reconftw v1.1 releases: automated recon on a target domain

ReconFTW

ReconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.

Features 🔥

• Google Dorks (degoogle_hunter)
• Multiple subdomain enumeration techniques (passive, bruteforce, permutations and scraping)
  • Passive (subfinder, assetfinder, amass, findomain, crobat, waybackurls)
  • Certificate transparency (crtfinder and bufferover)
  • Bruteforce (shuffledns)
  • Permutations (dnsgen)
  • Subdomain JS Scraping (JSFinder)
• Sub TKO (subzy and nuclei)
• Web Prober (httpx)
• Web screenshot (webscreenshot)
• Template scanner (nuclei)
• Port Scanner (naabu)
• Url extraction (waybackurls, gau, gospider, github-endpoints)
• Pattern Search (gf and gf-patterns)
• Param discovery (paramspider and arjun)
• XSS (XSStrike)
• Open redirect (Openredirex)
• SSRF (asyncio_ssrf.py)
• CRLF (crlfuzz)
• Github (GitDorker)
• Favicon Real IP (fav-up)
• Javascript analysis (LinkFinder, scripts from JSFScan)
• Fuzzing (ffuf)
• Cors (Corsy)
• SSL tests (testssl)
• Multithread in some steps (Interlace)
• Custom output folder (default under Recon/target.tld/)
• Run standalone steps (subdomains, subtko, web, gdorks…)
• Polished installer compatible with most distros
• Verbose mode
• Update tools script
• Raspberry Pi support
• Docker support
• CMS Scanner (CMSeeK)
• Out of Scope Support
• LFI Checks
• Notification support for Slack, Discord, and Telegram (notify)

Mindmap/Workflow

Changelog v1.1

• Config file
• BLH
• Diff mode
• SQLi
• SSTI
• Gentle mode
• Subs from CNAME
• Subs from source code
• SSRF in values and headers
• Small and big subdomains wordlist provided

Install & Use

Copyright (C) 2021 six2dez