February 2, 2021

608 words 3 mins read

six2dez/reconftw

six2dez/reconftw

Simple script for full recon

repo name six2dez/reconftw
repo link https://github.com/six2dez/reconftw
homepage
language Shell
size (curr.) 10633 kB
stars (curr.) 682
created 2020-12-30
license GNU General Public License v3.0

:construction: Warning :construction:

This is a live development project, until the first stable release (1.0) it will be constantly updated in master branch, so if you have detected any bug, you can open an issue or ping me over Telegram or Twitter and I will try to do my best :)

Table of Contents

Summary

ReconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.

Installation Instructions:

▶ git clone https://github.com/six2dez/reconftw
▶ cd reconftw
▶ chmod +x *.sh
▶ ./install.sh
▶ ./reconftw.sh -d target.com -a
  • It is highly recommended, and in some cases essential, to set your API keys or env variables:
    • amass config file (~/.config/amass/config.ini)
    • subfinder config file (~/.config/subfinder/config.yaml)
    • GitHub tokens file (~/Tools/.github_tokens) Recommended > 5, see how to create here
    • favup API (shodan init <SHODAN-API-KEY>)
    • SSRF Server var (COLLAB_SERVER env var)
    • Blind XSS Server var (XSS_SERVER env var)
    • Notify config file (~/.config/notify/notify.conf)

Usage:

TARGET OPTIONS

Flag Description
-d Target domain (example.com)
-l Target list (one per line)
-x Exclude subdomains list (Out Of Scope)

MODE OPTIONS

Flag Description
-a Perform full recon
-s Full subdomain scan (Subs, tko and probe)
-w Perform web checks only without subs (-l required)
-i Check whether tools required are present or not
-v Verbose/Debug Mode
-h Show help section

GENERAL OPTIONS

Flag Description
–deep Deep scan (Enable some slow options for deeper scan)
–fs Full scope (Enable the widest scope * .domain. * options)
-o Output directory

Running ReconFTW:

To perform a full recon on single target (may take a significant time)

▶ ./reconftw.sh -d example.com -a 

To perfrom a full recon on a list of targets

▶ ./reconftw.sh -l sites.txt -a -o /output/directory/

Perform full recon with more intense tasks (VPS intended)

▶ ./reconftw.sh -d example.com -a --deep -o /output/directory/

Perform a wide scope recon on a target (may include false positives)

▶ ./reconftw.sh -d example.com -a --fs -o /output/directory/

Check whether all required tools are present or not

▶ ./reconftw.sh -i

Show help section

▶ ./reconftw.sh -h

:fire: Features :fire:

Mindmap/Workflow

Mindmap

:hourglass: Improvement plan :hourglass:

These are the next features that would come soon, take a look at all our pending features and feel free to contribute:

  • Notification support
  • HTML Report
  • In Scope file support
  • ASN/CIDR/Name allowed as target

You can support this work buying me a coffee:

Thanks

For their great feedback, support, help or for nothing special but well deserved:

comments powered by Disqus