# Introduction

Automated Reconnaissance Framework

GitHubTwitterDiscordTelegram

*** ## Welcome to reconFTW **reconFTW** is a modular reconnaissance automation framework designed for security researchers, penetration testers, and bug bounty hunters. It orchestrates 80+ security tools to perform full reconnaissance on your targets, from subdomain enumeration to vulnerability scanning. ### Why reconFTW? | Feature | Description | | -------------------------- | -------------------------------------------------------------------------------------------- | | 🔄 **Automated Workflow** | Complete reconnaissance pipeline with a single command | | 🧩 **Modular Design** | Enable/disable any module or function as needed | | **Distributed Scanning** | Scale with [Axiom](https://docs.reconftw.com/integrations/axiom) across cloud infrastructure | | **Structured Output** | Organized results with multiple export formats | | 🔧 **Highly Configurable** | 300+ configuration options for fine-tuning | | 🔄 **Incremental Scans** | Only scan new findings since last run | | 🤖 **AI Integration** | Generate executive reports with local AI models | ### What Can reconFTW Do? ``` ┌─────────────────────────────────────────────────────────────────┐ │ reconFTW Capabilities │ ├─────────────────────────────────────────────────────────────────┤ │ OSINT │ Google dorks, GitHub secrets, metadata, │ │ │ email harvesting, API leaks, cloud enum, │ │ │ leaked credentials, S3 buckets │ ├──────────────────┼──────────────────────────────────────────────┤ │ Subdomains │ 10+ passive sources, DNS bruteforce, │ │ │ permutations (AI-powered), recursive enum, │ │ │ CT logs, scraping, zone transfer, takeover │ ├──────────────────┼──────────────────────────────────────────────┤ │ Web Analysis │ HTTP probing, screenshots, JS secrets, │ │ │ URL extraction, directory fuzzing, CMS, │ │ │ virtual hosts, parameters, GraphQL, gRPC │ ├──────────────────┼──────────────────────────────────────────────┤ │ Vulnerabilities │ Nuclei templates, XSS, SQLi, SSRF, LFI, │ │ │ SSTI, CORS, CRLF, command injection, │ │ │ prototype pollution, 403 bypass, smuggling │ ├──────────────────┼──────────────────────────────────────────────┤ │ Host Analysis │ Port scanning (nmap/naabu), CDN detection, │ │ │ WAF fingerprinting, geolocation, banners │ ├──────────────────┼──────────────────────────────────────────────┤ │ Automation │ Checkpoint/resume system, incremental scans, │ │ │ notifications (Slack/Discord/Telegram), │ │ │ Axiom distributed scanning, AI reports │ └─────────────────────────────────────────────────────────────────┘ ``` *** ## Quick Start ```bash # Install reconFTW git clone https://github.com/six2dez/reconftw.git cd reconftw ./install.sh # Run your first scan ./reconftw.sh -d example.com -r # Full scan with vulnerabilities ./reconftw.sh -d example.com -a ``` *** ## Documentation Overview This documentation is organized to help you get the most out of reconFTW: ### 📚 For Beginners 1. [**First 30 Minutes**](https://docs.reconftw.com/welcome/first-30-minutes) - Quick start guide to get scanning 2. [**Getting Started**](https://docs.reconftw.com/getting-started/getting-started) - Installation and setup 3. [**Concepts**](https://docs.reconftw.com/understanding-reconftw/concepts) - Understanding how reconFTW works 4. [**Usage Guide**](https://docs.reconftw.com/usage/usage) - All command-line options explained ### 🔧 For Configuration 5. [**Configuration**](https://docs.reconftw.com/configuration/configuration) - Deep dive into reconftw\.cfg 6. [**Modules**](https://docs.reconftw.com/modules/05-modules) - Detailed documentation for each module 7. [**Tools Reference**](https://docs.reconftw.com/tools-reference/tools) - All 80+ integrated tools ### 📊 For Results 8. [**Output Interpretation**](https://docs.reconftw.com/output/output) - Understanding your results 9. [**Data Model & I/O**](https://docs.reconftw.com/guides/data-model) - Complete input/output reference 10. [**Integrations**](https://github.com/six2dez/reconftw-docs/blob/main/08-integrations/README.md) - Axiom and Faraday setup ### For Advanced Users 11. [**Deployment**](https://docs.reconftw.com/deployment/deployment) - Docker, Terraform, VPS, CI/CD 12. [**Performance Tuning**](https://docs.reconftw.com/guides/tuning) - Optimize for speed and target size 13. [**Case Studies**](https://docs.reconftw.com/guides/case-studies) - Real-world usage examples 14. [**Advanced Usage**](https://docs.reconftw.com/advanced/advanced) - Custom functions and optimization 15. [**Troubleshooting**](https://docs.reconftw.com/help/troubleshooting) - Common issues and solutions ### ⚖️ Legal & Security 16. [**OPSEC & Legal**](https://docs.reconftw.com/guides/opsec-legal) - Stay safe and authorized *** ## Scan Modes at a Glance | Mode | Flag | Description | Use Case | | -------------- | ---- | ---------------------------- | ------------------------- | | **Recon** | `-r` | Full reconnaissance | Standard bug bounty recon | | **Subdomains** | `-s` | Subdomain enumeration only | Quick subdomain discovery | | **Passive** | `-p` | Passive reconnaissance | Stealth/non-intrusive | | **All** | `-a` | Full recon + vulnerabilities | Full assessment | | **Web** | `-w` | Web analysis only | Analyze known URLs | | **OSINT** | `-n` | OSINT gathering only | Intelligence gathering | | **Custom** | `-c` | Run custom function | Advanced workflows | | **Zen** | `-z` | Minimal output mode | Clean terminal output | *** ## ⚠️ Legal & OPSEC > **IMPORTANT**: reconFTW is designed for authorized security testing only. ### Authorization Checklist Before running any scan, verify: * [ ] Written permission from target owner * [ ] Defined scope (in-scope and out-of-scope assets) * [ ] Rate limits agreed upon * [ ] Testing window defined (if applicable) * [ ] Emergency contact available * [ ] NDA signed (if required) ### OPSEC Considerations | Risk | Mitigation | | ----------------- | --------------------------------------- | | **IP Blocking** | Use VPS, rotate IPs with Axiom | | **WAF Detection** | Start with passive mode (`-p`) | | **Rate Limiting** | Use `--adaptive-rate` flag | | **Legal Issues** | Always have written authorization | | **Data Exposure** | Keep `secrets.cfg` secure, never commit | ### Legal Disclaimer By using this tool, you confirm that: * You have explicit written permission to test the target * You will comply with all applicable laws and regulations * You understand that unauthorized testing is illegal The developers assume no liability for misuse of this tool. **Use responsibly.** ➡️ [**Full OPSEC Guide**](https://docs.reconftw.com/understanding-reconftw/concepts#opsec-and-legal) *** ## Community & Support * **GitHub Issues**: [Report bugs or request features](https://github.com/six2dez/reconftw/issues) * **Discord**: [Join our community](https://discord.gg/R5DdXVEdTy) * **Telegram**: [Discussion group](https://t.me/joinchat/H5bAaw3YbzzmI5co) * **Twitter**: [@Six2dez1](https://twitter.com/Six2dez1) *** ## Contributing reconFTW is open source and welcomes contributions! See our [Contributing Guide](https://github.com/six2dez/reconftw/blob/main/CONTRIBUTING.md) for details. ***

Made with ❤️ by six2dez and the security community

***