Need help with reconftw?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

six2dez
709 Stars 80 Forks GNU General Public License v3.0 489 Commits 17 Opened issues

Description

ReconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Services available

!
?

Need anything else?

Contributors list

# 45,797
TypeScr...
Shell
Lua
kali-li...
297 commits
# 214,415
system-...
optimiz...
Linux
Ubuntu
78 commits
# 32,837
HTML
TypeScr...
Vue.js
stencil
1 commit
# 135,523
Shell
HTML
JavaScr...
scannin...
1 commit


reconftw
ReconFTW

A simple bash script for full recon

Summary

ReconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.

Installation Instructions

▶ git clone https://github.com/six2dez/reconftw
▶ cd reconftw
▶ chmod +x *.sh
▶ ./install.sh
▶ ./reconftw.sh -d target.com -a
  • It is highly recommended, and in some cases essential, to set your API keys or env variables:
    • amass config file (
      ~/.config/amass/config.ini
      )
    • subfinder config file (
      ~/.config/subfinder/config.yaml
      )
    • GitHub tokens file (
      ~/Tools/.github_tokens
      ) Recommended > 5, see how to create here
    • favup API (
      shodan init 
      )
    • SSRF Server var (
      COLLAB_SERVER
      env var)
    • Blind XSS Server var (
      XSS_SERVER
      env var)
    • Notify config file (
      ~/.config/notify/notify.conf
      )

Usage

TARGET OPTIONS

| Flag | Description | |------|-------------| | -d | Target domain (example.com) | | -l | Target list (one per line) | | -x | Exclude subdomains list (Out Of Scope) |

MODE OPTIONS

| Flag | Description | |------|-------------| | -a | Perform full recon | | -s | Full subdomain scan (Subs, tko and probe) | | -w | Perform web checks only without subs (-l required) | | -i | Check whether tools required are present or not | | -v | Verbose/Debug Mode | | -h | Show help section |

GENERAL OPTIONS

| Flag | Description | |------|-------------| | --deep | Deep scan (Enable some slow options for deeper scan) | | --fs | Full scope (Enable the widest scope * .domain. * options) | | -o | Output directory |

Running ReconFTW

To perform a full recon on single target (may take a significant time)

▶ ./reconftw.sh -d example.com -a

To perfrom a full recon on a list of targets

▶ ./reconftw.sh -l sites.txt -a -o /output/directory/

Perform full recon with more intense tasks (VPS intended)

▶ ./reconftw.sh -d example.com -a --deep -o /output/directory/

Perform a wide scope recon on a target (may include false positives)

▶ ./reconftw.sh -d example.com -a --fs -o /output/directory/

Check whether all required tools are present or not

▶ ./reconftw.sh -i

Show help section

▶ ./reconftw.sh -h

Sample video

Video

:fire: Features :fire:

Mindmap/Workflow

Mindmap

:hourglass: Improvement plan :hourglass:

These are the next features that would come soon, take a look at all our pending features and feel free to contribute:

  • [X] Notification support
  • [ ] HTML Report
  • [ ] In Scope file support
  • [ ] ASN/CIDR/Name allowed as target

You can support this work buying me a coffee:

Thanks

For their great feedback, support, help or for nothing special but well deserved:

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.