Skip to content
OSINT Tool for All-In-One Web Reconnaissance
Python Dockerfile
Branch: master
Clone or download

Latest commit

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
dumps Create .blank.txt Mar 20, 2020
modules
wordlists v1.0.2 Mar 20, 2020
Dockerfile Docker support added Apr 6, 2020
LICENSE Create LICENSE May 6, 2019
README.md updated readme Mar 25, 2020
finalrecon.py v1.0.3 - anubisdb domain fixed Mar 23, 2020
requirements.txt Update requirements.txt Mar 23, 2020
version.txt v1.0.3 - anubisdb domain fixed Mar 23, 2020

README.md

Twitter - Telegram - thewhiteh4t's Blog

Available in

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease.

Featured

NullByte

Hakin9

Features

FinalRecon provides detailed information such as :

  • Header Information

  • Whois

  • SSL Certificate Information

  • Crawler

  • DNS Enumeration

    • A, AAAA, ANY, CNAME, MX, NS, SOA, TXT Records
    • DMARC Records
  • Subdomain Enumeration

    • Data Sources
      • BuffOver
      • crt.sh
      • ThreatCrowd
      • AnubisDB
      • ThreatMiner
  • Traceroute

    • Protocols
      • UDP
      • TCP
      • ICMP
  • Directory Searching

  • Port Scan

    • Fast
    • Top 1000 Ports
    • Open Ports with Standard Services
  • Export

    • Formats
      • txt
      • xml
      • csv

Screenshots

Header Information

WHOIS

SSL Certificate Details

Found Flag in SSL Certificate - Securinets CTF Quals 2019 - Hidden (200 Points)

Crawler

DNS Enumeration

HackTheBox OSINT Challenge

Subdomain Enumeration

Traceroute

Directory Searching

Port Scan

Tested on

  • Kali Linux 2019.1
  • BlackArch Linux

Installation

git clone https://github.com/thewhiteh4t/FinalRecon.git
cd FinalRecon
pip3 install -r requirements.txt

Usage

python3 finalrecon.py -h

usage: finalrecon.py [-h] [--headers] [--sslinfo] [--whois] [--crawl] [--dns] [--sub] [--trace] [--dir] [--ps]
                     [--full] [-t T] [-T T] [-w W] [-r] [-s] [-d D] [-m M] [-p P] [-tt TT] [-o O]
                     url

FinalRecon - OSINT Tool for All-In-One Web Recon | v1.0.2

positional arguments:
  url         Target URL

optional arguments:
  -h, --help  show this help message and exit
  --headers   Header Information
  --sslinfo   SSL Certificate Information
  --whois     Whois Lookup
  --crawl     Crawl Target
  --dns       DNS Enumeration
  --sub       Sub-Domain Enumeration
  --trace     Traceroute
  --dir       Directory Search
  --ps        Fast Port Scan
  --full      Full Recon

Extra Options:
  -t T        Number of Threads [ Default : 50 ]
  -T T        Request Timeout [ Default : 10.0 ]
  -w W        Path to Wordlist [ Default : wordlists/dirb_common.txt ]
  -r          Allow Redirect [ Default : False ]
  -s          Toggle SSL Verification [ Default : True ]
  -d D        Custom DNS Servers [ Default : 1.1.1.1 ]
  -m M        Traceroute Mode [ Default : UDP ] [ Available : TCP, ICMP ]
  -p P        Port for Traceroute [ Default : 80 / 33434 ]
  -tt TT      Traceroute Timeout [ Default : 1.0 ]
  -o O        Export Output [ Default : txt ] [ Available : xml, csv ]
# Check headers

python3 finalrecon.py --headers <url>

# Check ssl Certificate

python3 finalrecon.py --sslinfo <url>

# Check whois Information

python3 finalrecon.py --whois <url>

# Crawl Target

python3 finalrecon.py --crawl <url>

# full scan

python3 finalrecon.py --full <url>

Demo

Youtube

You can’t perform that action at this time.