Home

ReconFTW

Table of Contents

• Installation Guide
• Post Installation Guide
  • Amass Config
  • Subfinder Config
  • Git-hound Config
  • Favup Config
  • github-endpoints.py
  • Blind XSS Server
  • SSRF Server
  • AWS configure
• Docker usage

Installation Guide

Configuring Go-lang

• ReconFTW requires go1.14+ to install successfully.
  If not installed follow the steps below.

From Binary

 wget https://golang.org/dl/go1.15.7.linux-amd64.tar.gz
 tar -C /usr/local -xzf go1.15.7.linux-amd64.tar.gz

Configuring $PATH

Add the following lines in your .bashrc/,.zshrc/

export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH

Clone reconFTW repository

 git clone https://github.com/six2dez/reconftw.git
 cd reconFTW
 chmod +x *.sh
 ./install.sh

---

Post Installation Guide

Amass Config

You will need a config file to use your API keys with Amass.
See the Example Configuration File for more details.

Operating System	Path
Linux / Unix	$HOME/.config/amass/config.ini

Subfinder Config

Subfinder to work with certain services, you will need to have setup API keys

Operating System	Path
Linux / Unix	$HOME/.config/subfinder/config.yaml

Git-hound Config

Create a ~/.githound/config.yml with your GitHub username and password. Optionally, include your 2FA TOTP seed.
See config.example.yml.

# Required
github_username: reconFTW
github_password: password
# Optional
#github_totp_seed: ABCDEF1234567890 # Obtained via https://github.com/settings/two_factor_authentication/verify

Favup Config

Run the following command
shodan init [Your-API-Key]

Github-endpoints.py

Searching on GitHub for extra-subdomains, relative URL's require a GitHub token.
Include a variable called GITHUB_TOKEN containing your GitHub token in your terminals configuration file(.bashrc/.zshrc/../../../)
Eg: GITHUB_TOKEN=XXXXXXXXXXXXXXX

Blind XSS Server

Script includes a tool called Dalfox which requires a server for detection.
Creating an account on XSS Hunter,will provide you with your own personalized server. Store your personal server into an environment variable in your terminal's configuration file(.bashrc/.zshrc/../../../)
Eg: XSS_SERVER=<username>.xss.ht

SSRF Server

To get inbound requests for finding potential SSRF its necessary to setup your own COLLAB_SERVER
Services for setting up SSRF Server:-

1. Webhook
2. RequestCatcher
3. Canarytokens

Eg:COLLAB_SERVER=XXXXXXXXXX

Configure AWS-CLI

To check the ACL permissions for Amazon S3 Bucket its necessary to configure aws-cli.
Get your AWS Access & Secret Key ID from here

aws configure

Docker

Build image

Use the following command to build the image:

$ docker build -t reconftw/reconftw .

Docker usage

More info and examples are available in the inline help:

docker run --rm reconftw/reconftw -h

Full scan:

docker run --rm reconftw/reconftw -d target.tld -a

When using a list of targets, load it into the container using volumes. For example:

docker run -it --rm -v $PWD/targets.txt:/app/targets.txt reconftw/reconftw -l /app/targets.txt -a