· 4 years ago · May 10, 2021, 12:30 PM
1## reconFTW config file ⚙️
2- Through ```reconftw.cfg``` file the whole execution of the tool can be controlled.
3- Hunters can set various scanning modes, execution preferences, tools config files, APIs/TOKENS, personalized wordlists, threads, headers, cookies etc.
4
5<details>
6 <br><br>
7 <summary>:point_right:Click here to view default config file:point_left:</summary>
8
9```yaml
10#################################################################
11# reconFTW config file #
12#################################################################
13
14# TERM COLORS
15bred='\033[1;31m'
16bblue='\033[1;34m'
17bgreen='\033[1;32m'
18yellow='\033[0;33m'
19red='\033[0;31m'
20blue='\033[0;34m'
21green='\033[0;32m'
22reset='\033[0m'
23
24# General values
25tools=~/Tools
26SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
27profile_shell=".$(basename $(echo $SHELL))rc"
28reconftw_version=$(git branch --show-current)-$(git describe --tags)
29update_resolvers=true
30proxy_url="http://127.0.0.1:8080/"
31#dir_output=/custom/output/path
32
33# Golang Vars (Comment or change on your own)
34export GOROOT=/usr/local/go
35export GOPATH=$HOME/go
36export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
37
38# Tools config files
39#NOTIFY_CONFIG=~/.config/notify/notify.conf # No need to define
40#SUBFINDER_CONFIG=~/.config/subfinder/config.yaml # No need to define
41AMASS_CONFIG=~/.config/amass/config.ini
42GITHUB_TOKENS=${tools}/.github_tokens
43
44# APIs/TOKENS - Uncomment the lines you set removing the '#' at the beginning of the line
45#SHODAN_API_KEY="XXXXXXXXXXXXX"
46#XSS_SERVER="XXXXXXXXXXXXXXXXX"
47#COLLAB_SERVER="XXXXXXXXXXXXXXXXX"
48#findomain_virustotal_token="XXXXXXXXXXXXXXXXX"
49#findomain_spyse_token="XXXXXXXXXXXXXXXXX"
50#findomain_securitytrails_token="XXXXXXXXXXXXXXXXX"
51#findomain_fb_token="XXXXXXXXXXXXXXXXX"
52slack_channel="XXXXXXXX"
53slack_auth="xoXX-XXX-XXX-XXX"
54
55# File descriptors
56DEBUG_STD="&>/dev/null"
57DEBUG_ERROR="2>/dev/null"
58
59# Osint
60OSINT=true
61GOOGLE_DORKS=true
62GITHUB_DORKS=true
63METADATA=true
64EMAILS=true
65DOMAIN_INFO=true
66
67# Subdomains
68SUBCRT=true
69SUBBRUTE=true
70SUBSCRAPING=true
71SUBPERMUTE=true
72SUBTAKEOVER=true
73SUBRECURSIVE=true
74ZONETRANSFER=true
75S3BUCKETS=true
76
77# Web detection
78WEBPROBESIMPLE=true
79WEBPROBEFULL=true
80WEBSCREENSHOT=true
81UNCOMMON_PORTS_WEB="81,300,591,593,832,981,1010,1311,1099,2082,2095,2096,2480,3000,3128,3333,4243,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7396,7474,8000,8001,8008,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8834,8880,8888,8983,9000,9001,9043,9060,9080,9090,9091,9200,9443,9502,9800,9981,10000,10250,11371,12443,15672,16080,17778,18091,18092,20720,32000,55440,55672"
82# You can change to aquatone if gowitness fails, comment the one you don't want
83AXIOM_SCREENSHOT_MODULE=gowitness
84#AXIOM_SCREENSHOT_MODULE=aquatone
85
86# Host
87FAVICON=true
88PORTSCANNER=true
89PORTSCAN_PASSIVE=true
90PORTSCAN_ACTIVE=true
91CLOUD_IP=true
92
93# Web analysis
94WAF_DETECTION=true
95NUCLEICHECK=true
96URL_CHECK=true
97URL_GF=true
98URL_EXT=true
99JSCHECKS=true
100PARAMS=true
101FUZZ=true
102CMS_SCANNER=true
103WORDLIST=true
104
105# Vulns
106XSS=true
107CORS=true
108TEST_SSL=true
109OPEN_REDIRECT=true
110SSRF_CHECKS=true
111CRLF_CHECKS=true
112LFI=true
113SSTI=true
114SQLI=true
115BROKENLINKS=true
116SPRAY=true
117BYPASSER4XX=true
118
119# Extra features
120NOTIFICATION=false
121DEEP=false
122DIFF=false
123REMOVETMP=false
124PROXY=false
125SENDZIPNOTIFY=false
126PRESERVE=false # set to true to avoid deleting the .called_fn files on really large scans
127
128# HTTP options
129HEADER="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0"
130
131# Threads
132FFUF_THREADS=40
133HTTPX_THREADS=50
134HTTPX_UNCOMMONPORTS_THREADS=100
135GOSPIDER_THREADS=50
136GITDORKER_THREADS=5
137BRUTESPRAY_THREADS=20
138BRUTESPRAY_CONCURRENCE=10
139ARJUN_THREADS=20
140GAUPLUS_THREADS=10
141DALFOX_THREADS=200
142PUREDNS_PUBLIC_LIMIT=0 # Set between 2000 - 10000 if your router blows up, 0 is unlimited
143PUREDNS_TRUSTED_LIMIT=400
144DIRDAR_THREADS=200
145
146# Timeouts
147CMSSCAN_TIMEOUT=3600
148FFUF_MAXTIME=900 # Seconds
149HTTPX_TIMEOUT=15 # Seconds
150HTTPX_UNCOMMONPORTS_TIMEOUT=10 # Seconds
151
152# lists
153fuzz_wordlist=${tools}/fuzz_wordlist.txt
154lfi_wordlist=${tools}/lfi_wordlist.txt
155subs_wordlist=${tools}/subdomains.txt
156subs_wordlist_big=${tools}/subdomains_big.txt
157resolvers=${tools}/resolvers.txt
158resolvers_trusted=${tools}/resolvers_trusted.txt
159
160# Axiom Fleet
161# Will not start a new fleet if one exist w/ same name and size (or larger)
162AXIOM_FLEET_LAUNCH=false
163AXIOM_FLEET_NAME="reconFTW"
164AXIOM_FLEET_COUNT=5
165AXIOM_FLEET_REGIONS=""
166AXIOM_FLEET_SHUTDOWN=true
167# This is a script on your reconftw host that might prep things your way...
168#AXIOM_POST_START="$HOME/bin/yourScript"
169```
170</details>
171
172
173***
174
175### 1) Amass Config
176* You will need to mention your API keys in the ```config.ini``` file in order to use the passive sources (Virustotal,Binaryedge,Censys).
177* See the [Example Configuration File](https://github.com/OWASP/Amass/blob/master/examples/config.ini) for more details.
178**Path:-** `$HOME/.config/amass/config.ini
179`
180
181### 2)Subfinder Config
182* To gather the more subdomains its necessary to mention the api keys in the ```config.yaml``
183 **Path:-** `$HOME/.config/subfinder/config.yaml`
184
185 **:bookmark_tabs: Check this article out:- [How to make/setup api keys](https://dhiyaneshgeek.github.io/bug/bounty/2020/02/06/recon-with-me/)**
186
187
188### 3)Github tokens
189* GitDorker & github-ednpoints both require GitHub Personal Access Tokens.
190* Add your GitHub personal tokens in ```~/Tools/.github_tokens``` ,1 token on each line.
191* Its recommended to add atleast 5 GitHub Personal Access Tokens, each from 2 different accounts to avoid rate-limiting. See [here](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) how to create them.
192* Use multiple tokens from separate GitHub accounts to provide the best results.
193```
194ghp_2Bq4wT4WUnfpqzMxHjpDcXlTlpS
195ghp_IAarkJ5nHQ8HfonyYClz814ETmm
196ghp_d2fec3d6e6712a98525y1v0OXh7
197ghp_0e8e24ad765dB550abeExNq0YI80
198ghp_5da53a644c6aIa5O74Pf669a0218
199ghp_15977496Bqc61Tye33cdbY5bNgyt
200```
201
202### 4)Favup Config
203* Favup tool needs your [shodan](https://www.shodan.io/) API key to gather target's real IP.
204To set up your API key run the following command.
205```
206shodan init <Your-Shodan-API-Key>
207```
208
209### 5)Blind XSS Server
210- ReconFTW includes a tool called [dalfox](https://github.com/hahwul/dalfox) which requires a server for Blind XSS detection. -
211- Creating an account on [XSS Hunter](https://xsshunter.com/app), will provide you with your own personalized server.
212- Specify this server in the ```reconftw.cfg``` config file.
213**Eg:-** ```XSS_SERVER=six2dez.xss.ht```
214
215### 6)SSRF Server
216- To get inbound requests for finding potential SSRF its necessary to setup your own ```COLLAB_SERVER```
217- Specify your SSRF Server in ```reconftw.cfg``` config file.
218**Eg:-** ```COLLAB_SERVER=i0m1y4j3fu.canarytokens.com```
219- Services for setting up SSRF Server:
2201. [Canarytokens](https://canarytokens.org/)
2212. [interactsh](https://github.com/projectdiscovery/interactsh)
2223. [Webhook](https://webhook.site/)
2234. [Burp Collaborator server](https://portswigger.net/burp/pro)
224
225### 7)Notify configuration
226* **Notify** tool is used to send reconFTW progress notifications via Discord, Telegram, Slack.
227* The notify config file is located at `$HOME/.config/notify/notify.conf`
228* When using notifications do remember to specify in the ```reconftw.cfg``` config file.
229```NOTIFICATION=true ```
2301. [Creating Discord webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks)
2312. [Creating Slack webhook](https://slack.com/intl/en-it/help/articles/115005265063-Incoming-webhooks-for-Slack)
2323. [Creating Telegram bot](https://core.telegram.org/bots#3-how-do-i-create-a-bot)
233
234
235### 8)theHarvester Config
236* theHarvester needs some API keys in order to gather more data through other sources.
237* For more info look [here](https://github.com/laramies/theHarvester/wiki/Installation#api-keys)
238**Path:-** `~/Tools/theHarvester/api-keys.yml`
239
240### 9)H8mail Config
241* Its recommended to provide your API keys in order for H8mail to work at its best.
242* For more info look [here](https://github.com/khast3x/h8mail/wiki/Using-APIs)
243**Path:-** `~/Tools/h8mail_config.ini`
244
245