Skip to content


Asset Discovery & Reconnaissance

Manual Techniques


Recon Domains

Recon URLS

Multi purpose Recon Tools


dnsrecon -d -r #Using facebooks dns
dnsrecon -r -n #Using google dns

# Follow the installation instructions in the reconftw wiki to build the image
# -p    Passive - Perform only passive steps
# -n    OSINT - Performs an OSINT scan (no subdomain enumeration and attacks)
# -s    Subdomains - Perform only subdomain enumeration, web probing, subdomain takeovers
sudo docker run -it --rm  -v "${PWD}/reconftw.cfg":'/reconftw/reconftw.cfg'  -v "${PWD}/Recon/":'/reconftw/Recon/' <IMAGE_ID> -l /reconftw/Recon/domains.txt -spn -o /reconftw/Recon/output

python3 -k <key_word> -t 10 

python3.11 -d <DOMAIN> -b all