· 4 years ago · Mar 25, 2021, 06:24 PM
1### reconFTW config file
2- Through ```reconftw.cfg``` file the whole execution of the tool can be controlled.
3- Hunters can set various scanning modes, execution preferences, tools config files, APIs/TOKENS, personalized wordlists, threads, headers, cookies etc.
4
5<details>
6 <br><br>
7 <summary>Click here to view default config file</summary>
8
9```yaml
10#################################################################
11# reconFTW config file #
12#################################################################
13
14# TERM COLOURS
15bred='\033[1;31m'
16bblue='\033[1;34m'
17bgreen='\033[1;32m'
18yellow='\033[0;33m'
19red='\033[0;31m'
20blue='\033[0;34m'
21green='\033[0;32m'
22reset='\033[0m'
23
24# General values
25tools=~/Tools
26NPROC=$(nproc || echo -n 1)
27SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
28profile_shell=".$(basename $(echo $SHELL))rc"
29#dir_output=/custom/output/path
30
31# Golang Vars (Comment or change on your own)
32export GOROOT=/usr/local/go
33export GOPATH=$HOME/go
34export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
35
36# Tools config files
37#NOTIFY_CONFIG=~/.config/notify/notify.conf # No need to define
38#SUBFINDER_CONFIG=~/.config/subfinder/config.yaml # No need to define
39AMASS_CONFIG=~/.config/amass/config.ini
40GITHUB_TOKENS=${tools}/.github_tokens
41
42# APIs/TOKENS - Uncomment the lines you set removing the '#' at the beginning of the line
43SHODAN_API_KEY=XXXXXXXXXXXXX
44XSS_SERVER=six2dez.xss.ht
45COLLAB_SERVER=i0m1y4j3fu.canarytokens.com
46findomain_virustotal_token=XXXXXXXXXXXXXXXXX
47findomain_spyse_token=XXXXXXXXXXXXXXXXX
48findomain_securitytrails_token=XXXXXXXXXXXXXXXXX
49findomain_fb_token=XXXXXXXXXXXXXXXXX
50
51# File descriptors
52DEBUG_STD="&>/dev/null"
53DEBUG_ERROR="2>/dev/null"
54
55# Osint
56GOOGLE_DORKS=true
57GITHUB_DORKS=false
58METADATA=true
59EMAILS=true
60DOMAIN_INFO=true
61
62# Subdomains
63SUBCRT=true
64SUBBRUTE=true
65SUBSCRAPING=true
66SUBPERMUTE=true
67SUBTAKEOVER=true
68ZONETRANSFER=true
69S3BUCKETS=true
70
71# Web detection
72WEBPROBESIMPLE=true
73WEBPROBEFULL=true
74WEBSCREENSHOT=true
75
76# Host
77FAVICON=true
78PORTSCANNER=true
79PORTSCAN_PASSIVE=true
80PORTSCAN_ACTIVE=true
81
82# Web analysis
83WAF_DETECTION=true
84NUCLEICHECK=true
85URL_CHECK=true
86URL_GF=true
87JSCHECKS=true
88PARAMS=true
89FUZZ=true
90CMS_SCANNER=true
91WORDLIST=true
92
93# Vulns
94XSS=true
95CORS=true
96TEST_SSL=true
97OPEN_REDIRECT=true
98SSRF_CHECKS=true
99CRLF_CHECKS=true
100LFI=true
101SSTI=true
102SQLI=true
103BROKENLINKS=true
104SPRAY=true
105BYPASSER4XX=true
106
107# Extra features
108NOTIFICATION=true
109DEEP=false
110FULLSCOPE=false
111DIFF=false
112REMOVETMP=false
113
114# HTTP options
115COOKIE=""
116HEADER="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0"
117
118# Threads
119FFUF_THREADS=40
120HTTPX_THREADS=50
121HTTPX_UNCOMMONPORTS_THREADS=150
122SHUFFLEDNS_THREADS=5000
123GOSPIDER_THREADS=50
124GITDORKER_THREADS=5
125XSSTRIKE_THREADS=30
126BRUTESPRAY_THREADS=20
127BRUTESPRAY_CONCURRENCE=10
128
129# lists
130fuzz_wordlist=${tools}/fuzz_wordlist.txt
131lfi_wordlist=${tools}/lfi_wordlist.txt
132subs_wordlist=${tools}/subdomains.txt
133subs_wordlist_big=${tools}/subdomains_big.txt
134resolvers=${tools}/resolvers.txt
135```
136</details>
137
138
139***
140
141### Amass Config
142You will need to mention your API keys in the ```config.ini``` file in order to use the third-party services.
143See the [Example Configuration File](https://github.com/OWASP/Amass/blob/master/examples/config.ini) for more details.
144| Operating System | Path |
145| ---------------- | ---- |
146| Linux / Unix | `$HOME/.config/amass/config.ini` |
147
148### Subfinder Config
149Subfinder to gather data from other services, you will need to have setup your API keys.
150| Operating System | Path |
151| ---------------- | ---- |
152| Linux / Unix | `$HOME/.config/subfinder/config.yaml` |
153
154### theHarvester Config
155theHarvester needs some API keys in order to gather more data through other sources.
156For more info look [here](https://github.com/laramies/theHarvester/wiki/Installation#api-keys)
157| Operating System | Path |
158| ---------------- | ---- |
159| Linux / Unix | `~/Tools/theHarvester/api-keys.yml` |
160
161### H8mail Config
162Its recommended to provide your API keys in order for H8mail to work at its best.
163For more info look [here](https://github.com/khast3x/h8mail/wiki/Using-APIs)
164| Operating System | Path |
165| ---------------- | ---- |
166| Linux / Unix | `~/Tools/h8mail_config.ini` |
167
168### Github tokens
169* GitDorker & github-ednpoints both require GitHub Personal Access Tokens.
170* Add your GitHub personal tokens in ```~/Tools/.github_tokens``` ,1 token on each line.
171* Its recommended to add atleast 5 GitHub Personal Access Tokens, each from 2 different accounts to avoid rate-limiting. See [here](https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token) how to create them.
172* Use multiple tokens from separate GitHub accounts to provide the best results.
173```
174d2fec3d6e6712a985259522acec
1750e8e24ad765d1550abe13347c48
1765da53a644c6aaa5874f669a0218
17715977496cc613e33cdb15b83693
17846df7cecc76537e229ef069eb63
179```
180
181### Favup Config
182Favup needs your [shodan](https://www.shodan.io/) API key to gather IP's matching the required favicon.
183To set up your API key run the following command.
184```
185shodan init [Your-Shodan-API-Key]
186```
187
188### Blind XSS Server
189ReconFTW includes a tool called [XSStrike](https://github.com/s0md3v/XSStrike) which requires a server for Blind XSS detection.
190Creating an account on [XSS Hunter](https://xsshunter.com/app), will provide you with your own personalized server.
191Specify this server in the ```reconftw.cfg``` config file.
192```XSS_SERVER=six2dez.xss.ht```
193
194### SSRF Server
195- To get inbound requests for finding potential SSRF its necessary to setup your own ```COLLAB_SERVER```
196- Services for setting up SSRF Server:
1971. [Canarytokens](https://canarytokens.org/)
1982. [RequestCatcher](https://requestcatcher.com/)
1993. [Webhook](https://webhook.site/)
2004. [Burp](https://portswigger.net/burp/pro) Collaborator server
201
202Specify your SSRF Server in ```reconftw.cfg``` config file.
203```COLLAB_SERVER=i0m1y4j3fu.canarytokens.com```
204
205### Notify configuration
206* **Notify** is used to send reconFTW progress notifications via Discord, Telegram, Slack.
207* The notify config file is located at `$HOME/.config/notify/notify.conf`
2081. [Creating Discord webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks)
2092. [Creating Slack webhook](https://slack.com/intl/en-it/help/articles/115005265063-Incoming-webhooks-for-Slack)
2103. [Creating Telegram bot](https://core.telegram.org/bots#3-how-do-i-create-a-bot)
211 When using notifications do remember to specify in the ```reconftw.cfg``` config file.
212NOTIFICATION=true
213***