/reconftw

Simple script for full recon

Primary LanguageShell

reconftw

tl;dr

git clone https://github.com/six2dez/reconftw
cd reconftw
chmod +x *.sh
./install.sh
./reconftw.sh -d target.com -a

Banner

Summary

Important: run install script or set your tools path in the script in $tools var (line 10)

This is a simple script intended to perform a full recon on an objective with multiple subdomains. It performs multiples steps listed below:

  1. Tools checker
  2. Google Dorks (based on deggogle_hunter)
  3. Subdomain enumeration (multiple tools: passive, resolution, bruteforce and permutations)
  4. Sub TKO (subjack and nuclei)
  5. Probing (httpx)
  6. Websscreenshot (aquatone)
  7. Template scanner (nuclei)
  8. Port Scan (naabu)
  9. Url extraction (waybackurls and gau)
  10. Pattern Search (gf and gf-patterns)
  11. Param discovery (paramspider and arjun)
  12. XSS (Gxss and dalfox)
  13. Github Check (git-hound)
  14. Favicon Real IP (fav-up)
  15. Javascript Checks (JSFScan.sh)
  16. Directory fuzzing/discovery (dirsearch and ffuf)
  17. Cors (CORScanner)
  18. SSL Check (testssl)

Also you can perform just subdomain scan, webscan or google dorks. Remember webscan needs target lists with -l flag.

It generates and output in Recon/ folder with the name of the target domain, for example Recon/target.com/

Short-term improvement plan:

  • Enhance this Readme
  • Customize output folder
  • Interlace usage
  • Notification support (Slack, Discord and Telegram)
  • CMS tools (wpscan, drupwn/droopescan, joomscan)
  • Any other interesting suggestion