Skip to content

6. Output files

six2dez edited this page Feb 9, 2024 · 3 revisions

Output files and its description

  • ReconFTW generates a lot of output.
  • One should have a thorough understanding of all the output files/folders of reconFTW.
  • Below tables represents what each of the file contains and the tools used for that purpose.

OSINT πŸ“

Filename (*.txt) Description Tool used
dorks Results from Google dorking degoogle_hunter
gitdorks Results from GitHub dorking GitDorker
software Potential list of software used by the target metafinder
authors List of persons who might work for the org metafinder
metadata_results All the info obtained from metadata metafinder
emails Emails of people working for the target theHarvester
users Users associated with the target theHarvester
h8mail Emails and passwords from target domain h8mail
passwords Passwords from data breaches theHarvester, pwndb
domain_info_general General data about domain and it's registrant domainbigdata.com
domain_info_name Domains owned by the same name as the target domainbigdata.com
domain_info_email Domains owned by the same email as the target domainbigdata.com
domain_info_ip Domains under the same IP as the target domainbigdata.com

Subdomains πŸ“

Filename (*.txt) Description Tool used
subdomains List of DNS probed subdomains cant fit here 😜
subdomains_cname CNAME associated with each subdomain dnsx
zonetransfer Zone Transfer attempt results dnsrecon
s3buckets Found S3 buckets S3Scanner

Hosts πŸ“

Filename (*.txt) Description Tool used
ips IP's associated to the subdomains dig
subs_ips_vhosts List of subdomains belonging to the same IP (Vhosts) dig
portscan_passive Passive Port Scan through shodan shodan-cli
portscan_active Active Port Scan (top-200 ports) nmap
favicontest IP addresses having the same favicon favUp.py
testssl TLS/SSL vulnerabilities testssl
cloud_providers Check which cloud provider is hosting a particular IP address ip2provider
brutespray brute-forces services with default credentials using Medusa brutespray

Webs πŸ“

Filename (*.txt) Description Tool used
webs HTTP/HTTPS probed subdomains httpx
takeover Potential subdomain-takeovers (67 fingerprints) nuclei-templates/takeover
webs_uncommon_ports Web probed on 88 uncommon ports httpx
webs_wafs Identified web firewalls on the target wafw00f
param Discovered URLs with parameters ParamSpider, Arjun
url_extract Endpoints gathered through various sources gospider, waybackurls, gau
dict_words Word dictionary generated from target getjswords.py
dict_paths Paths dictionary generated from target unfurl
brokenLinks Crawled broken links (BLH) gospider
cors subdomains having CORS Misconfigurations Corsy
urls_by_ext List of url's ordered by extenstion Manual, custom

Vulns πŸ“

Filename (*.txt) Description Tool used
xss Potential XSS's found XSStrike
openredirect OpenRedirect issues OpenRedireX
ssrf Server-side request forgery (SSRF) requests, manual callback check required ssrf_async.py
crlf Found CRLF Injections crlfuzz
lfi LFI vulns found ffuf
ssti SSTI vulns found ffuf
4xxbypass 403 bypassed directories DirDar

JS πŸ“

Filename (*.txt) Description Tool used
js_endpoints Endpoints gathered from JS files Gospider
jsfile_links Contains all the js file links of the target LinkFinder
js_livelinks JS files alive and reachable Gospider
js_secrets Secrets found on JS files nuclei-templates/exposures/tokens/
url_extract_js List of url's extracted from JS files Gospider

Nuclei_output πŸ“

  • This will contain the output from the nuclei tool

Fuzzing πŸ“

  • This will contain the output of directory fuzzing/bruteforcing.
  • There will be separate folders for the output from each subdomain.

Screenshots πŸ“

  • This folder contains the screenshots of all the websites hosted on the subdomains.

CMS πŸ“

  • This folder will show the detected CMS(Content Management System) of the websites.

gf πŸ“

  • This folder contains the raw data from the gf tool.