search

Introduction

Documentation for reconFTW dev branch Last updated: February 2026

Automated Reconnaissance Framework

GitHubarrow-up-rightTwitterarrow-up-rightDiscordarrow-up-rightTelegramarrow-up-right

hashtag
Welcome to reconFTW

reconFTW is a modular reconnaissance automation framework designed for security researchers, penetration testers, and bug bounty hunters. It orchestrates 80+ security tools to perform full reconnaissance on your targets, from subdomain enumeration to vulnerability scanning.

hashtag
Why reconFTW?

Feature
Description

🔄 Automated Workflow

Complete reconnaissance pipeline with a single command

🧩 Modular Design

Enable/disable any module or function as needed

Distributed Scanning

Scale with Axiom across cloud infrastructure

Structured Output

Organized results with multiple export formats

🔧 Highly Configurable

300+ configuration options for fine-tuning

🔄 Incremental Scans

Only scan new findings since last run

🤖 AI Integration

Generate executive reports with local AI models

hashtag
What Can reconFTW Do?

hashtag
Quick Start

hashtag
Documentation Overview

This documentation is organized to help you get the most out of reconFTW:

hashtag
📚 For Beginners

  1. First 30 Minutes - Quick start guide to get scanning

  2. Getting Started - Installation and setup

  3. Concepts - Understanding how reconFTW works

  4. Usage Guide - All command-line options explained

hashtag
🔧 For Configuration

  1. Configuration - Deep dive into reconftw.cfg

  2. Modules - Detailed documentation for each module

  3. Tools Reference - All 80+ integrated tools

hashtag
📊 For Results

  1. Output Interpretation - Understanding your results

  2. Data Model & I/O - Complete input/output reference

  3. Integrationsarrow-up-right - Axiom and Faraday setup

hashtag
For Advanced Users

  1. Deployment - Docker, Terraform, VPS, CI/CD

  2. Performance Tuning - Optimize for speed and target size

  3. Case Studies - Real-world usage examples

  4. Advanced Usage - Custom functions and optimization

  5. Troubleshooting - Common issues and solutions

hashtag
⚖️ Legal & Security

  1. OPSEC & Legal - Stay safe and authorized

hashtag
Scan Modes at a Glance

Mode
Flag
Description
Use Case

Recon

-r

Full reconnaissance

Standard bug bounty recon

Subdomains

-s

Subdomain enumeration only

Quick subdomain discovery

Passive

-p

Passive reconnaissance

Stealth/non-intrusive

All

-a

Full recon + vulnerabilities

Full assessment

Web

-w

Web analysis only

Analyze known URLs

OSINT

-n

OSINT gathering only

Intelligence gathering

Custom

-c

Run custom function

Advanced workflows

Zen

-z

Minimal output mode

Clean terminal output

hashtag
⚠️ Legal & OPSEC

IMPORTANT: reconFTW is designed for authorized security testing only.

hashtag
Authorization Checklist

Before running any scan, verify:

hashtag
OPSEC Considerations

Risk
Mitigation

IP Blocking

Use VPS, rotate IPs with Axiom

WAF Detection

Start with passive mode (-p)

Rate Limiting

Use --adaptive-rate flag

Legal Issues

Always have written authorization

Data Exposure

Keep secrets.cfg secure, never commit

hashtag
Legal Disclaimer

By using this tool, you confirm that:

  • You have explicit written permission to test the target

  • You will comply with all applicable laws and regulations

  • You understand that unauthorized testing is illegal

The developers assume no liability for misuse of this tool. Use responsibly.

➡️ Full OPSEC Guide

hashtag
Community & Support

hashtag
Contributing

reconFTW is open source and welcomes contributions! See our Contributing Guidearrow-up-right for details.

Made with ❤️ by six2dezarrow-up-right and the security community

Documentation Info Branch: dev | Version: v3.0.0+ | Last updated: February 2026 Found an issue? Report it on GitHubarrow-up-right

NextFirst 30 Minutes

Last updated