Blue Eye a Python Recon Toolkit


Blue Eye is a Recon Toolkit script I made in python3. Blue Eye shows the subdomain resolves to the IP addresses, ports and headers, company email addresses and much more ..!


The Blue Eye script shows the:

  • Subdomain resolves to the IP addresses
  • Open Ports
  • HTTP Header
  • Mail Servers
  • DNS Text Records
  • Nameserver Records
  • Sites of interest “email, okta, webmail and slack”
  • Lists of GitHub user pages
  • List of possible company email addresses harvested from GitHub user pages and from DuckDuckGo and Linkedin searches


The Subdomain resolves to the IP addresses.

Discovering subdomains or a domain is an essential part of hacking reconnaissance. However, having an unsecured subdomain can lead to a major serious risk. Because subdomain takeover attacks are a class of security issues where an attacker is able to seize control of an organization’s subdomain, which leads to an account takeover and much more.

It’s very useful to know an IP address of a subdomain, without having to do a lot of complicated work and to first go to ping all the subdomain names. Therefore I made Blue Eye
In another article, I will talk about the subdomain takeover and how to implement it. How to test and also to avoid them.


Mail Servers:

Mail servers can provide a wealth of information for hackers and penetration testers. Every email that is sent passes through a series of mail servers along its way to its recipient.


DNS Text Records:

The “text” record lets a domain administrator enter text into the DNS record, as it was originally intended as a place for human-readable notes. These records are used for various purposes. One example is ownership validation: To prove you own the domain, a provider may require you to add a TXT record with a particular value to your domain.


Nameserver Records:

This record indicates which DNS server is authoritative for that domain (which server contains the actual DNS records). Because a domain will often have multiple NS records which can indicate primary and backup name servers for that domain. NS stands for “Name Server”

Blue Eye Nameserver Records


Video about Blue Eye on YouTube:

Become a member on LBRY
Plus earning LBRY for watching videos ♥️
Here an invitation link, so that we both benefit.
In this way, you also support my work.$/invite/@hackingpassion:9

Follow me on YouTube


Install Blue Eye on Linux:

git clone
cd blue_eye
pip3 install -r requirements.txt




Here you can find the GitHub page:
Blue Eye a python Recon Toolkit script

Blue Eye a python Recon Toolkit script



  • This article was written for educational purposes and pentest only.
  • The author can not be held responsible for damages caused by the use of these resources.
  • You will not misuse the information to gain unauthorized access.
  • This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.
  • Just remember, Performing any hacks without written permission is illegal ..!

Read also the Disclaimer..!



If you have any questions about this article, any feedback, suggestions if you want to share your thoughts, please feel free to do it using the below comment form.



By Bulls Eye

Jolanda de koff • email donate

My name is Jolanda de Koff and on the internet, I'm also known as Bulls Eye. Ethical Hacker, Penetration tester, Researcher, Programmer, Self Learner, and forever n00b. Not necessarily in that order. Like to make my own hacking tools and I sometimes share them with you. "You can create art & beauty with a computer and Hacking is not a hobby but a way of life ...

I ♥ open-source and Linux