-
-
Notifications
You must be signed in to change notification settings - Fork 1.1k
Home
- ReconFTW requires go1.14+ to install successfully.
If not installed follow the steps below.
wget https://golang.org/dl/go1.15.7.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.15.7.linux-amd64.tar.gzAdd the following lines in your .bashrc , .zshrc
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$PATHgit clone https://github.com/six2dez/reconftw.git
cd reconftw
chmod +x *.sh
./install.shYou will need a config file to use your API keys with Amass.
See the Example Configuration File for more details.
| Operating System | Path |
|---|---|
| Linux / Unix | $HOME/.config/amass/config.ini |
Subfinder to work with certain services, you will need to have setup API keys
| Operating System | Path |
|---|---|
| Linux / Unix | $HOME/.config/subfinder/config.yaml |
Create a ~/Tools/.github_tokens file with your tokens, 1 per line. Recommended > 5, see how to create here.
Run the following command
shodan init [Your-API-Key]
Script includes a tool called XSStrike which can use a server for detection (optional).
Creating an account on XSS Hunter, will provide you with your own personalized server.
Store your personal server into an environment variable in your terminal's configuration file(.bashrc/.zshrc/../../../)
Eg: XSS_SERVER=<username>.xss.ht
To get inbound requests for finding potential SSRF its necessary to setup your own COLLAB_SERVER
- Services for setting up SSRF Server:
- Webhook
- RequestCatcher
- Canarytokens
- Burp Collaborator server
Eg:COLLAB_SERVER=XXXXXXXXXX
Use the following command to build the image:
docker build -t reconftw/reconftw .
More info and examples are available in the inline help:
docker run --rm reconftw/reconftw -h
Full scan:
docker run --rm reconftw/reconftw -d target.tld -a
When using a list of targets, load it into the container using volumes. For example:
docker run -it --rm -v $PWD/targets.txt:/app/targets.txt reconftw/reconftw -l /app/targets.txt -a