ReconFTW is a tool designed to perform automated identification on a target, performing one of the best toolkits for scanning and finding vulnerabilities.
Installation instructions
- Installation Guide ????
- Required Golang > 1,14 installed and the routes must be set correctly ( $ GOPATH , $ GOROOT )
git clone https://github.com/six2dez/reconftw | |
<span class="pl-c1">cd</chip> reconftw | |
chmod +x <span class="pl-k">*</chip>.sh | |
./install.sh | |
./reconftw.sh -d target.com -a |
- It is highly recommended, and in some cases necessary, to define the API keys or the env variables:
- amass config file (~ / .config / amass / config.ini)
- config subfinder file (~ / .config / subfinder / config.yaml)
- GitHub Badge File (~ / Tools / .github_tokens) Recommended> 5, see how to create here
- API favup (shodan init )
- SSRF Server var (COLLAB_SERVER env var)
- Blind XSS Server var (XSS_SERVER env var)
- Configure file notification (~ / .config / notify / notify.conf)
Use
TARGET OPTIONS
| Flags | Description |
|---|---|
| -d | Targeting area (example.com) |
| -l | Goal list (one per line) |
| -x | Exclude subdomain list (Out of range) |
OPERATION OPTIONS
| Flags | Description |
|---|---|
| -a | Perform full recognition |
| -s | Full subdomain scan (Subs, tko and probe) |
| -w | Perform web checks (-l required) |
| -i | Check if the required tools are available or not |
| -v | Verbose / debugging |
| -h | Show help section |
GENERAL OPTIONS
| Flags | Description |
|---|---|
| –Deep | Deep Scan (Enable some slow options for deeper scan) |
| - fs | Full range (Enable wider field * .domain. * Choices) |
| -o | Output directory |
Run ReconFTW
To perform full recognition on a single target (may take significant time)
./reconftw.sh -d example.com -a |
Perform full recognition with more intensive work (intended for VPS)
./reconftw.sh -d example.com -a --deep -o /output /directory / |
Check if all the required tools are available or not
./reconftw.sh -i |
Show help section
./reconftw.sh -h |
Video example
Character
- Google Dorks (degoogle_hunter)
- Multiple subdomain enumeration techniques (passive, bruteforce, permutations and scraping)
- Passive (subfinder, assetfinder, amass, findomain, crobat, waybackurls)
- Certificate of transparency (crtfinder and bufferover)
- Bruteforce (shuffledns)
- Permutations (dnsgen)
- Subdomain JS Scraping (JSFinder)
- Sub TKO (subzy and nuclei)
- Web Prober (httpx)
- Web screenshot (webscreenshot)
- Template scanner (nuclei)
- Port Scanner (naabu)
- Url extraction (waybackurls, left, gospider, github-endpoints)
- Pattern Search (gf and gf-patterns)
- Param discovery (paramspider and arjun)
- XSS (XSStrike)
- Open redirect (Openredirex)
- SSRF (asyncio_ssrf.py)
- CRLF (crlfuzz)
- Github (GitDorker)
- Favicon Real IP (fav-up)
- Javascript analysis (LinkFinder, scripts from JSFScan)
- Fuzzing (ffuf)
- Cors (Corsy)
- SSL tests (testssl)
- Multithread in some steps (Interlace)
- Custom output folder (default under Recon / target.tld /)
- Run standalone steps (subdomains, subtko, web, gdorks…)
- Polished installer compatible with most distros
- Verbose mode
- Update tools script
- Raspberry Pi support
- Docker support
- CMS Scanner (CMSeeK)
- Out of Scope Support
- LFI Checks
- Notification support for Slack, Discord and Telegram (notify)
Mindmap / Workflow
Information on installing and using the program, you will find here.
Read them Technology News from all over the world, with the validity of iGuRu.gr
Follow us on Google News
KB4601319 Yes it causes problems. We will fix them
»
Comment Policy:
IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators