Streamlining Your Reconnaissance Process with Reconftw: An In-Depth Guide

Reconftw is an open-source reconnaissance framework developed by six2dez. It aims to automate the reconnaissance phase of the penetration testing process and reduce the time and effort required to gather information about the target system.

Reconftw Github:

https://github.com/six2dez/reconftw

The framework consists of several modules that can be used to perform various tasks related to reconnaissance, such as subdomain enumeration, port scanning, web application fingerprinting, and vulnerability scanning. Reconftw also includes integration with various third-party tools and services, such as Nmap, Masscan, Shodan, and Censys, to enhance the reconnaissance process.

The OSINT toolset includes a variety of features such as domain information lookup through whois and amass, email address and user identification using theHarvester and emailfinder, password leak checks through pwndb and H8mail, and metadata discovery with MetaFinder. Google and Github dorks can be searched using dorks_hunter and gitdorks_go respectively. Subdomains can be found through passive methods such as amass, subfinder, and github-subdomains, while certificate transparency can be checked with ctfr.

DNS records can be checked with dnsx and recursive searches can be performed with dsieve. Nuclei allows for subdomain and DNS takeover checks, as well as scanning for web templates and CMS vulnerabilities. Port scanning can be done with nmap or smap, and port services vulnerability checks can be done with searchsploit. Web probers like httpx and unimap can check web domains, while screenshots can be taken with webscreenshot or gowitness.

Fuzzing can be done with ffuf, and vulnerabilities like XSS, open redirect, SSRF, CRLF, and CORS can be checked with dalfox, Oralyzer, interactsh, crlfuzz, and Corsy. SSL testing can be done with testssl, and broken links can be checked with katana. The toolset also includes multithreading with Rush, custom resolvers with dnsvalidator, and Docker container integration with AWS deployment through Ansible and Terraform.

It supports IP/CIDR targets, can resume scans, has custom output folder options, and can be used with multiple domains. It also has notification systems for Slack, Discord, and Telegram, and supports sending zipped results. Overall, this toolset is a comprehensive and versatile set of tools for OSINT and web security research.