Reconftw Versions Save

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

v2.8.1

2 months ago
  • Gf potential removed
  • New API leaks search included
  • Fix for dontgo403
  • Fix for smuggler

v2.8

2 months ago

Main changes

  • Removed web interface
  • Added postman search
  • Replaced byp4xx with dontgo403

What's Changed

New Contributors

Full Changelog: https://github.com/six2dez/reconftw/compare/v2.7.1.1...v2.8

v2.7.1.1

5 months ago

v2.7.1

5 months ago

Highlights

  • Security controls for tampered CSP/domains entries
  • Removed subgpt as it no longer works
  • Print nuclei results with axiom
  • Added postleaksNG
  • Option to update tools before running the tool
  • Added custom nuclei templates path option
  • Installer improvements

What's Changed

New Contributors

Full Changelog: https://github.com/six2dez/reconftw/compare/v2.7...v2.7.1

v2.7

9 months ago

Highlights

  • Removed unimap
  • Improved GH repos scan, Trufflehog + gitleaks
  • Added Mantra for JS secrets
  • Removed bbrf
  • New random banner by @720922
  • Better and improved web fuzzing
  • crt replaces ctfr
  • web server fixes
  • vulners replaces searchsploit
  • Shellcheck compliant
  • Preparing to move to MIT license
  • Timeout fixes
  • Dynamic gowitness timeout
  • Added nuclei fuzzing templates on vulns_check

What's Changed

New Contributors

Full Changelog: https://github.com/six2dez/reconftw/compare/v2.6...v2.7

v2.6

11 months ago

Highlights

  • Added @n0kovo subdomain wordlist for DEEP mode, dropped assetnore's best_dns_wordlist
  • Back to interlace, dropped rush
  • Back to @lc gau as default passive url collector, only for deep mode for performance reasons
  • Added @r0oth3x49 ghauri as option for deep sqli
  • Added @hakluke hakip2host instead of dnsx for PTR lookup
  • 100K (or even more) different fixes
  • Removed theHarvester, h8mail and pwndb as they never work, I have a replacement in the backlog ;)
  • Fixed JSA with interlace from @gprime31
  • THE WEB INTERFAAAAAAAAACE @lur1el @d3vchac @ddaniboy

What's Changed

New Contributors

Full Changelog: https://github.com/six2dez/reconftw/compare/v2.5.2...v2.6

v2.5.2

1 year ago

Highlights

  • coming back to Trickest resolvers
  • waymore now replaces waybackurls and gau
  • Added gitlab-subdomains
  • Usage of new ffuf hashmap feature for ssrf detection
  • amass freezed version on v3.20.0
  • Added byp4xx
  • Fixes on send2zip
  • urless on js extraction

What's Changed

New Contributors

Full Changelog: https://github.com/six2dez/reconftw/compare/v2.5.1...v2.5.2

v2.5.1

1 year ago

What's Changed

New Contributors

Full Changelog: https://github.com/six2dez/reconftw/compare/v2.5...v2.5.1

v2.5

1 year ago

Highlights

  • Improved send results over notify
  • JS secrets detection moved to cfg
  • Fixes on inscope, resolvers, NOERROR subdomain discovery, web fuzzing, ripgen in Docker, ipcdn, MacOS installation,
  • HTTP Request Smuggling check
  • Web cache poisoning check
  • Subfinder added

What's Changed

New Contributors

Full Changelog: https://github.com/six2dez/reconftw/compare/v2.4...v2.5

v2.4

1 year ago

Summary

  • New feature for companies' git repositories analysis inspired by insiders with enumerepo and trufflehog
  • Added inscope for scope filtering, optional
  • File size limit for permutations wordlist generation
  • Removed -subs flag for wayback and gau
  • urless replaces uro
  • Added NOERROR subdomain discovery, based on this
  • rush replaces interlace
  • Upgraded 3rd party supporters on Thanks section
  • Added gotator control flags on cfg
  • Added unimap as option on uncommon ports web probing
  • Multiple fixes

What's Changed

Full Changelog: https://github.com/six2dez/reconftw/compare/v2.3.2...v2.4