-
-
Notifications
You must be signed in to change notification settings - Fork 1k
7. FAQs
This guide addresses frequently asked questions about reconFTW, covering installation, usage, features, data management, and AI integration. It provides practical solutions and best practices to help users troubleshoot issues and optimize their scanning experience.
Note: Always review the Post-Installation Guide and Configuration File Guide for setup and customization details.
A: Red-colored tools in the install.sh output indicate installation failures, often due to missing dependencies, network issues, or platform incompatibilities.
Solution:
-
Check Logs: Set
DEBUG_STD=""inreconftw.cfgand rerun./install.shto view detailed error messages. -
Manual Installation: Install the failed tool manually using its GitHub instructions (e.g.,
go installfor Golang tools). -
Dependencies: Ensure system dependencies are installed:
sudo apt-get update && sudo apt-get install -y git curl python3 python3-pip golang-go -
Re-run Installer: Execute
./install.shagain to verify all tools are installed.
Example: If subfinder fails, install it manually:
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latestNote: For ARM systems (e.g., macOS M1/M2, Raspberry Pi), some tools may require custom builds. See the Docker Usage Guide for ARM-compatible setups.
A: The install.sh script serves as both an installer and updater, automatically checking for updates to reconFTW and its tools.
Steps:
- Run the installer:
./install.sh
- The script:
- Checks for a newer reconFTW version via Git and updates the repository.
- Updates all tools and dependencies (e.g.,
nuclei,ffuf, wordlists). - Reinstalls any missing or corrupted tools.
Note: Set upgrade_tools=true and upgrade_before_running=true in reconftw.cfg to ensure tools are updated before each scan. Backup reconftw.cfg before updating to preserve custom settings.
A: Subdomain bruteforcing (e.g., via puredns) generates significant DNS traffic, which can overload home routers or ISPs.
Solution:
-
Reduce DNS Traffic: Lower the public resolver limit in
reconftw.cfg:Values between 1000–5000 are typically safe for home networks.PUREDNS_PUBLIC_LIMIT=2000
-
Disable Bruteforcing: Set
SUBBRUTE=falseinreconftw.cfgto skip DNS bruteforcing and rely on passive enumeration. - Use Ax Framework: Distribute scans across cloud instances to offload traffic (see Ax Framework Version Guide).
-
Throttle Threads: Reduce threads for DNS tools:
PUREDNS_TRUSTED_LIMIT=200 DNSVALIDATOR_THREADS=100
Example: To disable bruteforcing:
sed -i 's/SUBBRUTE=true/SUBBRUTE=false/' reconftw.cfg
./reconftw.sh -d example.com -sNote: Test with a small target to find a safe PUREDNS_PUBLIC_LIMIT for your network.
A: Long-running tasks (e.g., fuzzing, recursive enumeration) or network issues can cause scans to appear stuck.
Solution:
-
Stop the Scan: Press
Ctrl+Cto interrupt the scan. -
Disable the Module: Edit
reconftw.cfgto disable the problematic module. For example, to skip directory fuzzing:FUZZ=false
-
Adjust Timeouts: Increase timeouts for slow tasks:
FFUF_MAXTIME=1800 HTTPX_TIMEOUT=20
-
Enable Verbose Mode: Run with
--verboseto monitor progress:./reconftw.sh -d example.com -r --verbose
- Check Resources: Ensure sufficient CPU, memory, and disk space (e.g., 4 GB RAM, 20 GB free disk).
Example: To disable recursive passive enumeration:
sed -i 's/SUB_RECURSIVE_PASSIVE=true/SUB_RECURSIVE_PASSIVE=false/' reconftw.cfgNote: For large targets, use the Ax Framework (-v) to distribute tasks and reduce local load.
A: Google may block automated queries (e.g., from degoogle_hunter) due to CAPTCHA challenges or rate-limiting.
Solution:
- Pause Dorking: Wait 1–2 hours before retrying to avoid Google’s temporary blocks.
-
Disable Google Dorks: Set
GOOGLE_DORKS=falseinreconftw.cfgto skip this module:GOOGLE_DORKS=false
-
Use Proxies: Configure a proxy in
reconftw.cfgto rotate IPs:PROXY=true proxy_url="http://your.proxy:8080" - Manual Dorking: Perform Google dorks manually in a browser to bypass automation detection.
Note: Google Dorking is API-independent, so results depend on Google’s response. Consider alternative OSINT modules (e.g., GITHUB_DORKS) for reliable data.
A: reconFTW uses notify to send updates to Discord, Telegram, or custom webhooks.
Steps:
-
Enable Notifications: Set in
reconftw.cfg:NOTIFICATION=true # Full notifications for each step SOFT_NOTIFICATION=true # Only start/end notifications
-
Configure Notify:
- Edit the notify config file:
~/.config/notify/provider-config.yaml. - Choose a provider (Discord, Telegram, or custom webhook).
- Edit the notify config file:
Discord Setup:
- Create a Discord server and webhook (Server Settings → Integrations → Create Webhook).
- Copy the webhook URL (e.g.,
https://discord.com/api/webhooks/xxx/yyy). - Update
provider-config.yaml:discord: - id: "reconftw" discord_webhook_url: "https://discord.com/api/webhooks/xxx/yyy" discord_format: "{{data}}"
- Test notifications:
notify -data "Test notification" -provider discord
Telegram Setup:
- Open Telegram and message
@BotFatherwith/start. - Create a bot with
/newbot, set a name (e.g.,reconFTWBot), and get the API token (e.g.,123456:ABC-DEF). - Get your chat ID:
- Message your bot (e.g.,
t.me/reconFTWBot) with any text. - Visit:
https://api.telegram.org/bot<Your_API_Token>/getUpdates. - Copy the
chat.idfrom the response (e.g.,-123456789).
- Message your bot (e.g.,
- Update
provider-config.yaml:telegram: - id: "reconftw" telegram_api_key: "123456:ABC-DEF" telegram_chat_id: "-123456789" telegram_format: "{{data}}"
- Test notifications:
notify -data "Test notification" -provider telegram
Custom Webhook (e.g., Pipedream):
- Create a webhook endpoint on Pipedream or another service.
- Update
provider-config.yaml:webhook: - id: "reconftw" webhook_url: "https://your.pipedream.endpoint" webhook_format: "{{data}}"
- Test notifications:
notify -data "Test notification" -provider webhook
Note: Uncomment provider lines in provider-config.yaml before editing. Use SENDZIPNOTIFY=true in reconftw.cfg to send zipped results via notifications.
A: reconFTW automatically handles large result files (>8 MB) to comply with provider limits (e.g., Discord’s 8 MB upload cap).
Details:
- If results exceed 8 MB, reconFTW zips the output and uploads it to transfer.sh.
- A download link is sent via the configured notification provider (e.g., Discord, Telegram).
- For custom workflows, use a webhook (e.g., Pipedream) to save files to cloud storage (e.g., Google Drive, Dropbox).
Example: Enable zipped notifications:
SENDZIPNOTIFY=trueNote: Ensure NOTIFICATION=true or SOFT_NOTIFICATION=true is set. Test upload limits with a small scan before enabling for large targets.
A: reconFTW generates extensive output in Recon/<target>/, which can be voluminous for large scans. Proper data management ensures usability and security.
Solutions:
-
Organize by Target: Results are automatically saved in
Recon/<target>/(e.g.,Recon/example.com/), keeping outputs separated by domain. -
Filter Outputs: Disable low-value modules in
reconftw.cfgto reduce noise:GOOGLE_DORKS=false SUB_RECURSIVE_BRUTE=false
-
Clean Temporary Files: Enable cleanup in
reconftw.cfg:REMOVETMP=true # Deletes temporary files REMOVELOG=true # Deletes log files
-
Backup Results: Regularly back up
Recon/to avoid data loss:tar -czf recon_backup.tar.gz Recon/
-
Secure Outputs: Restrict access to sensitive data (e.g., passwords, secrets):
chmod -R 700 Recon/
-
Use AI Reports: Generate summarized reports with the
-yflag to prioritize findings:./reconftw.sh -d example.com -r -y
Example: Clean up after a scan:
sed -i 's/REMOVETMP=false/REMOVETMP=true/' reconftw.cfg
./reconftw.sh -d example.com -sNote: See the Output Files Guide for a detailed breakdown of files and folders.
A: Large targets (e.g., domains with thousands of subdomains) can generate gigabytes of data, slowing analysis and consuming disk space.
Solutions:
-
Selective Modules: Enable only necessary modules in
reconftw.cfg:SUB_RECURSIVE_PASSIVE=false VULNS_GENERAL=false
-
Limit Scope: Use an in-scope file (
.scope) to filter subdomains:CreateINSCOPE=true
Recon/example.com/.scopewith allowed subdomains:*.example.com api.example.com -
Reduce Fuzzing: Use a smaller wordlist or limit fuzzing depth:
fuzz_wordlist="${tools}/onelistforallmicro.txt" FFUF_MAXTIME=600 -
Monitor Disk Space: Check available space before scanning:
df -h
-
Use Ax Framework: Distribute scans to cloud instances to offload storage:
./reconftw.sh -d example.com -r -v
Example: Limit recursive enumeration:
sed -i 's/DEEP_RECURSIVE_PASSIVE=10/DEEP_RECURSIVE_PASSIVE=5/' reconftw.cfgNote: For very large targets, allocate at least 50 GB of free disk space and use a VPS or Ax Framework.
A: reconFTW’s AI reporting (-y flag) uses reconftw_ai with Ollama to generate summarized reports in Markdown or plain text, ideal for prioritizing findings.
Steps:
-
Install Ollama:
- Download and install Ollama (https://ollama.ai/):
curl https://ollama.ai/install.sh | sh - Pull a supported model (e.g., LLaMA 3):
ollama pull llama3:8b
- Download and install Ollama (https://ollama.ai/):
-
Configure reconFTW:
- Set AI options in
reconftw.cfg:AI_MODEL="llama3:8b" AI_REPORT_TYPE="md" # or "txt" AI_REPORT_PROFILE="bughunter" # or "executive", "brief"
- Set AI options in
-
Run a Scan with AI:
Generates a report in
./reconftw.sh -d example.com -r -y
Recon/example.com/Report/report_example.com.md.
Docker Setup:
- If using Docker, ensure Ollama runs on the host and use
--network host:docker run -it --rm --network host \ -v "${PWD}/reconftw.cfg:/reconftw/reconftw.cfg" \ -v "${PWD}/Recon/:/reconftw/Recon/" \ six2dez/reconftw:main -d example.com -r -y
Example Report (Report/report_example.com.md):
# ReconFTW Report for example.com
## Critical Findings
- Subdomain takeover on dev.example.com
- XSS on api.example.com/search?q=<script>Note: Ensure Ollama is running (ollama serve) before scanning. Use a high-performance system (e.g., 8 GB RAM) for large reports.
A: AI reporting issues may stem from Ollama misconfiguration, resource constraints, or model limitations.
Solutions:
-
Verify Ollama:
- Check if Ollama is running:
ollama ps
- Test the model:
ollama run llama3:8b "Hello, world!"
- Check if Ollama is running:
-
Check Configuration:
- Ensure
AI_MODELmatches an installed model (e.g.,llama3:8b). - Verify
AI_REPORT_TYPEismdortxt.
- Ensure
-
Increase Resources:
- Allocate more memory for Ollama (e.g., 4 GB+).
- Stop other resource-intensive processes.
-
Update Ollama:
curl https://ollama.ai/install.sh | sh ollama pull llama3:8b -
Debug Output:
- Run with
--verboseto check AI processing:./reconftw.sh -d example.com -s -y --verbose
- Run with
Example: Fix model mismatch:
sed -i 's/AI_MODEL="unknown"/AI_MODEL="llama3:8b"/' reconftw.cfgNote: For Docker, ensure the container can access Ollama (port 11434). Use a larger model (e.g., llama3:70b) for complex reports if hardware permits.
-
Added New Sections:
- Introduced Data Management section with FAQs on organizing outputs and handling large result sets.
- Added AI Integration section with detailed setup for AI reporting and troubleshooting.
-
Updated Existing Content:
- Replaced outdated tools (e.g.,
massdns→puredns) and updatedreconftw.cfgreferences. - Simplified notification setup with modern
notifysyntax and added custom webhook support. - Removed broken image links and replaced with text descriptions or code examples.
- Replaced outdated tools (e.g.,
-
Aligned with Latest Features:
- Incorporated AI reporting (
-y,reconftw_ai, Ollama setup). - Updated Ax Framework references and added examples for distributed scanning.
- Included ARM compatibility notes for installation issues.
- Incorporated AI reporting (
-
Improved Clarity and Structure:
- Organized into five sections with a table of contents for navigation.
- Used consistent formatting (code blocks, lists, headings) and added practical examples.
- Provided step-by-step solutions with commands and explanations.
-
Enhanced Troubleshooting:
- Added detailed troubleshooting for each FAQ, including logs, resource checks, and manual fixes.
- Linked to relevant Wiki pages (e.g., Output Files Guide, Ax Framework Version Guide).
- Included community support links (Discord, Telegram).