Closed burper00 closed 3 months ago
Nope, I think this is because of amass getting all the bandwith, set to false the option in the cfg file "REVERSE_WHOIS" and try again. https://github.com/six2dez/reconftw/blob/584352487e934b3a8aabe644f007873365d88bcb/reconftw.cfg#L53C1-L53C14
Thanks for answer <3 I try it but its again block my internet. Im pretty sure its about amass. I try on command console " amass enum -d example.com " it wont block my internet. Maybe its about amass command. What you do think?
Edit: Its happend in subdomain enumeration or bruteforce
Ok, for this case it's because of mass DNS resolution with puredns, check this line and change it accordingly
https://github.com/six2dez/reconftw/blob/584352487e934b3a8aabe644f007873365d88bcb/reconftw.cfg#L171
Here is my cfg file:
`#############################################
#############################################
tools=~/Tools # Path installed tools SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version generate_resolvers=false # Generate custom resolvers with dnsvalidator update_resolvers=true # Fetch and rewrite resolvers from trickest/resolvers before DNS resolution resolvers_url="https://raw.githubusercontent.com/trickest/resolvers/main/resolvers.txt" resolvers_trusted_url="https://raw.githubusercontent.com/six2dez/resolvers_reconftw/main/resolvers_trusted.txt" fuzzing_remote_list="https://raw.githubusercontent.com/six2dez/OneListForAll/main/onelistforallmicro.txt" # Used to send to axiom(if used) on fuzzing proxy_url="http://127.0.0.1:8080/" # Proxy url install_golang=true # Set it to false if you already have Golang configured and ready upgrade_tools=true upgrade_before_running=false # Upgrade tools before running
export GOROOT=/usr/local/go export GOPATH=$HOME/go export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH
AMASS_CONFIG=~/.config/amass/config.ini GITHUB_TOKENS=${tools}/.github_tokens GITLAB_TOKENS=${tools}/.gitlab_tokens
DEBUG_STD="&>/dev/null" # Skips STD output on installer DEBUG_ERROR="2>/dev/null" # Skips ERR output on installer
OSINT=true # Enable or disable the whole OSINT module GOOGLE_DORKS=false GITHUB_DORKS=false GITHUB_REPOS=false METADATA=true # Fetch metadata from indexed office documents EMAILS=true # Fetch emails from differents sites DOMAIN_INFO=true # whois info REVERSE_WHOIS=true # amass intel reverse whois info, takes some time IP_INFO=true # Reverse IP search, geolocation and whois API_LEAKS=true # Check for API leaks METAFINDER_LIMIT=20 # Max 250
RUNAMASS=true RUNSUBFINDER=true SUBDOMAINS_GENERAL=true # Enable or disable the whole Subdomains module SUBPASSIVE=true # Passive subdomains search SUBCRT=true # crtsh search CTR_LIMIT=999999 # Limit the number of results SUBNOERROR=false # Check DNS NOERROR response and BF on them SUBANALYTICS=true # Google Analytics search SUBBRUTE=true # DNS bruteforcing SUBSCRAPING=true # Subdomains extraction from web crawling SUBPERMUTE=true # DNS permutations SUBREGEXPERMUTE=true # Permutations by regex analysis PERMUTATIONS_OPTION=gotator # The alternative is "ripgen" (faster, not deeper) GOTATOR_FLAGS=" -depth 1 -numbers 3 -mindup -adv -md" # Flags for gotator SUBTAKEOVER=true # Check subdomain takeovers, false by default cuz nuclei already check this SUB_RECURSIVE_PASSIVE=false # Uses a lot of API keys queries DEEP_RECURSIVE_PASSIVE=10 # Number of top subdomains for recursion SUB_RECURSIVE_BRUTE=false # Needs big disk space and time to resolve ZONETRANSFER=true # Check zone transfer S3BUCKETS=true # Check S3 buckets misconfigs REVERSE_IP=false # Check reverse IP subdomain search (set True if your target is CIDR/IP) TLS_PORTS="21,22,25,80,110,135,143,261,271,324,443,448,465,563,614,631,636,664,684,695,832,853,854,990,993,989,992,994,995,1129,1131,1184,2083,2087,2089,2096,2221,2252,2376,2381,2478,2479,2482,2484,2679,2762,3077,3078,3183,3191,3220,3269,3306,3410,3424,3471,3496,3509,3529,3539,3535,3660,36611,3713,3747,3766,3864,3885,3995,3896,4031,4036,4062,4064,4081,4083,4116,4335,4336,4536,4590,4740,4843,4849,5443,5007,5061,5321,5349,5671,5783,5868,5986,5989,5990,6209,6251,6443,6513,6514,6619,6697,6771,7202,7443,7673,7674,7677,7775,8243,8443,8991,8989,9089,9295,9318,9443,9444,9614,9802,10161,10162,11751,12013,12109,14143,15002,16995,41230,16993,20003" INSCOPE=false # Uses inscope tool to filter the scope, requires .scope file in reconftw folder
WEBPROBESIMPLE=true # Web probing on 80/443 WEBPROBEFULL=true # Web probing in a large port list WEBSCREENSHOT=true # Webs screenshooting VIRTUALHOSTS=false # Check virtualhosts by fuzzing HOST header UNCOMMON_PORTS_WEB="81,300,591,593,832,981,1010,1311,1099,2082,2095,2096,2480,3000,3001,3002,3003,3128,3333,4243,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7396,7474,8000,8001,8008,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8834,8880,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,11371,12443,15672,16080,17778,18091,18092,20720,32000,55440,55672"
FAVICON=true # Check Favicon domain discovery PORTSCANNER=true # Enable or disable the whole Port scanner module GEO_INFO=true # Fetch Geolocalization info PORTSCAN_PASSIVE=true # Port scanner with Shodan PORTSCAN_ACTIVE=true # Port scanner with nmap PORTSCAN_ACTIVE_OPTIONS="--top-ports 200 -sV -n -Pn --open --max-retries 2 --script vulners" CDN_IP=true # Check which IPs belongs to CDN
WAF_DETECTION=true # Detect WAFs NUCLEICHECK=true # Enable or disable nuclei NUCLEI_TEMPLATES_PATH="$HOME/nuclei-templates" # Set nuclei templates path NUCLEI_SEVERITY="info,low,medium,high,critical" # Set templates criticity NUCLEI_FLAGS=" -silent -t ${NUCLEI_TEMPLATES_PATH}/ -retries 2" # Additional nuclei extra flags, don't set the severity here but the exclusions like " -etags openssh" NUCLEI_FLAGS_JS=" -silent -tags exposure,token -severity info,low,medium,high,critical" # Additional nuclei extra flags for js secrets URL_CHECK=true # Enable or disable URL collection URL_CHECK_PASSIVE=true # Search for urls, passive methods from Archive, OTX, CommonCrawl, etc URL_CHECK_ACTIVE=true # Search for urls by crawling the websites URL_GF=true # Url patterns classification URL_EXT=true # Returns a list of files divided by extension JSCHECKS=true # JS analysis FUZZ=true # Web fuzzing IIS_SHORTNAME=true CMS_SCANNER=true # CMS scanner WORDLIST=true # Wordlist generation ROBOTSWORDLIST=true # Check historic disallow entries on waybackMachine PASSWORD_DICT=true # Generate password dictionary PASSWORD_MIN_LENGTH=5 # Min password length PASSWORD_MAX_LENGTH=14 # Max password length
VULNS_GENERAL=false # Enable or disable the vulnerability module (very intrusive and slow) XSS=true # Check for xss with dalfox CORS=true # CORS misconfigs TEST_SSL=true # SSL misconfigs OPEN_REDIRECT=true # Check open redirects SSRF_CHECKS=true # SSRF checks CRLF_CHECKS=true # CRLF checks LFI=true # LFI by fuzzing SSTI=true # SSTI by fuzzing SQLI=true # Check SQLI SQLMAP=true # Check SQLI with sqlmap GHAURI=false # Check SQLI with ghauri BROKENLINKS=true # Check for brokenlinks SPRAY=true # Performs password spraying COMM_INJ=true # Check for command injections with commix PROTO_POLLUTION=true # Check for prototype pollution flaws SMUGGLING=true # Check for HTTP request smuggling flaws WEBCACHE=true # Check for Web Cache issues BYPASSER4XX=true # Check for 4XX bypasses FUZZPARAMS=true # Fuzz parameters values
NOTIFICATION=false # Notification for every function SOFT_NOTIFICATION=false # Only for start/end DEEP=false # DEEP mode, really slow and don't care about the number of results DEEP_LIMIT=500 # First limit to not run unless you run DEEP DEEP_LIMIT2=1500 # Second limit to not run unless you run DEEP DIFF=false # Diff function, run every module over an already scanned target, printing only new findings (but save everything) REMOVETMP=false # Delete temporary files after execution (to free up space) REMOVELOG=false # Delete logs after execution PROXY=false # Send to proxy the websites found SENDZIPNOTIFY=false # Send to zip the results (over notify) PRESERVE=true # set to true to avoid deleting the .called_fn files on really large scans FFUF_FLAGS=" -mc all -fc 404 -ach -sf -noninteractive -of json" # Ffuf flags HTTPX_FLAGS=" -follow-redirects -random-agent -status-code -silent -title -web-server -tech-detect -location -content-length" # Httpx flags for simple web probing
HEADER="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" # Default header
FFUF_THREADS=40 HTTPX_THREADS=50 HTTPX_UNCOMMONPORTS_THREADS=100 KATANA_THREADS=20 BRUTESPRAY_THREADS=20 BRUTESPRAY_CONCURRENCE=10 GAU_THREADS=10 DNSTAKE_THREADS=100 DALFOX_THREADS=200 PUREDNS_PUBLIC_LIMIT=2000 # Set between 2000 - 10000 if your router blows up, 0 means unlimited PUREDNS_TRUSTED_LIMIT=400 PUREDNS_WILDCARDTEST_LIMIT=30 PUREDNS_WILDCARDBATCH_LIMIT=1500000 RESOLVE_DOMAINS_THREADS=150 DNSVALIDATOR_THREADS=200 INTERLACE_THREADS=10 TLSX_THREADS=1000 XNLINKFINDER_DEPTH=3
HTTPX_RATELIMIT=150 NUCLEI_RATELIMIT=150 FFUF_RATELIMIT=0
AMASS_INTEL_TIMEOUT=15 # Minutes AMASS_ENUM_TIMEOUT=180 # Minutes CMSSCAN_TIMEOUT=3600 # Seconds FFUF_MAXTIME=900 # Seconds HTTPX_TIMEOUT=10 # Seconds HTTPX_UNCOMMONPORTS_TIMEOUT=10 # Seconds PERMUTATIONS_LIMIT=21474836480 # Bytes, default is 20 GB
fuzz_wordlist=${tools}/fuzz_wordlist.txt lfi_wordlist=${tools}/lfi_wordlist.txt ssti_wordlist=${tools}/ssti_wordlist.txt subs_wordlist=${tools}/subdomains.txt subs_wordlist_big=${tools}/subdomains_n0kovo_big.txt resolvers=${tools}/resolvers.txt resolvers_trusted=${tools}/resolvers_trusted.txt
AXIOM_FLEET_LAUNCH=true # Enable or disable spin up a new fleet, if false it will use the current fleet with the AXIOM_FLEET_NAME prefix AXIOM_FLEET_NAME="reconFTW" # Fleet's prefix name AXIOM_FLEET_COUNT=10 # Fleet's number AXIOM_FLEET_REGIONS="eu-central" # Fleet's region AXIOM_FLEET_SHUTDOWN=true # # Enable or disable delete the fleet after the execution
AXIOM_EXTRA_ARGS="" # Leave empty if you don't want to add extra arguments
bred='\033[1;31m' bblue='\033[1;34m' bgreen='\033[1;32m' byellow='\033[1;33m' red='\033[0;31m' blue='\033[0;34m' green='\033[0;32m' yellow='\033[0;33m' reset='\033[0m' `
I try it too but it isnt work. My internet disonnect when start to bruteforce enum. This reason is port scan or puredns maybe.
Then reduce even more the rate limit, this is not a reconftw issue but your network/router limitation
When I start scan 3-5 min after my connection is lost. and Its happend to my all wifi network, not only my virtual machine. I think maybe cdn servers or cloudflare ban to my ip maybe? I try it 3 websites too. Its always happend
my machine on virtualbox
Reconftw full updated
Kali linux 2024.01 fully updated