six2dez / reconftw Goto Github PK
View Code? Open in Web Editor NEWreconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
License: MIT License
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
License: MIT License
Subdomain enumeration is so time consuming.
A progress bar can tell the user that things are moving.
yum is called under ubuntu 20.04 and this call is caused by
test -f /etc/os-release && install_yum
Is the first check of yum not enough ?
test -f /etc/redhat-release && install_yum
all_requirements.txt now is downloaded.
It must be included in the project to be more maintainable and everyone can pull request if if something go wrong.
The function will show that all go tools are not installed if the $HOME/go/bin is not exported in $PATH. Which will be confusing for users and this will make a doubt in the install.sh script.
I suggest to export the go/bin to $path automatically in the reconftw.sh or adding it permanently in the system via install.sh
In subdomain takeover section, run autosubtakeover before subjack
The -insecure option in hakrawler is disabled.
so the line bellow will fail:
cat ${domain}_probed.txt | hakrawler -depth 2 -scope subs -insecure -plain | anew -q ${domain}_url_extract.txt
My hakrawler version is: beta11
/informationGathering/reconftw$ hakrawler -v
beta11
So you need to delete the -insecure option or install hakrawler with -insecure option activated.
Error in ssrf.py path. It must be; $tools/ssrf.py
ssrf_checks(){
...
eval cat ${domain}_ssrf.txt $DEBUG_ERROR | eval python3 ssrf.py $COLLAB_SERVER > ${domain}_ssrf_confirmed.txt $DEBUG_STD
...
Manual implementation or https://github.com/MichaelStott/CRLF-Injection-Scanner
Add CMS checks for the well known: WP, Drupal, Joomla
man strip
Nice and easily readable final html report
Search dalfox replacement, maybe xsstrike
The start function called 2 times which cause a generation of Recon\target.com\Recon\target.com
all(){
start
if [ -n "$list" ]
then
...
else
start
dir generation caused by:
dir=$PWD/Recon/$domain
mkdir -p $dir
I suggest to protect those calls: checking the existance of the output dir before the call of mkdir and not use $PWD.
There is a copy paste issue in the favicon funtion.
It must be :
favicon(){
...
printf "${bblue}\n FavIcon Hash Extraction Finished in ${runtime} secs\n"
}
insteed of:
favicon(){
...
printf "${bblue}\n GitHub Scanning Finished in ${runtime} secs\n"
}
Ut test script will help to test every feature and make soft stable and check for regression bugs..
Quality ๐
Describe the bug
SecretFinder open new browser tab for every finding
To Reproduce
Expected behavior
Desktop (please complete the following information):
A notification to slack,discord,tg, or any other platform would be help full.
Merge install and update scripts in one, let's say "tools.sh". It will install the tools if not installed or update if exist.
User can add his own outofScope.txt list, an option must be added.
Dear Six2dez,
the installation script doesn't in KALI or ParrotOS fresh installed, nor updated.
Best regards,
Adding the in scope subdomains but not discovered by the reconFTW
It takes a lot of time, thinking something more "manual" for JS subdomain scraping
JSScanner plus grep
After any task spent time is printed out.
This time in seconds.
This is not so readable.
Lets print it in other format: HH:MM:SS
And hoping HH is always = 00 :)
Metadata Checks implementation with pymeta
Performance options to avoid net overload (soft, default, hard)
Defining a new flag for this, will add some vars which defines threads for tools like shuffledns, httpx, interlace, ffuf...
Go is needed by several used tools. So it is better to install it automatically if it not installed yet.
Create issues templates for bugs, ideas, new features, etc
Minimum: working
Desirable: Alpine Linux minimal image
out of scope domains must be excluded to improve the execution time of the rest of tools.
Installer must generate or download default config files for subfinder and amass (at least)
Describe the bug
Hey there, currently having issues with the latest pull of the install script. I am running this on Kali 2020.4 as root with the GOPATH / GOROOT path as seen in the screenshot below. During install, I get an error message:
Using /usr/local/lib/python3.9/dist-packages/EditorConfig-0.12.3-py3.9.egg
Finished processing dependencies for LinkFinder==1.0
Traceback (most recent call last):
File "/root/Tools/pymeta/setup.py", line 3, in <module>
with open("README.md", "r") as fh:
FileNotFoundError: [Errno 2] No such file or directory: 'README.md
And left with a bunch of tools uninstalled. While I understand the README.md says installer is as is, I did not have this error message on a pull I did last week of this app. Any help would be much appreciated as to what I am missing. Thank you!
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Tools being installed when running the install script.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Look an alternative for git-hound, maybe GitGraber or truffleHog works
Given text files by user as parameter shall be checked and validated as real ASCII text.
file ~/Tools/list.txt
list.txt: ASCII text
Lot of duplicated urls caused by missing anew command.
cat ${domain}_url_extract.txt | subjs >> ${domain}_jsfile_links.txt;
It suggest to edit it to:
cat ${domain}_url_extract.txt | subjs | anew -q ${domain}_jsfile_links.txt;
The options handling must be less complex and more maintainable.
which sudo will return always the some value.
to check if user is root is better to:
if( id -u == 0 )
then
SUDO = sudo
else
SUDO = " "
if root no need to call sudo/
If any tool owner provide a compiled binary, the install script can be enhanced .
Update Golang using update.sh
Full scope (-fs): allows anything from cidr, ASN, crtsh.
Deep scan (--deep?): Allows JS sub scraping, deep crtsh scan, Js scanner and performs attacks (xss, open redirects, ssrf) over all the urls no matter size. This requires the default option not perform this actions and attacks only against short lists.
Only passive actions (-ps or ....?), no interaction with target, like passive info gathering mode, no dns resolution for subdomains, urls obtained only from gau and wayback, no crawler, no port scan ('port scan' with shodan is passive).
Run the tool and inform only for new discoveries comparing with the existing files.
Like "Old scan detected", then results will be "3 new subdomains added".
Beware, it may interfere with resume run support added in c78d862
please make a docker image.. this install is so problematic
Slack, Discord and Telegram with slackcat, notify.sh or any other
Now only functions spent time is printed.
Users (at least me) want to know the spent time of all the recon process.
This value must be printed even if the user cancelled the reon process (the script receive a kill signal )
rename file.
change the name in install.sh and update.sh
There is an error in the output file, it seems to copied from testssl and not edited.
${domain}_testssl.txt
open_redirect(){
printf "${bblue} Results are saved in ${domain}_testssl.txt ${reset}\n"
}
ssrf_checks(){
printf "${bblue} Results are saved in ${domain}_testssl.txt ${reset}\n"
}
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.