FinalRecon v1.0.2 – OSINT Tool For All-In-One Web Reconnaissance

FinalRecon 1

FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease.

Features
FinalRecon provides detailed information such as :

  • Header Information
  • Whois
  • SSL Certificate Information
  • Crawler
  • DNS Enumeration
    • A, AAAA, ANY, CNAME, MX, NS, SOA, TXT Records
    • DMARC Records
  • Subdomain Enumeration
    • Data Sources
      • BuffOver
      • crt.sh
      • ThreatCrowd
      • AnubisDB
      • ThreatMiner
  • Traceroute
    • Protocols
      • UDP
      • TCP
      • ICMP
  • Directory Searching
  • Port Scan
    • Fast
    • Top 1000 Ports
    • Open Ports with Standard Services
  • Export
    • Formats
      • txt
      • xml
      • csv

Screenshots

Header Information

FinalRecon 7

WHOIS

FinalRecon 8

SSL Certificate Details

FinalRecon 9
Found Flag in SSL Certificate – Securinets CTF Quals 2019 – Hidden (200 Points)

Crawler

FinalRecon 10

DNS Enumeration

FinalRecon 11
HackTheBox OSINT Challenge

Subdomain Enumeration

FinalRecon 12

Traceroute

FinalRecon 13

Directory Searching

FinalRecon 14

Port Scan

FinalRecon 15

Tested on

  • Kali Linux 2019.1
  • BlackArch Linux

Installation

git clone https://github.com/thewhiteh4t/FinalRecon.git
cd FinalRecon
pip3 install -r requirements.txt

Usage

python3 finalrecon.py -h

usage: finalrecon.py [-h] [--headers] [--sslinfo] [--whois] [--crawl] [--dns] [--sub] [--trace] [--dir] [--ps]
[--full] [-t T] [-T T] [-w W] [-r] [-s] [-d D] [-m M] [-p P] [-tt TT] [-o O]
url

FinalRecon - OSINT Tool for All-In-One Web Recon | v1.0.2

positional arguments:
url Target URL

optional arguments:
-h, --help show this help message and exit
--headers Header Information
--sslinfo SSL Certificate Information
--whois Whois Lookup
--crawl Crawl Target
--dns DNS Enumeration
--sub Sub-Domain Enumeration
--trace Traceroute
--dir Directory Search
--ps Fast Port Scan
--full Full Recon

Extra Options:
-t T Number of Threads [ Default : 50 ]
-T T Request Timeout [ Default : 10.0 ]
-w W Path t o Wordlist [ Default : wordlists/dirb_common.txt ]
-r Allow Redirect [ Default : False ]
-s Toggle SSL Verification [ Default : True ]
-d D Custom DNS Servers [ Default : 1.1.1.1 ]
-m M Traceroute Mode [ Default : UDP ] [ Available : TCP, ICMP ]
-p P Port for Traceroute [ Default : 80 / 33434 ]
-tt TT Traceroute Timeout [ Default : 1.0 ]
-o O Export Output [ Default : txt ] [ Available : xml, csv ]
# Check headers

python3 finalrecon.py --headers <url>

# Check ssl Certificate

python3 finalrecon.py --sslinfo <url>

# Check whois Information

python3 finalrecon.py --whois <url>

# Crawl Target

python3 finalrecon.py --crawl <url>

# full scan

python3 finalrecon.py --full <url>

Demo

Download FinalRecon
Original Source