ReconFTW – A simple bash script for full recon

ReconFTW
ReconFTW

Warning

This is a live development project, until the first stable release (1.0) it will be constantly updated in the master branch, so if you have detected any bug, you can open an issue or ping me over Telegram or Twitter and I will try to do my best 🙂

More: https://github.com/six2dez/reconftw

Summary

ReconFTW performs automated enumeration of subdomains via various techniques and further scanning for vulnerabilities, to give you potential vulns.

Installation

git clone https://github.com/six2dez/reconftw
cd reconftw
chmod +x *.sh
./install.sh
./reconftw.sh -d target.com -a
  • It is highly recommended, and in some cases essential, to set your API keys or env variables:
    • amass (~/.config/amass/config.ini)
    • subfinder (~/.config/subfinder/config.yaml)
    • git-hound (~/.githound/config.yml)
    • github-endpoints.py (GITHUB_TOKEN env var)
    • favup (shodan init <SHODANPAIDAPIKEY>)
    • SSRF Server (COLLAB_SERVER env var)
    • Blind XSS Server (XSS_SERVER env var)
  • This script uses dalfox with blind-xss option, you must change to your own server, check xsshunter.com.

Usage

TARGET OPTIONS
-d DOMAIN        Target domain
-l list.txt      Targets list, one per line
-x oos.txt       Exclude subdomains list (Out Of Scope)

MODE OPTIONS
-a               Perform all checks
-s               Full subdomains scan (Subs, tko and probe)
-g               Google dorks searches
-w               Perform web checks only without subs (-l required)
-t               Check subdomain takeover(-l required)
-i               Check all needed tools
-v               Debug/verbose mode, no file descriptor redir
-h               Show this help

SUBDOMAIN OPTIONS
--sp             Passive subdomain scans
--sb             Bruteforce subdomain resolution
--sr             Subdomain permutations and resolution (-l required)
--ss             Subdomain scan by scraping (-l required)

OUTPUT OPTIONS
-o output/path   Define output folder

Features

Mindmap/Workflow

Mindmap
Mindmap

Improvement plan:

These are the last features that we have implemented, take a look at our pending features or suggest a new feature in the issues section:

✔️ Exclude Out Of Scope
✔️ Better outputs
✔️ RPI support
✔️ Open Redirect with Openredirex
✔️ SSRF Checks
✔️ More error checks
✔️ More verbose
✔️ Enhance this Readme
✔️ Customize output folder
✔️ Interlace usage
✔️ Crawler
✔️ JSFinder
✔️ Install script
✔️ Apt,rpm,pacman compatible installer

You can support this work by buying me a coffee:

Thanks

For their great feedback, support, help, or for nothing special but well deserved: