-
-
Notifications
You must be signed in to change notification settings - Fork 1k
1. Post Installation Guide
six2dez edited this page May 16, 2025
·
14 revisions
After installing reconFTW, you need to configure the tool to ensure optimal performance and enable features like API-driven scans, notifications, distributed scanning, and AI reporting. This guide walks you through setting up the reconftw.cfg file, configuring API keys, integrating external services (e.g., Ax Framework, Faraday), and validating tool installations.
The reconftw.cfg file controls the entire execution of reconFTW. It allows you to:
- Enable/disable scanning modules (e.g., OSINT, Subdomains, Vulnerabilities).
- Configure API keys for tools like Subfinder, Shodan, and WHOISXML.
- Set performance parameters (threads, timeouts, rate limits).
- Integrate with external services (Ax Framework, Faraday, notifications).
- Customize wordlists, resolvers, and output directories.
Location: The reconftw.cfg file is located in the root of the reconFTW directory after cloning the repository.
Default Configuration: The default reconftw.cfg is preconfigured with sensible defaults but requires customization for API keys and specific use cases. Below is a sample snippet of key sections (see the Configuration File Guide for a full breakdown).
# General values
tools=$HOME/Tools
generate_resolvers=false
proxy_url="http://127.0.0.1:8080/"
install_golang=true
# APIs/TOKENS
#SHODAN_API_KEY="XXXXXXXXXXXXX"
#WHOISXML_API="XXXXXXXXXX"
#XSS_SERVER="XXXXXXXXXXXXXXXXX"
#COLLAB_SERVER="XXXXXXXXXXXXXXXXX"
# Osint
OSINT=true
GOOGLE_DORKS=true
METAFINDER_LIMIT=20
# Subdomains
SUBDOMAINS_GENERAL=true
SUBPASSIVE=true
SUBCRT=true
SUBIAPERMUTE=true
# Notifications
NOTIFICATION=false
NOTIFY_CONFIG=~/.config/notify/provider-config.yaml
# Axiom Fleet
AXIOM_FLEET_LAUNCH=true
AXIOM_FLEET_COUNT=10
# AI Reporting
AI_MODEL="llama3:8b"
AI_REPORT_TYPE="md"
AI_REPORT_PROFILE="bughunter"Before configuring reconFTW, ensure all required tools are installed correctly.
-
Run the Help Command:
./reconftw.sh -h
If the help menu displays, the core script is functional.
-
Check Tool Availability: Use the
--check-toolsflag to verify that all required tools are installed:./reconftw.sh --check-tools
If any tools are missing, rerun
./install.shwithDEBUG_STD=""inreconftw.cfgto view installation logs. -
Common Issues:
-
Golang/Rust Errors: Verify
GOROOT,GOPATH, andPATHinreconftw.cfg. -
Permission Issues: Ensure the user has write access to
$HOME/Toolsand the reconFTW directory. -
ARM/macOS M1/M2: Confirm tools are compiled for
arm64(e.g.,GOARCH=arm64).
-
Golang/Rust Errors: Verify
Many reconFTW modules rely on APIs for enhanced reconnaissance. Uncomment and set the relevant API keys in reconftw.cfg.
- Purpose: Subfinder uses APIs for passive subdomain enumeration (e.g., Shodan, Censys).
-
Config File:
$HOME/.config/subfinder/provider-config.yaml -
Steps:
- Create or edit the Subfinder config file:
mkdir -p $HOME/.config/subfinder nano $HOME/.config/subfinder/provider-config.yaml
- Add API keys (example):
# provider-config.yaml shodan: - SHODAN_API_KEY_1 - SHODAN_API_KEY_2 censys: - ID:SECRET github: - GITHUB_TOKEN_1 - GITHUB_TOKEN_2
- Obtain API keys from providers (e.g., Shodan, Censys).
- See the Subfinder Documentation for a full list of supported providers.
- Create or edit the Subfinder config file:
-
Purpose: Tools like
github-subdomains,enumerepo, andtrufflehogrequire GitHub Personal Access Tokens (PATs) for repository and secret scanning. -
Config File:
$HOME/Tools/.github_tokens -
Steps:
- Create the tokens file:
mkdir -p $HOME/Tools nano $HOME/Tools/.github_tokens
- Add at least 5 PATs, one per line, from multiple GitHub accounts to avoid rate limits:
ghp_SAMPLE1 ghp_SAMPLE2 ghp_SAMPLE3 ghp_SAMPLE4 ghp_SAMPLE5 - Generate PATs via GitHub Settings. Select scopes like
repoandread:org. - Set
GITHUB_TOKENS=${tools}/.github_tokensinreconftw.cfg.
- Create the tokens file:
-
Purpose:
fav-upand other tools use Shodan to resolve real IPs behind favicons and perform IP-based scans. -
Steps:
- Initialize Shodan:
shodan init <Your-Shodan-API-Key>
- Add the key to
reconftw.cfg:SHODAN_API_KEY="XXXXXXXXXXXXX" - Obtain a key from Shodan.
- Initialize Shodan:
- Purpose: Used for WHOIS lookups and domain information.
-
Steps:
- Add the key to
reconftw.cfg:WHOISXML_API="XXXXXXXXXX" - Obtain a key from WHOISXML.
- Add the key to
-
Purpose:
dalfoxrequires a server for blind XSS detection. -
Steps:
- Create an account on XSS Hunter to get a personalized server (e.g.,
SAMPLE.xss.ht). - Add to
reconftw.cfg:XSS_SERVER="SAMPLE.xss.ht"
- Create an account on XSS Hunter to get a personalized server (e.g.,
-
Purpose: Tools like
interactshandffufuse an SSRF server to detect server-side request forgery. -
Steps:
- Set up a server using one of the following:
- Add to
reconftw.cfg:COLLAB_SERVER="SAMPLE.canarytokens.com"
reconFTW supports notifications via Slack, Discord, or Telegram to track scan progress.
-
Config File:
$HOME/.config/notify/provider-config.yaml -
Steps:
- Create the notify config file:
mkdir -p $HOME/.config/notify nano $HOME/.config/notify/provider-config.yaml
- Add provider details (example for Discord):
discord: - id: discord discord_webhook_url: "https://discord.com/api/webhooks/XXXXX/XXXXX" telegram: - id: telegram telegram_api_key: "XXXXX:XXXXX" telegram_chat_id: "XXXXX" slack: - id: slack slack_webhook_url: "https://hooks.slack.com/services/XXXXX/XXXXX/XXXXX"
- Enable notifications in
reconftw.cfg:NOTIFICATION=true SOFT_NOTIFICATION=false # Set to true for start/end notifications only
- Set up webhooks:
- Test notifications:
notify -data "Test notification from reconFTW" -provider discord
- Create the notify config file:
reconFTW supports distributed scanning via the Ax Framework for faster execution.
-
Prerequisites:
- Ax Framework installed and configured.
- AWS or other cloud provider credentials set up.
-
Steps:
- Install Ax Framework (follow Ax Docs).
- Configure Ax in
reconftw.cfg:AXIOM_FLEET_LAUNCH=true AXIOM_FLEET_NAME="reconFTW" AXIOM_FLEET_COUNT=10 AXIOM_FLEET_REGIONS="eu-central" AXIOM_FLEET_SHUTDOWN=true
- Optionally, specify a post-start script:
AXIOM_POST_START="~/Tools/axiom_config.sh" - Test Ax integration:
./reconftw.sh -d example.com -r -v
-
Notes:
- Ensure your cloud provider credentials are configured in
~/.axiom/axiom.json. - Adjust
AXIOM_FLEET_COUNTbased on your budget and scan size. - See the Ax Framework Version Guide for detailed setup.
- Ensure your cloud provider credentials are configured in
Faraday provides web-based reporting and vulnerability management.
-
Prerequisites:
- Faraday server installed or hosted (e.g.,
http://localhost:5985). -
faraday-cliinstalled (pip install faraday-cli).
- Faraday server installed or hosted (e.g.,
-
Steps:
- Configure Faraday in
reconftw.cfg:FARADAY=true FARADAY_SERVER="http://localhost:5985" FARADAY_USER="faraday" FARADAY_PASS="FARADAY_PASSWORD" FARADAY_WORKSPACE="reconftw"
- Authenticate with Faraday:
faraday-cli auth -s http://localhost:5985 -u faraday -p FARADAY_PASSWORD
- Test integration by running a scan:
./reconftw.sh -d example.com -r
- Configure Faraday in
-
Notes:
- Ensure the Faraday server is running before starting scans.
- See the Faraday Documentation for server setup.
reconFTW uses reconftw_ai to generate detailed reports from scan results.
-
Prerequisites:
- Local AI model installed (e.g., LLaMA via Ollama).
-
reconftw_aitool configured.
-
Steps:
- Install Ollama and pull the desired model:
curl https://ollama.ai/install.sh | sh ollama pull llama3:8b - Configure AI settings in
reconftw.cfg:AI_MODEL="llama3:8b" AI_REPORT_TYPE="md" AI_REPORT_PROFILE="bughunter"
- Enable AI analysis with the
-yflag:./reconftw.sh -d example.com -r -y
- Install Ollama and pull the desired model:
-
Notes:
- Supported report types:
md(Markdown),txt(plain text). - Profiles:
executive,brief,bughunter. - See the AI Integration Guide for advanced setup.
- Supported report types:
Fine-tune reconFTW’s behavior by editing reconftw.cfg. Common customizations include:
-
Performance:
- Adjust threads:
FFUF_THREADS=40,HTTPX_THREADS=50. - Set rate limits:
HTTPX_RATELIMIT=150,NUCLEI_RATELIMIT=150. - Configure timeouts:
FFUF_MAXTIME=900,HTTPX_TIMEOUT=10.
- Adjust threads:
-
Modules:
- Enable/disable modules:
OSINT=true,VULNS_GENERAL=false. - Customize scans:
SUBIAPERMUTE=true,SUBREGEXPERMUTE=true.
- Enable/disable modules:
-
Output:
- Set output directory:
dir_output=/custom/output/path. - Enable result zipping:
SENDZIPNOTIFY=true.
- Set output directory:
-
Wordlists:
- Use custom wordlists:
fuzz_wordlist=${tools}/custom_fuzz.txt. - Update resolvers:
generate_resolvers=true.
- Use custom wordlists:
Example Customization (passive-only scan):
OSINT=true
SUBDOMAINS_GENERAL=true
SUBPASSIVE=true
SUBBRUTE=false
VULNS_GENERAL=false
NOTIFICATION=true-
API Key Errors:
- Verify keys are correctly formatted (no extra spaces).
- Check API provider documentation for rate limits or scope requirements.
-
Notification Failures:
- Test the
notifycommand manually to debug webhook issues. - Ensure
NOTIFY_CONFIGpoints to the correct file.
- Test the
-
Tool Failures:
- Rerun
./install.shwithDEBUG_STD=""to capture logs. - Check tool-specific documentation for version compatibility.
- Rerun
-
Ax Framework Issues:
- Verify cloud credentials and Ax installation.
- Check fleet status with
axiom-fleet ls.
-
AI Reporting Errors:
- Ensure Ollama is running (
ollama serve). - Verify the model is downloaded (
ollama list).
- Ensure Ollama is running (
For further help, join the Discord server or Telegram group.
- Explore the Usage Guide to start running scans.
- Review the Configuration File Guide for advanced settings.
- Set up data management with the Data Management Guide.