default, but note that this can slow scans significantly due to network latency, as mentioned in the options.

Question 2

Raccoon vs Amass for subdomain enumeration – which is better?

Accepted Answer

Raccoon offers a broader reconnaissance suite including DNS, port scanning, and web app checks, while Amass is more specialized for subdomain enumeration; choose based on whether you need an all-in-one tool or focused subdomain discovery.

Question 3

Can Raccoon scan multiple targets from a file?

Accepted Answer

No, Raccoon currently does not support reading multiple hosts from a file; this feature is on the roadmap, so you need to run it separately for each target or script around it.

Question 4

How to customize wordlists in Raccoon for fuzzing?

Accepted Answer

Use the -w flag for URL fuzzing wordlists and --subdomain-list for subdomain enumeration to specify custom files, such as those from SecLists, as detailed in the Usage section.

Question 5

Is Raccoon suitable for internal network penetration testing?

Accepted Answer

Yes, for reconnaissance phases like port scanning and service detection, but ensure you have proper permissions and be aware that aggressive async scans might trigger network alarms.

Question 6

How to interpret Raccoon's Nmap vulners scan results?

Accepted Answer

The vulners scan uses a custom NSE script to identify vulnerabilities; results are saved in output files, and you should cross-reference with CVE databases for critical findings, as shown in the Screenshots.

Raccoon

What is Raccoon?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions