ReconFTW is an open-source tool that automates the recon process for a target domain. It does subdomain enumeration and vulnerability scanning to get all the information about the target.
ReconFTW uses multiple methods for subdomain discovery: passive analysis, brute force, permutations, certificate transparency logs, source code scraping, analytics, and DNS records. This way you get all the subdomains and a full picture of the target domain.
Automated Vulnerability Scanning
Besides subdomain enumeration ReconFTW also automates the detection of various vulnerabilities. It checks for XSS, Open Redirects, Server-Side Request Forgery (SSRF), CRLF injections, Local File Inclusion (LFI), SQL injection (SQLi), and more. This way the vulnerability scanning is automated and security professionals can find and fix the vulnerabilities fast.
Integration and Usage
ReconFTW can be integrated into your existing workflow and can be installed locally or via Docker. It’s flexible based on your needs. By automating the recon tasks ReconFTW lets security teams focus on the results and implementation of the security measures.
Only use ReconFTW by authorized personnel in a controlled and legal environment.
Update ReconFTW to the latest version.
Integrate ReconFTW in your workflow to automate the recon tasks.
Train your security teams to use ReconFTW properly.
