reconftw v1.1 releases: automated recon on a target domain
ReconFTW
ReconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities.
Features 🔥
- Google Dorks (degoogle_hunter)
- Multiple subdomain enumeration techniques (passive, bruteforce, permutations and scraping)
- Passive (subfinder, assetfinder, amass, findomain, crobat, waybackurls)
- Certificate transparency (crtfinder and bufferover)
- Bruteforce (shuffledns)
- Permutations (dnsgen)
- Subdomain JS Scraping (JSFinder)
- Sub TKO (subzy and nuclei)
- Web Prober (httpx)
- Web screenshot (webscreenshot)
- Template scanner (nuclei)
- Port Scanner (naabu)
- Url extraction (waybackurls, gau, gospider, github-endpoints)
- Pattern Search (gf and gf-patterns)
- Param discovery (paramspider and arjun)
- XSS (XSStrike)
- Open redirect (Openredirex)
- SSRF (asyncio_ssrf.py)
- CRLF (crlfuzz)
- Github (GitDorker)
- Favicon Real IP (fav-up)
- Javascript analysis (LinkFinder, scripts from JSFScan)
- Fuzzing (ffuf)
- Cors (Corsy)
- SSL tests (testssl)
- Multithread in some steps (Interlace)
- Custom output folder (default under Recon/target.tld/)
- Run standalone steps (subdomains, subtko, web, gdorks…)
- Polished installer compatible with most distros
- Verbose mode
- Update tools script
- Raspberry Pi support
- Docker support
- CMS Scanner (CMSeeK)
- Out of Scope Support
- LFI Checks
- Notification support for Slack, Discord, and Telegram (notify)
Mindmap/Workflow
Changelog v1.1
- Config file
- BLH
- Diff mode
- SQLi
- SSTI
- Gentle mode
- Subs from CNAME
- Subs from source code
- SSRF in values and headers
- Small and big subdomains wordlist provided
Install & Use
Copyright (C) 2021 six2dez