All-in-One Tool

ReconFTW automates the entire process of reconnaissance for you. It outperforms the work of subdomain enumeration along with various vulnerability checks and obtaining maximum information about your target.

ReconFTW uses a lot of techniques (passive, brute-force, permutations, certificate transparency, source code scraping, analytics, DNS records...) for subdomain enumeration which helps you to get the maximum and the most interesting subdomains so that you be ahead of the competition.

It also performs various vulnerability checks like XSS, Open Redirects, SSRF, CRLF, LFI, SQLi, SSL tests, SSTI, DNS zone transfers, and much more. Along with these, it performs OSINT techniques, directory fuzzing, dorking, ports scanning, screenshots, nuclei scan on your target.

Is good to mention that, since ReconFTW is willing to install all the tools needed, we recommend you to install it using this script in a new VM or use the docker version

Here are the steps to install ReconFTW using the install script on your PC, VPS, or VM:

  1. Clone the ReconFTW repository:

git clone
  1. Change into the reconFTW directory:

cd reconftw
  1. Make the install script executable:

chmod +x install. sh
  1. Run the install script:


This will install the required dependencies, configure the environment, and install ReconFTW. The installation process may take a while, depending on the speed of your system and network connection.

Once the installation is complete, you can run ReconFTW by typing the following command:

  1. To perform a full reconnaissance on the domain "", you can run the following command:


This will gather information on the target domain, including subdomains, IP addresses, and open ports, and store the results in a directory named after the target domain.

Note that the reconnaissance process can take a while, depending on the size of the target domain and the amount of information that needs to be gathered.

ReconFTW provides a number of options for customizing the reconnaissance process. You can find more information on these options by running the following command:

reconftw --help

This will display the help information for the tool, which includes a description of each option and how to use it.

These are the basic steps for installing and using ReconFTW for domain reconnaissance using the install script. With this tool, you can gather a wealth of information on a target domain, which can be useful for penetration testing, bug hunting, and other security-related activities.

Install using Docker

Docker Image 🐳 (3 options)

  • Pull the image

$ docker pull six2dez/reconftw:main
  • Run the container

$ docker run -it --rm \
  -v "${PWD}/OutputFolder/":'/reconftw/Recon/' \
  six2dez/reconftw:main -d -r

However, if you wish to:

  1. Dynamically modify the behavior & function of the image

  2. Build your own container

  3. Build an Axiom Controller on top of the official image

Please refer to the Docker documentation.

Last updated