-
-
Notifications
You must be signed in to change notification settings - Fork 924
1. Post Installation Guide
Bilel Eljaamii edited this page Aug 30, 2023
·
12 revisions
- Through
reconftw.cfgfile the whole execution of the tool can be controlled. - Hunters can set various scanning modes, execution preferences, tools config files, APIs/TOKENS, personalized wordlists, threads, headers, cookies etc.
👉Click here to view default config file👈
#################################################################
# reconFTW config file #
#################################################################
# General values
tools=~/Tools
SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
profile_shell=".$(basename $(echo $SHELL))rc"
reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags)
generate_resolvers=false
proxy_url="http://127.0.0.1:8080/"
#dir_output=/custom/output/path
# Golang Vars (Comment or change on your own)
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
# Tools config files
#NOTIFY_CONFIG=~/.config/notify/provider-config.yaml # No need to define
AMASS_CONFIG=~/.config/amass/config.ini
GITHUB_TOKENS=${tools}/.github_tokens
#CUSTOM_CONFIG=custom_config_path.txt # In case you use a custom config file, uncomment this line and set your files path
# APIs/TOKENS - Uncomment the lines you want removing the '#' at the beginning of the line
#SHODAN_API_KEY="XXXXXXXXXXXXX"
#WHOISXML_API="XXXXXXXXXX"
#XSS_SERVER="XXXXXXXXXXXXXXXXX"
#COLLAB_SERVER="XXXXXXXXXXXXXXXXX"
#slack_channel="XXXXXXXX"
#slack_auth="xoXX-XXX-XXX-XXX"
# File descriptors
DEBUG_STD="&>/dev/null"
DEBUG_ERROR="2>/dev/null"
# Osint
OSINT=true
GOOGLE_DORKS=true
GITHUB_DORKS=true
METADATA=true
EMAILS=true
DOMAIN_INFO=true
IP_INFO=true
METAFINDER_LIMIT=20 # Max 250
# Subdomains
SUBDOMAINS_GENERAL=true
SUBPASSIVE=true
SUBCRT=true
SUBANALYTICS=true
SUBBRUTE=true
SUBSCRAPING=true
SUBPERMUTE=true
SUBTAKEOVER=true
SUBRECURSIVE=true
SUB_RECURSIVE_PASSIVE=false # Uses a lot of API keys queries
SUB_RECURSIVE_BRUTE=false # Needs big disk space and time to resolve
ZONETRANSFER=true
S3BUCKETS=true
REVERSE_IP=false
TLS_PORTS="21,22,25,80,110,135,143,261,271,324,443,448,465,563,614,631,636,664,684,695,832,853,854,990,993,989,990,992,993,994,995,1129,1131,1184,2083,2087,2089,2096,2221,2252,2376,2381,2478,2479,2482,2484,2679,2762,3077,3078,3183,3191,3220,3269,3306,3410,3424,3471,3496,3509,3529,3539,3535,3660,36611,3713,3747,3766,3864,3885,3995,3896,4031,4036,4062,4064,4081,4083,4116,4335,4336,4536,4590,4740,4843,4843,4849,5443,5007,5061,5321,5349,5671,5783,5868,5986,5989,5990,6209,6251,6443,6513,6514,6619,6697,6771,6697,7202,7443,7673,7674,7677,7775,8243,8443,8991,8989,9089,9295,9318,9443,9444,9614,9802,10161,10162,11751,12013,12109,14143,15002,16995,41230,16993,20003"
# Web detection
WEBPROBESIMPLE=true
WEBPROBEFULL=true
WEBSCREENSHOT=true
VIRTUALHOSTS=true
UNCOMMON_PORTS_WEB="81,300,591,593,832,981,1010,1311,1099,2082,2095,2096,2480,3000,3128,3333,4243,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7396,7474,8000,8001,8008,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8834,8880,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,11371,12443,15672,16080,17778,18091,18092,20720,32000,55440,55672"
# You can change to aquatone if gowitness fails, comment the one you don't want
AXIOM_SCREENSHOT_MODULE=webscreenshot # Choose between aquatone,gowitness,webscreenshot
# Host
FAVICON=true
PORTSCANNER=true
PORTSCAN_PASSIVE=true
PORTSCAN_ACTIVE=true
CDN_IP=true
# Web analysis
WAF_DETECTION=true
NUCLEICHECK=true
NUCLEI_SEVERITY="info,low,medium,high,critical"
URL_CHECK=true
URL_GF=true
URL_EXT=true
JSCHECKS=true
FUZZ=true
CMS_SCANNER=true
WORDLIST=true
ROBOTSWORDLIST=true
PASSWORD_DICT=true
PASSWORD_MIN_LENGTH=5
PASSWORD_MAX_LENGTH=14
# Vulns
VULNS_GENERAL=false
XSS=true
CORS=true
TEST_SSL=true
OPEN_REDIRECT=true
SSRF_CHECKS=true
CRLF_CHECKS=true
LFI=true
SSTI=true
SQLI=true
BROKENLINKS=true
SPRAY=true
COMM_INJ=true
PROTO_POLLUTION=true
# Extra features
NOTIFICATION=false # Notification for every function
SOFT_NOTIFICATION=false # Only for start/end
DEEP=false
DEEP_LIMIT=500
DEEP_LIMIT2=1500
DIFF=false
REMOVETMP=false
REMOVELOG=false
PROXY=false
SENDZIPNOTIFY=false
PRESERVE=true # set to true to avoid deleting the .called_fn files on really large scans
FFUF_FLAGS="-mc all -fc 404 -ac -sf -s"
# HTTP options
HEADER="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0"
# Threads
FFUF_THREADS=40
HTTPX_THREADS=50
HTTPX_UNCOMMONPORTS_THREADS=100
GOSPIDER_THREADS=20
BRUTESPRAY_THREADS=20
BRUTESPRAY_CONCURRENCE=10
GAUPLUS_THREADS=10
DNSTAKE_THREADS=100
DALFOX_THREADS=200
PUREDNS_PUBLIC_LIMIT=0 # Set between 2000 - 10000 if your router blows up, 0 is unlimited
PUREDNS_TRUSTED_LIMIT=400
PUREDNS_WILDCARDTEST_LIMIT=30
PUREDNS_WILDCARDBATCH_LIMIT=1500000
WEBSCREENSHOT_THREADS=200
GOWITNESS_THREADS=8
RESOLVE_DOMAINS_THREADS=150
PPFUZZ_THREADS=30
DNSVALIDATOR_THREADS=200
INTERLACE_THREADS=10
CERO_THREADS=1000
# Timeouts
CMSSCAN_TIMEOUT=3600
FFUF_MAXTIME=900 # Seconds
HTTPX_TIMEOUT=10 # Seconds
HTTPX_UNCOMMONPORTS_TIMEOUT=10 # Seconds
# lists
fuzz_wordlist=${tools}/fuzz_wordlist.txt
lfi_wordlist=${tools}/lfi_wordlist.txt
ssti_wordlist=${tools}/ssti_wordlist.txt
subs_wordlist=${tools}/subdomains.txt
subs_wordlist_big=${tools}/subdomains_big.txt
resolvers=${tools}/resolvers.txt
resolvers_trusted=${tools}/resolvers_trusted.txt
# Axiom Fleet
# Will not start a new fleet if one exist w/ same name and size (or larger)
# AXIOM=false Uncomment only to overwrite command line flags
AXIOM_FLEET_LAUNCH=false
AXIOM_FLEET_NAME="reconFTW"
AXIOM_FLEET_COUNT=5
AXIOM_FLEET_REGIONS="eu-central"
AXIOM_FLEET_SHUTDOWN=true
# This is a script on your reconftw host that might prep things your way...
#AXIOM_POST_START="~/Tools/axiom_config.sh"
AXIOM_EXTRA_ARGS="" # Leave empty if you don't want to add extra arguments
#AXIOM_EXTRA_ARGS="--rm-logs" # Example
# BBRF
BBRF_CONNECTION=false
BBRF_SERVER=https://demo.bbrf.me/bbrf
BBRF_USERNAME="user"
BBRF_PASSWORD="password"
# TERM COLORS
bred='\033[1;31m'
bblue='\033[1;34m'
bgreen='\033[1;32m'
byellow='\033[1;33m'
red='\033[0;31m'
blue='\033[0;34m'
green='\033[0;32m'
yellow='\033[0;33m'
reset='\033[0m'- You will need to mention your API keys in the
config.inifile in order to use the passive sources (Virustotal, Binaryedge, Censys). - See the Example Configuration File for more details.
Path:-$HOME/.config/amass/config.ini
- GitDorker & github-ednpoints both require GitHub Personal Access Tokens.
- Add your GitHub personal tokens in
~/Tools/.github_tokens,1 token on each line. - Its recommended to add atleast 5 GitHub Personal Access Tokens, each from 2 different accounts to avoid rate-limiting. See here how to create them.
- Use multiple tokens from separate GitHub accounts to provide the best results.
ghp_2Bq4wT4WUnfpqzMxHjpDcXlTlpS
ghp_IAarkJ5nHQ8HfonyYClz814ETmm
ghp_d2fec3d6e6712a98525y1v0OXh7
ghp_0e8e24ad765dB550abeExNq0YI80
ghp_5da53a644c6aIa5O74Pf669a0218
ghp_15977496Bqc61Tye33cdbY5bNgyt
- Favup tool needs your shodan API key to gather target's real IP.
To set up your API key run the following command.
shodan init <Your-Shodan-API-Key>
- ReconFTW includes a tool called dalfox which requires a server for Blind XSS detection. -
- Creating an account on XSS Hunter, will provide you with your own personalized server.
- Specify this server in the
reconftw.cfgconfig file.
Eg:-XSS_SERVER=six2dez.xss.ht
- To get inbound requests for finding potential SSRF its necessary to setup your own
COLLAB_SERVER - Specify your SSRF Server in
reconftw.cfgconfig file.
Eg:-COLLAB_SERVER=i0m1y4j3fu.canarytokens.com - Services for setting up SSRF Server:
- Notify tool is used to send reconFTW progress notifications via Discord, Telegram, Slack.
- The notify config file is located at
$HOME/.config/notify/provider-config.yaml - When using notifications do remember to specify in the
reconftw.cfgconfig file.
NOTIFICATION=true