Advanced Usage

This guide covers advanced features, customization, and optimization techniques for power users.

Custom Function Execution

Running Specific Functions

Use the -c flag to run specific functions:

# Run single function
./reconftw.sh -d example.com -c nuclei_check

# Run multiple functions
./reconftw.sh -d example.com -c sub_passive
./reconftw.sh -d example.com -c webprobe_simple
./reconftw.sh -d example.com -c nuclei_check

Available Functions

Function Dependencies

Some functions depend on others:

Creating Custom Modules

Module Structure

Loading Custom Modules

Add to reconftw.sh:

Function Templates

Plugin System

Plugin Architecture

reconFTW supports plugins via hooks:

Creating Plugins

Available Hooks

Wordlist Customization

Custom Wordlist Configuration

Generating Custom Wordlists

Per-Target Wordlists

Resolver Optimization

Resolver Setup

Trusted Resolvers

Resolver Rotation

Incremental Mode Deep Dive

How Incremental Works

1. First scan: Full enumeration, results saved

2. Subsequent scans: Compare new vs existing

3. Process only NEW findings

4. Merge results

Incremental Data Flow

Incremental Configuration

Checkpoint/Recovery System

How Checkpoints Work

Resuming Interrupted Scans

Reset Checkpoints

Checkpoint Configuration

Rate Limiting Strategies

Per-Tool Rate Limits

Adaptive Rate Limiting

Global Rate Limit

Target-Specific Limits

Multi-Target Scanning

Target List

Parallel Execution

Multi-Target with Different Configs

Scope File Management

Scope File Format

Using Scope Files

Wildcard Scopes

Notification Customization

Notification Providers

Provider Configuration

Custom Notification Templates

AI Report Customization

AI Configuration

Custom Report Prompts

Report Types

Performance Tuning

Thread Optimization

Memory Management

Disk I/O Optimization

Network Optimization

Circuit Breaker Pattern

Configuration

Behavior

1. Closed: Normal operation

2. Open: Too many errors, stop requests

3. Half-Open: Test with few requests

4. Recovery: Resume normal operation

Environment Variables

Override Configuration

Precedence

1. Command-line flags (highest)

2. Environment variables

3. Custom config file (-f)

4. Default reconftw.cfg (lowest)

Debugging

Dry Run Mode

Verbose Output

Log Analysis

Next Steps

• Troubleshooting - Common issues

• Configuration - All options