6. Output files

Output files and its description

ReconFTW generates a lot of output.
One should have a thorough understanding of all the output files/folders of reconFTW.
Below tables represents what each of the file contains and the tools used for that purpose.

Filename (*.txt)	Description	Tool used
dorks	Results from Google dorking	degoogle_hunter
gitdorks	Results from GitHub dorking	GitDorker
software	Potential list of software used by the target	metafinder
authors	List of persons who might work for the org	metafinder
metadata_results	All the info obtained from metadata	metafinder
emails	Emails of people working for the target	theHarvester
users	Users associated with the target	theHarvester
h8mail	Emails and passwords from target domain	h8mail
passwords	Passwords from data breaches	theHarvester, pwndb
domain_info_general	General data about domain and it's registrant	domainbigdata.com
domain_info_name	Domains owned by the same name as the target	domainbigdata.com
domain_info_email	Domains owned by the same email as the target	domainbigdata.com
domain_info_ip	Domains under the same IP as the target	domainbigdata.com

Filename (*.txt)	Description	Tool used
subdomains	List of DNS probed subdomains	cant fit here 😜
subdomains_cname	CNAME associated with each subdomain	dnsx
zonetransfer	Zone Transfer attempt results	dnsrecon
s3buckets	Found S3 buckets	S3Scanner

Filename (*.txt)	Description	Tool used
ips	IP's associated to the subdomains	dig
subs_ips_vhosts	List of subdomains belonging to the same IP (Vhosts)	dig
portscan_passive	Passive Port Scan through shodan	shodan-cli
portscan_active	Active Port Scan (top-200 ports)	nmap
favicontest	IP addresses having the same favicon	favUp.py
testssl	TLS/SSL vulnerabilities	testssl
cloud_providers	Check which cloud provider is hosting a particular IP address	ip2provider
brutespray	brute-forces services with default credentials using Medusa	brutespray

Filename (*.txt)	Description	Tool used
webs	HTTP/HTTPS probed subdomains	httpx
takeover	Potential subdomain-takeovers (67 fingerprints)	nuclei-templates/takeover
webs_uncommon_ports	Web probed on 88 uncommon ports	httpx
webs_wafs	Identified web firewalls on the target	wafw00f
param	Discovered URLs with parameters	ParamSpider, Arjun
url_extract	Endpoints gathered through various sources	gospider, waybackurls, gau
dict_words	Word dictionary generated from target	getjswords.py
dict_paths	Paths dictionary generated from target	unfurl
brokenLinks	Crawled broken links (BLH)	gospider
cors	subdomains having CORS Misconfigurations	Corsy
urls_by_ext	List of url's ordered by extenstion	Manual, custom

Filename (*.txt)	Description	Tool used
xss	Potential XSS's found	XSStrike
openredirect	OpenRedirect issues	OpenRedireX
ssrf	Server-side request forgery (SSRF) requests, manual callback check required	ssrf_async.py
crlf	Found CRLF Injections	crlfuzz
lfi	LFI vulns found	ffuf
ssti	SSTI vulns found	ffuf
4xxbypass	403 bypassed directories	DirDar

Filename (*.txt)	Description	Tool used
js_endpoints	Endpoints gathered from JS files	Gospider
jsfile_links	Contains all the js file links of the target	LinkFinder
js_livelinks	JS files alive and reachable	Gospider
js_secrets	Secrets found on JS files	nuclei-templates/exposures/tokens/
url_extract_js	List of url's extracted from JS files	Gospider

This folder contains the screenshots of all the websites hosted on the subdomains.

This folder will show the detected CMS(Content Management System) of the websites.