v2.9

Highlights

• API leak checks SwaggerSpy and porch-pirate
• 3rd parties misconfigs with misconfig-mapper
• JS sourcemaps check with sourcemapper and jsluice
• IP geolocation info
• oshi.at for sending huge results zip files
• Improved trufflehog detection
• Updated mind map
• IIS short names added
• Password leaks with LeakSearch
• PPfuzz replaced by ppmap
• Brutespray and nomore403 updated
• Nucleus fuzzing parameters
• Added p1radup

What's Changed

• fix apileaks by @six2dez in #813
• swaggerspy fix by @six2dez in #814
• swaggerspy output by @six2dez in #816
• Fix capitalization Mantra -> mantra by @kleozzy in #820
• Fix Apileak paths by @kleozzy in #822
• Dev by @six2dez in #823
• Dev by @six2dez in #825
• trufflehog arguments fix by @six2dez in #826
• Dev by @six2dez in #830
• fix geoinfo - git update - web mode by @six2dez in #832
• Dev by @six2dez in #834
• comment by @six2dez in #835
• Dev by @six2dez in #840
• Merge 20240227 by @rt-bast in #838
• Dev by @six2dez in #841
• Fix installer by @six2dez in #843
• push wapiti installer by @six2dez in #844
• Dev by @six2dez in #847
• Dev by @six2dez in #848
• final fix? maybe by @six2dez in #849
• Tool installation fixes mainly by @kleozzy in #853
• Fix brutespray Calling by @kleozzy in #860
• Dev by @six2dez in #861
• Fix nuclei fuzzing by @kleozzy in #862
• fix iis shortname scanner dir creations by @kleozzy in #864
• Optimize vuln scan speed and efficiency by @kleozzy in #866
• fix the fuzzparams function with the -fuzz flag by @j0hnZ3RA in #865
• Dev by @six2dez in #867
• Alot of fixes + ffufpostprocessing by @kleozzy in #868
• Add soft flag for p1radup to allow same host different path by @kleozzy in #869
• Detecting arm systems that are not RPIs by @Marmeus in #870
• Dev by @six2dez in #872
• fix 3rd parties var by @six2dez in #874
• transfer.sh replaced with oshi.at by @six2dez in #875
• Fix filename for oshi by @six2dez in #876
• Dev by @six2dez in #882

New Contributors

• @rt-bast made their first contribution in #838
• @j0hnZ3RA made their first contribution in #865
• @Marmeus made their first contribution in #870

Full Changelog: v2.8.1...v2.9

v2.8.1

• Gf potential removed
• New API leaks search included
• Fix for dontgo403
• Fix for smuggler

v2.8

Main changes

• Removed web interface
• Added postman search
• Replaced byp4xx with dontgo403

What's Changed

• Update requirements.txt by @six2dez in #791
• Update reconftw.sh by @six2dez in #794
• Ip geo_info (from dev) by @lorenzocamilli in #801
• Shodan vulns and ports by @lorenzocamilli in #802
• Patch 1 by @Kr1shna4garwal in #803
• Fix Mantra is not found by @abdilahrf in #804
• Update install.sh by @six2dez in #806
• Update reconftw.sh by @six2dez in #807
• Dev by @six2dez in #809

New Contributors

• @lorenzocamilli made their first contribution in #801
• @Kr1shna4garwal made their first contribution in #803
• @abdilahrf made their first contribution in #804

Full Changelog: v2.7.1.1...v2.8

v2.7.1.1

What's Changed

• fix regex by @six2dez in #787

Full Changelog: v2.7.1...v2.7.1.1

v2.7.1

Highlights

• Security controls for tampered CSP/domains entries
• Removed subgpt as it no longer works
• Print nuclei results with axiom
• Added postleaksNG
• Option to update tools before running the tool
• Added custom nuclei templates path option
• Installer improvements

What's Changed

• Output msgs by @six2dez in #729
• Dev by @six2dez in #730
• update banners by @six2dez in #731
• Fix banners and dir creation by @six2dez in #732
• Add backup feature projects.html by @ddaniboy in #735
• Add backup feature views.py by @ddaniboy in #736
• add backup feature urls.py by @ddaniboy in #737
• Add CodeQL workflow by @jorgectf in #738
• Fix list scan feature front-end by @ddaniboy in #741
• Fix list scan feature back-end by @d3vchac in #742
• Dev by @six2dez in #743
• Dev by @six2dez in #745
• sigle scan feature fix by @ddaniboy in #746
• Dev by @six2dez in #753
• Dev by @six2dez in #754
• Added --auto to script by @lwears in #755
• Dev by @six2dez in #757
• fix installer by @six2dez in #758
• update style for upload image by @AlishahMughal123 in #756
• Update reconftw.sh by @gowthamaraj in #767
• Dev by @six2dez in #772
• Fixed urless installation check by @nicola-pesavento in #774
• Dev by @six2dez in #779
• Fix hostname on web server by @six2dez in #780
• infoga final remove by @six2dez in #781
• Improving custom mode by @six2dez in #782
• Dev by @six2dez in #785

New Contributors

• @lwears made their first contribution in #755
• @AlishahMughal123 made their first contribution in #756
• @gowthamaraj made their first contribution in #767
• @nicola-pesavento made their first contribution in #774

Full Changelog: v2.7...v2.7.1

v2.7

Highlights

• Removed unimap
• Improved GH repos scan, Trufflehog + gitleaks
• Added Mantra for JS secrets
• Removed bbrf
• New random banner by @720922
• Better and improved web fuzzing
• crt replaces ctfr
• web server fixes
• vulners replaces searchsploit
• Shellcheck compliant
• Preparing to move to MIT license
• Timeout fixes
• Dynamic gowitness timeout
• Added nuclei fuzzing templates on vulns_check

What's Changed

• Add credit on subdomain wordlist by @n0kovo in #680
• fixed an error for url_check function with axiom by @Cyberkid02 in #682
• Dev by @six2dez in #683
• fix web installer by @six2dez in #684
• Fixes for webUI installation and setting up by @six2dez in #686
• Python3.10 requirement by @six2dez in #688
• amass latest version by @six2dez in #690
• Update Dockerfile to install all reconFTW tool by @sam5epi0l in #695
• Huge ton of small fixes by @six2dez in #700
• docs(readme): refactor documentation for reconFTW and Terraform/Ansible by @AnonymousWP in #701
• If-else by @d3vchac in #702
• Dev by @six2dez in #705
• Fix screenshots_f2db by @d3vchac in #706
• docs(readme): improve Docker documentation by @AnonymousWP in #707
• Fix Error DisallowedHost at / Invalid HTTP_Host Header by @pikpikcu in #708
• Dev by @six2dez in #709
• Dev by @six2dez in #710
• Dev by @six2dez in #712
• Dev by @six2dez in #716
• gowitness flags by @six2dez in #717
• Implemented Randomized Banner Output by @720922 in #718
• Fix timeout -k implementation error by @N1CK5V in #725
• remove The Harvester from API Keys by @ddaniboy in #726
• Dev by @six2dez in #727

New Contributors

• @n0kovo made their first contribution in #680
• @Cyberkid02 made their first contribution in #682
• @sam5epi0l made their first contribution in #695
• @AnonymousWP made their first contribution in #701
• @d3vchac made their first contribution in #702
• @pikpikcu made their first contribution in #708
• @N1CK5V made their first contribution in #725

Full Changelog: v2.6...v2.7

v2.6

Highlights

• Added @n0kovo subdomain wordlist for DEEP mode, dropped assetnore's best_dns_wordlist
• Back to interlace, dropped rush
• Back to @lc gau as default passive url collector, only for deep mode for performance reasons
• Added @r0oth3x49 ghauri as option for deep sqli
• Added @hakluke hakip2host instead of dnsx for PTR lookup
• 100K (or even more) different fixes
• Removed theHarvester, h8mail and pwndb as they never work, I have a replacement in the backlog ;)
• Fixed JSA with interlace from @gprime31
• THE WEB INTERFAAAAAAAAACE @lur1el @d3vchac @ddaniboy

What's Changed

• Katana replacing gospider by @six2dez in #653
• feat/makefile by @nicoandmee in #652
• Makefile by @six2dez in #654
• fix(deleteoutscoped): if string is not null by @osxtest in #656
• Dev by @six2dez in #658
• fixed by @six2dez in #661
• Dev by @six2dez in #662
• ReconFTW Web Interface by @lur1el in #665
• Update install_webserver by @ddaniboy in #667
• Six2dez patch 1 by @six2dez in #678
• v2.6 by @six2dez in #679

New Contributors

• @lur1el made their first contribution in #665
• @ddaniboy made their first contribution in #667

Full Changelog: v2.5.2...v2.6

v2.5.2

Highlights

• coming back to Trickest resolvers
• waymore now replaces waybackurls and gau
• Added gitlab-subdomains
• Usage of new ffuf hashmap feature for ssrf detection
• amass freezed version on v3.20.0
• Added byp4xx
• Fixes on send2zip
• urless on js extraction

What's Changed

• a typo by @ab2pentest in #630
• Dev by @six2dez in #631
• fix amass by @six2dez in #632
• Fix params by @six2dez in #633
• fix nuclei by @six2dez in #635
• sendtozip fixed by @six2dez in #637
• Added sudo file instructions to the main README.md file by @kleozzy in #640
• refactor: unused entry for git repository install section by @kharaone in #642
• refactor: add urless for js/url_extract_js.txt by @osxtest in #646
• refactor: numeric sort fuzzing_full.txt by @osxtest in #645
• Dev by @six2dez in #647

New Contributors

• @kleozzy made their first contribution in #640
• @kharaone made their first contribution in #642
• @osxtest made their first contribution in #646

Full Changelog: v2.5.1...v2.5.2

v2.5.1

What's Changed

• Update to resolver patch by @0x10f2c in #604
• Dev by @six2dez in #605
• Resolvers update by @six2dez in #606
• Fixing urless by @ab2pentest in #626
• ExploitDB was moved to gitlab by @ab2pentest in #625
• Dev by @six2dez in #628
• Fix resolvers by @six2dez in #629

New Contributors

• @0x10f2c made their first contribution in #604

Full Changelog: v2.5...v2.5.1

v2.5

Highlights

• Improved send results over notify
• JS secrets detection moved to cfg
• Fixes on inscope, resolvers, NOERROR subdomain discovery, web fuzzing, ripgen in Docker, ipcdn, MacOS installation,
• HTTP Request Smuggling check
• Web cache poisoning check
• Subfinder added

What's Changed

• Dev by @six2dez in #576
• Update by @six2dez in #580
• broken links fix by @six2dez in #585
• Fixes, fixes everywhere by @six2dez in #586
• Use notify directly for zip file uploads by @nicoandmee in #582
• Dev by @six2dez in #589
• nuclei flags for JS secrets detection moved to cfg by @six2dez in #590
• Added HTTP Request Smuggling by @six2dez in #591
• Web cache poisoning added by @six2dez in #592
• Fix ripgen not installed in Docker container by @frost19k in #594
• harden bash variable use in install script by @marado in #593
• Dev by @six2dez in #595
• Hotfixes by @six2dez in #598
• fix debug by @six2dez in #600
• feat: support custom output path in notify flow by @nicoandmee in #602
• Dev by @six2dez in #603

New Contributors

• @marado made their first contribution in #593

Full Changelog: v2.4...v2.5