https://github.com/literallyethical/r3conwhal3
r3conwhale aims to develop a multifunctional recon chain for web applications, intelligently interpreting collected data, and optimizing performance and resource consumption through a concurrency-based approach.
https://github.com/literallyethical/r3conwhal3
automation-framework bug-bounty-tools bugbounty dns fuzzing osint pentest pentest-tool recon reconnaissance scanner security security-tools subdomain-enumeration subdomain-scanner
Last synced: 6 months ago
JSON representation
r3conwhale aims to develop a multifunctional recon chain for web applications, intelligently interpreting collected data, and optimizing performance and resource consumption through a concurrency-based approach.
- Host: GitHub
- URL: https://github.com/literallyethical/r3conwhal3
- Owner: LiterallyEthical
- License: mit
- Created: 2024-01-28T18:06:24.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-06-04T10:55:55.000Z (about 2 years ago)
- Last Synced: 2024-06-21T17:05:07.560Z (almost 2 years ago)
- Topics: automation-framework, bug-bounty-tools, bugbounty, dns, fuzzing, osint, pentest, pentest-tool, recon, reconnaissance, scanner, security, security-tools, subdomain-enumeration, subdomain-scanner
- Language: Go
- Homepage:
- Size: 2.87 MB
- Stars: 7
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
r3conwhal3
Installation •
Usage •
Features •
Disclaimer •
`r3conwhale` aims to develop a multifunctional recon chain for web applications, intelligently interpreting collected data, and optimizing performance and resource consumption through a concurrency-based approach.
## 💿 Installation
### UNIX/WSL
- `r3conwhal3` requires go >= 1.21.1+ to install and paths correctly set ($GOPATH, $GOROOT).
Run the following command to get the repo:
```
go install -v github.com/LiterallyEthical/r3conwhal3/cmd/r3conwhal3@latest
```
Run the following command to install dependencies
```
wget "https://raw.githubusercontent.com/LiterallyEthical/r3conwhal3/main/installer.sh"
chmod +x installer.sh
./installer.sh
```
OR
```
git clone https://github.com/LiterallyEthical/r3conwhal3
cd r3conwhal3/
chmod +x installer.sh
./installer.sh
```
### Docker Image 🐳
- Pull the image
```
docker pull literallyethical/r3conwhal3
```
- Run the container
```
docker run -it -v :/app/results -p 8080:8080 --rm literallyethical/r3conwhal3 run -d -o /app/results
```
- Specify the **OutputFolder** to saving results for later and choose a **target domain** to enumerate. For detail information, please refer to the [Docker](https://hub.docker.com/r/literallyethical/r3conwhal3) documentation.
| :exclamation: **Disclaimer** |
|:-------------------:|
| **This project is in active development**. Expect breaking changes with releases. |
## ⚙️ Config file
- Download and configure CFG file
```
wget https://raw.githubusercontent.com/LiterallyEthical/r3conwhal3/main/cmd/r3conwhal3/docs/config.env
```
- The **config.env** file enables control over the entire execution of the automation chain.
- You can find the default configuration file on [here](https://github.com/LiterallyEthical/r3conwhal3/blob/main/cmd/r3conwhal3/docs/config.env).
- It is possible to set various scanning modes, tool options, personalized wordlists etc. You can find the detailed config options on [wiki](https://github.com/LiterallyEthical/r3conwhal3/wiki/0x02%E2%80%90Configuration-File).
## Usage
```
r3conwhal3 [run] [galery] options
```
### Options
| subcommand | Flag | Description |
| :----------- | :--------------- | :---------------------------------------------------------------- |
| run | -A, --all | Perform all passive & active recon process |
| run | -a, --active | Perform active recon process (DNS bruteforce & DNS permutation) |
| run | -c, --config-dir | Path to directory which config.env exists (default "embedded") |
| run | -d, --domain | Target domain to enumerate |
| run | -o, --out-dir | Directory to keep all output (default "$HOME/r3conwhal3/results") |
| run | -p, --passive | Perform passive subdomain enumeration process |
| run | -w, --webops | Perform web operations |
| run | -v, --vulnscan | Perform vulnerability scanning |
| galery | -p, --path | Path to screenshots directory |
| run & galery | -h, --help | Show help menu |
| :exclamation: **Disclaimer** |
| :-------------------------------------------------------------------------------------------------------------------------------: |
| See the [**wiki**](https://github.com/LiterallyEthical/r3conwhal3/wiki) for running the **r3conwhal3** with custom configuration. |
### Example Usage
#### Running the scan with default options
```
r3conwhal3 run -d
```
#### Running the scan with custom options
```
r3conwhal3 run -d [-c ] [-outDir ]
```
| :exclamation: **Disclaimer** |
| :---------------------------------------------------------------------------------------------------------------------------------------------------: |
| It is possible to see more running examples for **r3conwhal3** on [**wiki**](https://github.com/LiterallyEthical/r3conwhal3/wiki/0x01%E2%80%90Usage). |
## Features
###
Passive Subdomain Enumeration
| ID | Tool | Role |
| :-: | :------------------------------------------------------------------------ | :---------------------------------------------------- |
| 1 | [subfinder](https://github.com/projectdiscovery/subfinder) | discovering subdomains |
| 2 | [assetfinder](https://github.com/tomnomnom/assetfinder) | discovering more subdomains |
| 3 | [amass](https://github.com/owasp-amass/amass) | discovering more subdomains |
| 4 | [subkill3r](https://github.com/LiterallyEthical/r3conwhal3/pkg/subkill3r) | discovering more subdomains (still under development) |
### Active Subdomain Enumeration
| ID | Tool | Role |
| :-: | :--------------------------------------------- | :----------------------------------- |
| 1 | [puredns](https://github.com/d3mondev/puredns) | subdomain resolving and bruteforcing |
| 2 | [gotator](https://github.com/Josue87/gotator) | DNS permutations |
### Web Operations
| ID | Tool | Role |
| :-: | :------------------------------------------------------------- | :-------------------------------------------------- |
| 1 | [httpx](https://github.com/projectdiscovery/httpx/tree/v1.3.7) | filtering live domains from the gathered subdomains |
| 2 | [gowitness](https://github.com/sensepost/gowitness) | taking screenshots of filtered live domains |
| 3 | [ffuf](https://github.com/ffuf/ffuf) | directory discovery & fuzzing |
### Vulnerability Scanning
| ID | Tool | Role |
| :-: | :------------------------------------------- | :--------------------------------------- |
| 1 | [subzy](https://github.com/PentestPad/subzy) | subdomain takeover vulnerability checker |
## Disclaimer
Usage of this program for attacking targets without consent is illegal. It is the user's responsibility to obey all applicable laws. The developer assumes no liability and is not responsible for any misuse or damage caused by this program. Please use responsibly.