-
-
Notifications
You must be signed in to change notification settings - Fork 935
6. Output files
six2dez edited this page Feb 9, 2024
·
3 revisions
- ReconFTW generates a lot of output.
- One should have a thorough understanding of all the output files/folders of reconFTW.
- Below tables represents what each of the file contains and the tools used for that purpose.
Filename (*.txt) | Description | Tool used |
---|---|---|
dorks | Results from Google dorking | degoogle_hunter |
gitdorks | Results from GitHub dorking | GitDorker |
software | Potential list of software used by the target | metafinder |
authors | List of persons who might work for the org | metafinder |
metadata_results | All the info obtained from metadata | metafinder |
emails | Emails of people working for the target | theHarvester |
users | Users associated with the target | theHarvester |
h8mail | Emails and passwords from target domain | h8mail |
passwords | Passwords from data breaches | theHarvester, pwndb |
domain_info_general | General data about domain and it's registrant | domainbigdata.com |
domain_info_name | Domains owned by the same name as the target | domainbigdata.com |
domain_info_email | Domains owned by the same email as the target | domainbigdata.com |
domain_info_ip | Domains under the same IP as the target | domainbigdata.com |
Filename (*.txt) | Description | Tool used |
---|---|---|
subdomains | List of DNS probed subdomains | cant fit here π |
subdomains_cname | CNAME associated with each subdomain | dnsx |
zonetransfer | Zone Transfer attempt results | dnsrecon |
s3buckets | Found S3 buckets | S3Scanner |
Filename (*.txt) | Description | Tool used |
---|---|---|
ips | IP's associated to the subdomains | dig |
subs_ips_vhosts | List of subdomains belonging to the same IP (Vhosts) | dig |
portscan_passive | Passive Port Scan through shodan | shodan-cli |
portscan_active | Active Port Scan (top-200 ports) | nmap |
favicontest | IP addresses having the same favicon | favUp.py |
testssl | TLS/SSL vulnerabilities | testssl |
cloud_providers | Check which cloud provider is hosting a particular IP address | ip2provider |
brutespray | brute-forces services with default credentials using Medusa | brutespray |
Filename (*.txt) | Description | Tool used |
---|---|---|
webs | HTTP/HTTPS probed subdomains | httpx |
takeover | Potential subdomain-takeovers (67 fingerprints) | nuclei-templates/takeover |
webs_uncommon_ports | Web probed on 88 uncommon ports | httpx |
webs_wafs | Identified web firewalls on the target | wafw00f |
param | Discovered URLs with parameters | ParamSpider, Arjun |
url_extract | Endpoints gathered through various sources | gospider, waybackurls, gau |
dict_words | Word dictionary generated from target | getjswords.py |
dict_paths | Paths dictionary generated from target | unfurl |
brokenLinks | Crawled broken links (BLH) | gospider |
cors | subdomains having CORS Misconfigurations | Corsy |
urls_by_ext | List of url's ordered by extenstion | Manual, custom |
Filename (*.txt) | Description | Tool used |
---|---|---|
xss | Potential XSS's found | XSStrike |
openredirect | OpenRedirect issues | OpenRedireX |
ssrf | Server-side request forgery (SSRF) requests, manual callback check required | ssrf_async.py |
crlf | Found CRLF Injections | crlfuzz |
lfi | LFI vulns found | ffuf |
ssti | SSTI vulns found | ffuf |
4xxbypass | 403 bypassed directories | DirDar |
Filename (*.txt) | Description | Tool used |
---|---|---|
js_endpoints | Endpoints gathered from JS files | Gospider |
jsfile_links | Contains all the js file links of the target | LinkFinder |
js_livelinks | JS files alive and reachable | Gospider |
js_secrets | Secrets found on JS files | nuclei-templates/exposures/tokens/ |
url_extract_js | List of url's extracted from JS files | Gospider |
- This will contain the output from the nuclei tool
- This will contain the output of directory fuzzing/bruteforcing.
- There will be separate folders for the output from each subdomain.
- This folder contains the screenshots of all the websites hosted on the subdomains.
- This folder will show the detected CMS(Content Management System) of the websites.
- This folder contains the raw data from the gf tool.