1HᗩᑕK's 2 BIG AD Space for rent! Click here for more details.

 $20 for x1 ad slot with over a Million page views per month! Only x5 slots are available - for booking contact below.

@TheJoker or email at [email protected]

Reconftw | Simple Script For Full Recon

This is a simple script intended to perform a full recon on an objective with multiple subdomains

tl;dr

  • Requires Go
  • Run ./install.sh before first run (apt, rpm, pacman compatible)
git clone https://github.com/six2dez/reconftwcd reconftwchmod +x *.sh./install.sh./reconftw.sh -d target.com -a

Features

  • Tools checker
  • Google Dorks (based on deggogle_hunter)
  • Subdomain enumeration (passive, resolution, bruteforce and permutations)
  • Sub TKO (subjack and nuclei)
  • Web Prober (httpx)
  • Web screenshot (aquatone)
  • Template scanner (nuclei)
  • Port Scanner (naabu)
  • Url extraction (waybackurls, gau, hakrawler, github-endpoints)
  • Pattern Search (gf and gf-patterns)
  • Param discovery (paramspider and arjun)
  • XSS (Gxss and dalfox)
  • Github Check (git-hound)
  • Favicon Real IP (fav-up)
  • JS Checks (LinkFinder, SecretFinder, scripts from JSFScan)
  • Fuzzing (ffuf)
  • Cors (Corsy)
  • SSL Check (testssl)
  • Interlace integration
  • Custom output folder (default under Recon/target.com/)
  • Run standalone steps (subdomains, subtko, web, gdorks…)
  • Polished installer compatible with most distros

Mindmap/Workflow

image

Requirements

  • Golang > 1.14 installed and env vars correctly set ($GOPATH,$GOROOT)
  • Run ./install.sh

Installer is provided as is. Nobody knows your system better than you, so nobody can debug your system better than you. If you are experiencing some issues with the installer script I can help you out, but keep in mind that is not my main priority.

  • It is highly recommended, and in some cases essential, set your api keys:
    • amass (~/.config/amass/config.ini)
    • subfinder (~/.config/subfinder/config.yaml)
    • git-hound (~/.githound/config.yml)
    • github-endpoints.py (GITHUB_TOKEN env var)
    • favup (shodan init SHODANPAIDAPIKEY)
  • This script uses dalfox with blind-xss option, you must change to your own server, check xsshunter.com.

Usage examples

Full scan:

./reconftw.sh -d target.com -a

Subdomains scan:

./reconftw.sh -d target.com -s

Web scan (target list required):

./reconftw.sh -d target.com -l targets.txt -w

Dorks:

./reconftw.sh -d target.com -g

Improvement plan:

  • Notification support (Slack, Discord and Telegram)
  • CMS tools (wpscan, drupwn/droopescan, joomscan)
  • Add menu option for every feature
  • Any other interesting suggestion
  • Open Redirect with Oralyzer
  • Enhance this Readme
  • Customize output folder
  • Interlace usage
  • Crawler
  • SubDomainizer
  • Install script
  • Apt,rpm,pacman compatible installer

Thanks

For their great feedback, support, help or for nothing special but well deserved:

GitHub:

2 Likes
Friendly Websites

https://igg-games.com/ https://pcgamestorrents.com/ https://pirateiro.com/ ettvdl.com https://dodi-repacks.site/ https://crackingpatching.com/ https://glodls.to/ https://prostylex.org/ https://haxnode.com/ https://freedownloadae.com/ https://www.novahax.com/ https://www.sadeempc.com/ freecoursesonline.me ftuapps.dev