# Introduction

Automated Reconnaissance Framework

GitHubTwitterDiscordTelegram

*** ## Welcome to reconFTW **reconFTW** is a modular reconnaissance automation framework designed for security researchers, penetration testers, and bug bounty hunters. It orchestrates 80+ security tools to perform full reconnaissance on your targets, from subdomain enumeration to vulnerability scanning. ### Why reconFTW? | Feature | Description | | -------------------------- | ---------------------------------------------------------------------- | | 🔄 **Automated Workflow** | Complete reconnaissance pipeline with a single command | | 🧩 **Modular Design** | Enable/disable any module or function as needed | | **Distributed Scanning** | Scale with [Axiom](/integrations/axiom.md) across cloud infrastructure | | **Structured Output** | Organized results with multiple export formats | | 🔧 **Highly Configurable** | 300+ configuration options for fine-tuning | | 🔄 **Incremental Scans** | Only scan new findings since last run | | 🤖 **AI Integration** | Generate executive reports with local AI models | ### What Can reconFTW Do? ``` ┌─────────────────────────────────────────────────────────────────┐ │ reconFTW Capabilities │ ├─────────────────────────────────────────────────────────────────┤ │ OSINT │ Google dorks, GitHub secrets, metadata, │ │ │ email harvesting, API leaks, cloud enum, │ │ │ leaked credentials, S3 buckets │ ├──────────────────┼──────────────────────────────────────────────┤ │ Subdomains │ 10+ passive sources, DNS bruteforce, │ │ │ permutations (AI-powered), recursive enum, │ │ │ CT logs, scraping, zone transfer, takeover │ ├──────────────────┼──────────────────────────────────────────────┤ │ Web Analysis │ HTTP probing, screenshots, JS secrets, │ │ │ URL extraction, directory fuzzing, CMS, │ │ │ virtual hosts, parameters, GraphQL, gRPC │ ├──────────────────┼──────────────────────────────────────────────┤ │ Vulnerabilities │ Nuclei templates, XSS, SQLi, SSRF, LFI, │ │ │ SSTI, CORS, CRLF, command injection, │ │ │ prototype pollution, 403 bypass, smuggling │ ├──────────────────┼──────────────────────────────────────────────┤ │ Host Analysis │ Port scanning (nmap/naabu), CDN detection, │ │ │ WAF fingerprinting, geolocation, banners │ ├──────────────────┼──────────────────────────────────────────────┤ │ Automation │ Checkpoint/resume system, incremental scans, │ │ │ notifications (Slack/Discord/Telegram), │ │ │ Axiom distributed scanning, AI reports │ └─────────────────────────────────────────────────────────────────┘ ``` *** ## Quick Start ```bash # Install reconFTW git clone https://github.com/six2dez/reconftw.git cd reconftw ./install.sh # Run your first scan ./reconftw.sh -d example.com -r # Full scan with vulnerabilities ./reconftw.sh -d example.com -a ``` *** ## Documentation Overview This documentation is organized to help you get the most out of reconFTW: ### 📚 For Beginners 1. [**First 30 Minutes**](/welcome/first-30-minutes.md) - Quick start guide to get scanning 2. [**Getting Started**](/getting-started/getting-started.md) - Installation and setup 3. [**Concepts**](/understanding-reconftw/concepts.md) - Understanding how reconFTW works 4. [**Usage Guide**](/usage/usage.md) - All command-line options explained ### 🔧 For Configuration 5. [**Configuration**](/configuration/configuration.md) - Deep dive into reconftw\.cfg 6. [**Modules**](/modules/05-modules.md) - Detailed documentation for each module 7. [**Tools Reference**](/tools-reference/tools.md) - All 80+ integrated tools ### 📊 For Results 8. [**Output Interpretation**](/output/output.md) - Understanding your results 9. [**Data Model & I/O**](/guides/data-model.md) - Complete input/output reference 10. [**Integrations**](https://github.com/six2dez/reconftw-docs/blob/main/08-integrations/README.md) - Axiom and Faraday setup ### For Advanced Users 11. [**Deployment**](/deployment/deployment.md) - Docker, Terraform, VPS, CI/CD 12. [**Performance Tuning**](/guides/tuning.md) - Optimize for speed and target size 13. [**Case Studies**](/guides/case-studies.md) - Real-world usage examples 14. [**Advanced Usage**](/advanced/advanced.md) - Custom functions and optimization 15. [**Troubleshooting**](/help/troubleshooting.md) - Common issues and solutions ### ⚖️ Legal & Security 16. [**OPSEC & Legal**](/guides/opsec-legal.md) - Stay safe and authorized *** ## Scan Modes at a Glance | Mode | Flag | Description | Use Case | | -------------- | ---- | ---------------------------- | ------------------------- | | **Recon** | `-r` | Full reconnaissance | Standard bug bounty recon | | **Subdomains** | `-s` | Subdomain enumeration only | Quick subdomain discovery | | **Passive** | `-p` | Passive reconnaissance | Stealth/non-intrusive | | **All** | `-a` | Full recon + vulnerabilities | Full assessment | | **Web** | `-w` | Web analysis only | Analyze known URLs | | **OSINT** | `-n` | OSINT gathering only | Intelligence gathering | | **Custom** | `-c` | Run custom function | Advanced workflows | | **Zen** | `-z` | Minimal output mode | Clean terminal output | *** ## ⚠️ Legal & OPSEC > **IMPORTANT**: reconFTW is designed for authorized security testing only. ### Authorization Checklist Before running any scan, verify: * [ ] Written permission from target owner * [ ] Defined scope (in-scope and out-of-scope assets) * [ ] Rate limits agreed upon * [ ] Testing window defined (if applicable) * [ ] Emergency contact available * [ ] NDA signed (if required) ### OPSEC Considerations | Risk | Mitigation | | ----------------- | --------------------------------------- | | **IP Blocking** | Use VPS, rotate IPs with Axiom | | **WAF Detection** | Start with passive mode (`-p`) | | **Rate Limiting** | Use `--adaptive-rate` flag | | **Legal Issues** | Always have written authorization | | **Data Exposure** | Keep `secrets.cfg` secure, never commit | ### Legal Disclaimer By using this tool, you confirm that: * You have explicit written permission to test the target * You will comply with all applicable laws and regulations * You understand that unauthorized testing is illegal The developers assume no liability for misuse of this tool. **Use responsibly.** ➡️ [**Full OPSEC Guide**](/understanding-reconftw/concepts.md#opsec-and-legal) *** ## Community & Support * **GitHub Issues**: [Report bugs or request features](https://github.com/six2dez/reconftw/issues) * **Discord**: [Join our community](https://discord.gg/R5DdXVEdTy) * **Telegram**: [Discussion group](https://t.me/joinchat/H5bAaw3YbzzmI5co) * **Twitter**: [@Six2dez1](https://twitter.com/Six2dez1) *** ## Contributing reconFTW is open source and welcomes contributions! See our [Contributing Guide](https://github.com/six2dez/reconftw/blob/main/CONTRIBUTING.md) for details. ***

Made with ❤️ by six2dez and the security community

*** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.reconftw.com/welcome/readme.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.