# ReconFTW **ReconFTW** automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.

https://github.com/six2dez/reconftw

ReconFTW uses a lot of techniques (passive, brute-force, permutations, certificate transparency, source code scraping, analytics, DNS records...) for subdomain enumeration which helps you to get the maximum and the most interesting subdomains so that you be ahead of the competition. It also performs various vulnerability checks like XSS, Open Redirects, SSRF, CRLF, LFI, SQLi, SSL tests, SSTI, DNS zone transfers, and much more. Along with these, it performs OSINT techniques, directory fuzzing, dorking, ports scanning, screenshots, nuclei scan on your target. *Is good to mention that, since ReconFTW is willing to install all the tools needed, we recommend you to install it using this script in a new VM or use the docker version* Here are the steps to install ReconFTW using the install script on your PC, VPS, or VM: 1. Clone the ReconFTW repository: ```bash git clone https://github.com/six2dez/reconftw.git ``` 2. Change into the reconFTW directory: ```bash cd reconftw ``` 3. Make the install script executable: ```bash chmod +x install. sh ``` 4. Run the install script: ```bash ./install.sh ``` This will install the required dependencies, configure the environment, and install ReconFTW. The installation process may take a while, depending on the speed of your system and network connection. Once the installation is complete, you can run ReconFTW by typing the following command: ``` reconftw ``` 5. To perform a full reconnaissance on the domain "example.com", you can run the following command: ``` reconftw example.com ``` This will gather information on the target domain, including subdomains, IP addresses, and open ports, and store the results in a directory named after the target domain. Note that the reconnaissance process can take a while, depending on the size of the target domain and the amount of information that needs to be gathered. ReconFTW provides a number of options for customizing the reconnaissance process. You can find more information on these options by running the following command: ```python reconftw --help ``` This will display the help information for the tool, which includes a description of each option and how to use it. These are the basic steps for installing and using ReconFTW for domain reconnaissance using the install script. With this tool, you can gather a wealth of information on a target domain, which can be useful for penetration testing, bug hunting, and other security-related activities. ### Install using Docker ### Docker Image 🐳 (3 options) * Pull the image ```bash $ docker pull six2dez/reconftw:main ``` * Run the container ```bash $ docker run -it --rm \ -v "${PWD}/OutputFolder/":'/reconftw/Recon/' \ six2dez/reconftw:main -d example.com -r ``` However, if you wish to: 1. Dynamically modify the behavior & function of the image 2. Build your own container 3. Build an Axiom Controller on top of the official image Please refer to the [Docker](https://github.com/six2dez/reconftw/wiki/4.-Docker) documentation. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://bugbounty-for-starters.humbertojunior.com.br/reconnaissance-phase/subdomain-enumeration/reconftw.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.