Reconftw is an open source program written in golang that helps us gather important information about our goals.
Specifications
- Tools checker
- Google Dorks (based on deggogle_hunter)
- Subdomain enumeration (passive, resolution, bruteforce and permutations)
- Sub TKO (subjack and nuclei)
- Web Prober (httpx)
- Development screenshot (aquatone)
- template scanner (nuclei)
- Port Scanner (new)
- Url extraction (waybackurls, gau, hakrawler, github-endpoints)
- Pattern Search (gf and gf-patterns)
- Param discovery (paramspider and arjun)
- XSS (Gxss and dalfox)
- Open redirect
- SSRF checks (from m4ll0k / Bug-Bounty-Toolz / SSRF.py)
- Github Check (git-hound)
- Favicon Real IP (fav-up)
- JS Checks (LinkFinder, SecretFinder, scripts from JSFScan)
- Fuzzing (ffuf)
- Cors (Corsy)
- SSL Check (testssl)
- Interlace integration
- Custom output folder (default under Recon / target.com /)
- Run standalone steps (subdomains, subtko, web, gdorks...)
- Polished installer compatible with most distros
- Verbose mode
- Update tools script
Installation and Use
git clone https://github.com/six2dez/reconftw cd reconftw chmod + x *.sh ./install.sh ./reconftw.sh -d target.com -a
Mindmap / Workflow
Examples
Full scan:
./reconftw.sh -d target.com -a
Subdomains scan:
./reconftw.sh -d target.com -s
Web scan:
./reconftw.sh -d target.com -l targets.txt -w
Dorks:
./reconftw.sh -d target.com -g
You can download the program from here.