Skip to content

1. Post Installation Guide

Jump to bottom
six2dez edited this page Apr 17, 2021 · 13 revisions

reconFTW config file

  • Through reconftw.cfg file the whole execution of the tool can be controlled.
  • Hunters can set various scanning modes, execution preferences, tools config files, APIs/TOKENS, personalized wordlists, threads, headers, cookies etc.


Click here to view default config file 
#################################################################
#			reconFTW config file			#
#################################################################

# TERM COLOURS
bred='\033[1;31m'
bblue='\033[1;34m'
bgreen='\033[1;32m'
yellow='\033[0;33m'
red='\033[0;31m'
blue='\033[0;34m'
green='\033[0;32m'
reset='\033[0m'

# General values
tools=~/Tools
NPROC=$(nproc || echo -n 1)
SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
profile_shell=".$(basename $(echo $SHELL))rc"
#dir_output=/custom/output/path

# Golang Vars (Comment or change on your own)
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH

# Tools config files
#NOTIFY_CONFIG=~/.config/notify/notify.conf # No need to define
#SUBFINDER_CONFIG=~/.config/subfinder/config.yaml # No need to define
AMASS_CONFIG=~/.config/amass/config.ini
GITHUB_TOKENS=${tools}/.github_tokens

# APIs/TOKENS - Uncomment the lines you set removing the '#' at the beginning of the line
SHODAN_API_KEY=XXXXXXXXXXXXX
XSS_SERVER=six2dez.xss.ht
COLLAB_SERVER=i0m1y4j3fu.canarytokens.com
findomain_virustotal_token=XXXXXXXXXXXXXXXXX
findomain_spyse_token=XXXXXXXXXXXXXXXXX
findomain_securitytrails_token=XXXXXXXXXXXXXXXXX
findomain_fb_token=XXXXXXXXXXXXXXXXX

# File descriptors
DEBUG_STD="&>/dev/null"
DEBUG_ERROR="2>/dev/null"

# Osint
GOOGLE_DORKS=true
GITHUB_DORKS=false
METADATA=true
EMAILS=true
DOMAIN_INFO=true

# Subdomains
SUBCRT=true
SUBBRUTE=true
SUBSCRAPING=true
SUBPERMUTE=true
SUBTAKEOVER=true
ZONETRANSFER=true
S3BUCKETS=true

# Web detection
WEBPROBESIMPLE=true
WEBPROBEFULL=true
WEBSCREENSHOT=true

# Host
FAVICON=true
PORTSCANNER=true
PORTSCAN_PASSIVE=true
PORTSCAN_ACTIVE=true

# Web analysis
WAF_DETECTION=true
NUCLEICHECK=true
URL_CHECK=true
URL_GF=true
JSCHECKS=true
PARAMS=true
FUZZ=true
CMS_SCANNER=true
WORDLIST=true

# Vulns
XSS=true
CORS=true
TEST_SSL=true
OPEN_REDIRECT=true
SSRF_CHECKS=true
CRLF_CHECKS=true
LFI=true
SSTI=true
SQLI=true
BROKENLINKS=true
SPRAY=true
BYPASSER4XX=true

# Extra features
NOTIFICATION=true
DEEP=false
FULLSCOPE=false
DIFF=false
REMOVETMP=false

# HTTP options
COOKIE=""
HEADER="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0"

# Threads
FFUF_THREADS=40
HTTPX_THREADS=50
HTTPX_UNCOMMONPORTS_THREADS=150
SHUFFLEDNS_THREADS=5000
GOSPIDER_THREADS=50
GITDORKER_THREADS=5
XSSTRIKE_THREADS=30
BRUTESPRAY_THREADS=20
BRUTESPRAY_CONCURRENCE=10

# lists
fuzz_wordlist=${tools}/fuzz_wordlist.txt
lfi_wordlist=${tools}/lfi_wordlist.txt
subs_wordlist=${tools}/subdomains.txt
subs_wordlist_big=${tools}/subdomains_big.txt
resolvers=${tools}/resolvers.txt

Amass Config

You will need to mention your API keys in the config.ini file in order to use the third-party services.
See the Example Configuration File for more details.

Operating System Path
Linux / Unix $HOME/.config/amass/config.ini

Subfinder Config

Subfinder to gather data from other services, you will need to have setup your API keys.

Operating System Path
Linux / Unix $HOME/.config/subfinder/config.yaml

theHarvester Config

theHarvester needs some API keys in order to gather more data through other sources. For more info look here

Operating System Path
Linux / Unix ~/Tools/theHarvester/api-keys.yml

H8mail Config

Its recommended to provide your API keys in order for H8mail to work at its best. For more info look here

Operating System Path
Linux / Unix ~/Tools/h8mail_config.ini

Github tokens

  • GitDorker & github-ednpoints both require GitHub Personal Access Tokens.
  • Add your GitHub personal tokens in ~/Tools/.github_tokens ,1 token on each line.
  • Its recommended to add atleast 5 GitHub Personal Access Tokens, each from 2 different accounts to avoid rate-limiting. See here how to create them.
  • Use multiple tokens from separate GitHub accounts to provide the best results.
d2fec3d6e6712a985259522acec
0e8e24ad765d1550abe13347c48
5da53a644c6aaa5874f669a0218
15977496cc613e33cdb15b83693
46df7cecc76537e229ef069eb63

Favup Config

Favup needs your shodan API key to gather IP's matching the required favicon. To set up your API key run the following command.

shodan init [Your-Shodan-API-Key]

Blind XSS Server

ReconFTW includes a tool called XSStrike which requires a server for Blind XSS detection.
Creating an account on XSS Hunter, will provide you with your own personalized server. Specify this server in the reconftw.cfg config file.
XSS_SERVER=six2dez.xss.ht

SSRF Server

  • To get inbound requests for finding potential SSRF its necessary to setup your own COLLAB_SERVER
  • Services for setting up SSRF Server:
  1. Canarytokens
  2. RequestCatcher
  3. Webhook
  4. Burp Collaborator server

Specify your SSRF Server in reconftw.cfg config file.
COLLAB_SERVER=i0m1y4j3fu.canarytokens.com

Notify configuration

  • Notify is used to send reconFTW progress notifications via Discord, Telegram, Slack.
  • The notify config file is located at $HOME/.config/notify/notify.conf
  1. Creating Discord webhook
  2. Creating Slack webhook
  3. Creating Telegram bot When using notifications do remember to specify in the reconftw.cfg config file. NOTIFICATION=true
Clone this wiki locally