Suggestions !!

[attacker34]

Hi @thewhiteh4t

Wow, Hats off to you... You really made it Super Quick tool with good results even better than now findomain as I used that one too.

I will suggest you to add:

1. Facebook Developers API for Subdomain Scan

   • Project Sonar(If Possible)

2. Spyse Subdomain Enum API

3. Add BruteX for Attacking on results of Port Scan Results but keep it as a different module so that user can choose whether to run it or not.

4. While Searching for Directories of main website(Which user Entered for search) should be passed through https://github.com/tomnomnom/waybackurls & https://github.com/attacker34/waybackSqliScanner
   As i got fewer results of directories with your current tool.

5. Each subdomain should be tested against these tools

https://github.com/MichaelStott/CRLF-Injection-Scanner https://github.com/ak1t4/open-redirect-scanner/

6. add ffuf for directory searching or dirble..

I hope these are the best Enhancements which you can do for next release of this Awesome Tool.

[thewhiteh4t]

Great! I will try and implement these in next update, my goal for APIs was to include ones which don't need an auth key, I can add others which require keys if they really add value to the tool

[attacker34]

Hi @thewhiteh4t Agree with you ... Yes, these services will surely add more value to this amazing tool, adding more results... You can ask the user to add "API Keys" instead of giving it your own API Keys (as findomain or other tools are doing). This Will surely become best ever Tool with these Enhancements.

One more thing to add here.. ffuf is amazing tool.. You can just feed the subdomains list to it against word list for Directory Bruteforcing.

Thanks again !!

[thewhiteh4t]

Yes that's a better way to implement it, please compare my implementation of directory searching with fuff, what is missing in my implementation? Also is fuff better than gobuster and lulzbuster?

[attacker34]

Hi @thewhiteh4t I am only suggesting ffuf due to its multiple features which you can see on their documentation & its specially good when we wanna directory bruteforce "list of domains".. On other hand, gobuster & lulzbuster can't work well with list of domains i think and they also not have multiple options to be tested against.

Sincerely,

[thewhiteh4t]

Alright, thanks a lot, I will look into it and will do some testing too!

[thewhiteh4t]

@attacker34 facebook developer api added, update to v1.0.4, you will see a new directory : conf inside it you will see keys.json add your auth token there and test :)

[thewhiteh4t]

https://github.com/thewhiteh4t/FinalRecon#configuration

[thewhiteh4t]

@attacker34 do you have pro api of spyse? with free version we cannot get more than 100 results,

{"error":{"code":"validation_error","message":"validation error","errors":[{"code":"max","location":"limit","message":"limit must be 100 or less"}]}}

if you have pro api, can you tell me how many subdomain results you are getting for google.com

[thewhiteh4t]

We are already getting a lot of subdomains from free sources and facebook api unlike spyse

[thewhiteh4t]

@attacker34 Wayback machine integrated in crawler and directory search module, pulls data from last 1 year, please update to v1.0.6

[attacker34]

Hi @thewhiteh4t that's great... Now, In order to get more Good results you can attach it with "fprobe" for displaying only alive links..

https://github.com/theblackturtle/fprobe

With ./waybackurls we get a ton of data which can include dead links.

./waybackurls example.com > output.txt | ./fprobe -c 200

[thewhiteh4t]

@attacker34 thanks! That will be very useful and it's easy to implement without even using fprobe or any other tool, will update soon

[attacker34]

Hi @thewhiteh4t Great.. But try to display the Content size of Response...

[thewhiteh4t]

Sure, I will test fprobe and analyse the ouput quality

[chestervdb]

Is it possible to include a secret finder (e,g, https://github.com/m4ll0k/SecretFinder) in the tool?

[thewhiteh4t]

@chestervdb this is a nice tool, currently finalrecon only looks for urls in javascripts, api keys etc would be really nice, i dont intend to add another tool in finalrecon but i can definitely implement it :+1: