-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Home
- ReconFTW requires go1.14+ to install successfully.
If not installed follow the steps below.
wget https://golang.org/dl/go1.15.7.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.15.7.linux-amd64.tar.gzAdd the following lines in your .bashrc/,.zshrc/
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATH git clone https://github.com/six2dez/reconftw.git
cd reconFTW
chmod +x *.sh
./install.shYou will need a config file to use your API keys with Amass.
See the Example Configuration File for more details.
| Operating System | Path |
|---|---|
| Linux / Unix | $HOME/.config/amass/config.ini |
Subfinder to work with certain services, you will need to have setup API keys
| Operating System | Path |
|---|---|
| Linux / Unix | $HOME/.config/subfinder/config.yaml |
Create a ~/.githound/config.yml with your GitHub username and password. Optionally, include your 2FA TOTP seed.
See config.example.yml.
# Required
github_username: reconFTW
github_password: password
# Optional
#github_totp_seed: ABCDEF1234567890 # Obtained via https://github.com/settings/two_factor_authentication/verify
Run the following command
shodan init [Your-API-Key]
Searching on GitHub for extra-subdomains, relative URL's require a GitHub token.
Include a variable called GITHUB_TOKEN containing your GitHub token in your terminals configuration file(.bashrc/.zshrc/../../../)
Eg: GITHUB_TOKEN=XXXXXXXXXXXXXXX
Script includes a tool called Dalfox which requires a server for detection.
Creating an account on XSS Hunter,will provide you with your own personalized server.
Store your personal server into an environment variable in your terminal's configuration file(.bashrc/.zshrc/../../../)
Eg: XSS_SERVER=<username>.xss.ht
To get inbound requests for finding potential SSRF its necessary to setup your own COLLAB_SERVER
Services for setting up SSRF Server:-
Eg:COLLAB_SERVER=XXXXXXXXXX
To check the ACL permissions for Amazon S3 Bucket its necessary to configure aws-cli.
Get your AWS Access & Secret Key ID from here
aws configure
I recommend running the Docker container with the --rm parameter when using reconftw as a CLI tool, which will remove the container after finishing its execution.
Full scan:
$ docker run -it --rm reconftw/reconftw -d example.com -a
Subdomains scan:
$ docker run -it --rm reconftw/reconftw -d example.com -s
Web scan:
$ docker run -it --rm reconftw/reconftw -d example.com -w
Dorks:
$ docker run -it --rm reconftw/reconftw -d example.com -g
When using a list of targets, load it into the container using volumes. For example:
$ docker run -it --rm -v $PWD/targets.txt:/app/targets.txt reconftw/reconftw -l /app/targets.txt -a
More info and examples are available in the inline help:
$ docker run --rm reconftw/reconftw
Use the following command to build the image with the latest tag:
$ docker build -t reconftw/reconftw .
It will fetch from the source code repository the release version specified in the RECONFTW_VERSION variable inside the Dockerfile. In case you want to build a different version, browse the available releases from https://github.com/six2dez/reconftw/releases and then use this command:
$ docker build --build-arg RECONFTW_VERSION=<release> -t reconftw/reconftw:<release> .
If you want to build the bleeding edge code, use main as value for the RECONFTW_VERSION variable in the previous command.