Magic weapon-ReconFTW vulnerability scanning

ReconFTW is a tool designed to perform automatic detection of target domains by running the best toolset to perform scanning and find vulnerabilities.

Installation guide

Need to install Golang> 1.14 and set the path correctly ($ GOPATH, $ GOROOT)

Magic weapon-ReconFTW vulnerability scanning

It is strongly recommended (and in some cases essential) to set an API key or environment variable:

Magic weapon-ReconFTW vulnerability scanning


  Magic weapon-ReconFTW vulnerability scanning

Perform a full investigation of a single target (may take a lot of time)

./ -d -a

Fully check the target list

./ -l sites.txt -a -o / output/ directory /

Perform comprehensive investigations for more difficult tasks (applicable to VPS)

./ -d -a –deep -o / output / directory /

Perform extensive reconnaissance on the target (may include false alarms)

./ -d -a –fs -o / output / directory /

Check if all necessary tools are present

./ -i

Show help section

./ -h


Google Dorks (degoogle_hunter)

Multiple subdomain enumeration techniques (passive, brute force, replacement and grabbing)

Passive (sub-finder, asset finder, large amount of information, findomain, crobat, waybackurls)

Certificate transparency (crtfinder, tls.bufferover and dns.bufferover)

Brute force (shuffledns)

Permutation (dnsgen)

Subdomain JS crawling (JSFinder)

Sub TKO (subzy and nuclei)

Web Prober (httpx)


Template scanner (nucleus)

Port scanner (nmap)

URL extraction (waybackurls, gau, gospider, github-endpoints)

Mode search (gf and gf mode) six2dez

XSS (XSStrike)

Open redirection (Openredirex)


CRLF (crlfuzz)

GitHub (GitDorker)

Favicon Real IP (fav-up)

Javascript analysis (LinkFinder, script in JSFScan)

Fuzzification (ffuf)

Cors (Corsy)

SSL test (testssl)

Some steps of multi-threading (interlacing)

Custom output folder (default is Recon/target.tld/)

Run independent steps (subdomain, subtko, web, gdorks…)

The installer is compatible with most distributions

Detailed mode

Update tool script

Raspberry Pi support

Docker support

CMS Scanner (CMSeeK)

Out of scope support

LFI inspection

Notification support for Slack, Discord and Telegram (notify)

project address:

The Links:   CM150RX-24T RM500DZ-24 BUY-IGBT