Suggestions !! about finalrecon HOT 16 OPEN

@attacker34 facebook developer api added, update to v1.0.4, you will see a new directory : conf inside it you will see keys.json add your auth token there and test :)

from finalrecon.

https://github.com/thewhiteh4t/FinalRecon#configuration

from finalrecon.

@attacker34 Wayback machine integrated in crawler and directory search module, pulls data from last 1 year, please update to v1.0.6

from finalrecon.

Sure, I will test fprobe and analyse the ouput quality

from finalrecon.

@chestervdb this is a nice tool, currently finalrecon only looks for urls in javascripts, api keys etc would be really nice, i dont intend to add another tool in finalrecon but i can definitely implement it 👍

from finalrecon.

Great! I will try and implement these in next update, my goal for APIs was to include ones which don't need an auth key, I can add others which require keys if they really add value to the tool

from finalrecon.

Hi @thewhiteh4t Agree with you ... Yes, these services will surely add more value to this amazing tool, adding more results... You can ask the user to add "API Keys" instead of giving it your own API Keys (as findomain or other tools are doing). This Will surely become best ever Tool with these Enhancements.

One more thing to add here.. ffuf is amazing tool.. You can just feed the subdomains list to it against word list for Directory Bruteforcing.

Thanks again !!

from finalrecon.

Yes that's a better way to implement it, please compare my implementation of directory searching with fuff, what is missing in my implementation? Also is fuff better than gobuster and lulzbuster?

from finalrecon.

Hi @thewhiteh4t I am only suggesting ffuf due to its multiple features which you can see on their documentation & its specially good when we wanna directory bruteforce "list of domains"..
On other hand, gobuster & lulzbuster can't work well with list of domains i think and they also not have multiple options to be tested against.

Sincerely,

from finalrecon.

Alright, thanks a lot, I will look into it and will do some testing too!

from finalrecon.

@attacker34 do you have pro api of spyse?
with free version we cannot get more than 100 results,

{"error":{"code":"validation_error","message":"validation error","errors":[{"code":"max","location":"limit","message":"limit must be 100 or less"}]}}

if you have pro api, can you tell me how many subdomain results you are getting for google.com

from finalrecon.

We are already getting a lot of subdomains from free sources and facebook api unlike spyse

from finalrecon.

Hi @thewhiteh4t that's great... Now, In order to get more Good results you can attach it with "fprobe" for displaying only alive links..

https://github.com/theblackturtle/fprobe

With ./waybackurls we get a ton of data which can include dead links.

./waybackurls example.com > output.txt | ./fprobe -c 200

from finalrecon.

@attacker34 thanks! That will be very useful and it's easy to implement without even using fprobe or any other tool, will update soon

from finalrecon.

Hi @thewhiteh4t Great.. But try to display the Content size of Response...

from finalrecon.

Is it possible to include a secret finder (e,g, https://github.com/m4ll0k/SecretFinder) in the tool?

from finalrecon.