-
-
Notifications
You must be signed in to change notification settings - Fork 936
6. Output files
six2dez edited this page Apr 24, 2021
·
3 revisions
- ReconFTW generates a lot of output.
- One should have a thorough understanding of all the output files/folders of reconFTW.
- Below tables represents what each of the file contains and the tools used for that purpose.
| Filename (*.txt) | Description | Tool used |
|---|---|---|
| dorks | Results from Google dorking | degoogle_hunter |
| gitdorks | Results from GitHub dorking | GitDorker |
| software | Potential list of software used by the target | metafinder |
| authors | List of persons who might work for the org | metafinder |
| metadata_results | All the info obtained from metadata | metafinder |
| emails | Emails of people working for the target | theHarvester |
| users | Users associated with the target | theHarvester |
| h8mail | Emails and passwords from target domain | h8mail |
| passwords | Passwords from data breaches | theHarvester, pwndb |
| domain_info_general | General data about domain and it's registrant | domainbigdata.com |
| domain_info_name | Domains owned by the same name as the target | domainbigdata.com |
| domain_info_email | Domains owned by the same email as the target | domainbigdata.com |
| domain_info_ip | Domains under the same IP as the target | domainbigdata.com |
| Filename (*.txt) | Description | Tool used |
|---|---|---|
| subdomains | List of DNS probed subdomains | cant fit here π |
| subdomains_cname | CNAME associated with each subdomain | dnsx |
| zonetransfer | Zone Transfer attempt results | dnsrecon |
| s3buckets | Found S3 buckets | S3Scanner |
| Filename (*.txt) | Description | Tool used |
|---|---|---|
| ips | IP's associated to the subdomains | dig |
| subs_ips_vhosts | List of subdomains belonging to the same IP (Vhosts) | dig |
| portscan_passive | Passive Port Scan through shodan | shodan-cli |
| portscan_active | Active Port Scan (top-1000 ports) | nmap |
| favicontest | IP addresses having the same favicon | favUp.py |
| testssl | TLS/SSL vulnerabilities | testssl |
| Filename (*.txt) | Description | Tool used |
|---|---|---|
| webs | HTTP/HTTPS probed subdomains | httpx |
| takeover | Potential subdomain-takeovers (67 fingerprints) | nuclei-templates/takeover |
| webs_uncommon_ports | Web probed on 88 uncommon ports | httpx |
| webs_wafs | Identified web firewalls on the target | wafw00f |
| param | Discovered URLs with parameters | ParamSpider, Arjun |
| url_extract | Endpoints gathered through various sources | gospider, waybackurls, gau |
| dict_words | Word dictionary generated from target | getjswords.py |
| dict_paths | Paths dictionary generated from target | unfurl |
| brokenLinks | Crawled broken links (BLH) | gospider |
| cors | subdomains having CORS Misconfigurations | Corsy |
| Filename (*.txt) | Description | Tool used |
|---|---|---|
| xss | Potential XSS's found | XSStrike |
| openredirect | OpenRedirect issues | OpenRedireX |
| ssrf | Server-side request forgery (SSRF) requests, manual callback check required | ssrf_async.py |
| crlf | Found CRLF Injections | crlfuzz |
| lfi | LFI vulns found | ffuf |
| ssti | SSTI vulns found | ffuf |
| 4xxbypass | 403 bypassed directories | DirDar |