r3conwhal3
Installation •
Usage •
Features •
Disclaimer •
r3conwhale aims to develop a multifunctional recon chain for web applications, intelligently interpreting collected data, and optimizing performance and resource consumption through a concurrency-based approach.
💿 Installation
UNIX/WSL
r3conwhal3 requires go >= 1.21.1+ to install and paths correctly set ($GOPATH, $GOROOT).
Run the following command to get the repo:
go install -v github.com/LiterallyEthical/r3conwhal3/cmd/r3conwhal3@latest
Run the following command to install dependencies
wget "https://raw.githubusercontent.com/LiterallyEthical/r3conwhal3/main/installer.sh"
chmod +x installer.sh
./installer.sh
OR
git clone https://github.com/LiterallyEthical/r3conwhal3
cd r3conwhal3/
chmod +x installer.sh
./installer.sh
Docker Image 🐳
docker pull literallyethical/r3conwhal3
docker run -it -v </path/to/folder>:/app/results -p 8080:8080 --rm literallyethical/r3conwhal3 run -d <target-domain> -o /app/results
- Specify the OutputFolder to saving results for later and choose a target domain to enumerate. For detail information, please refer to the Docker documentation.
| :exclamation: Disclaimer |
|---|
| This project is in active development. Expect breaking changes with releases. |
⚙️ Config file
- Download and configure CFG file
wget https://raw.githubusercontent.com/LiterallyEthical/r3conwhal3/main/cmd/r3conwhal3/docs/config.env
- The config.env file enables control over the entire execution of the automation chain.
- You can find the default configuration file on here.
- It is possible to set various scanning modes, tool options, personalized wordlists etc. You can find the detailed config options on wiki.
Usage
r3conwhal3 [run] [galery] options
Options
| subcommand | Flag | Description |
|---|
| run | -A, --all | Perform all passive & active recon process |
| run | -a, --active | Perform active recon process (DNS bruteforce & DNS permutation) |
| run | -c, --config-dir | Path to directory which config.env exists (default "embedded") |
| run | -d, --domain | Target domain to enumerate |
| run | -o, --out-dir | Directory to keep all output (default "$HOME/r3conwhal3/results") |
| run | -p, --passive | Perform passive subdomain enumeration process |
| run | -w, --webops | Perform web operations |
| run | -v, --vulnscan | Perform vulnerability scanning |
| galery | -p, --path | Path to screenshots directory |
| run & galery | -h, --help | Show help menu |
| :exclamation: Disclaimer |
|---|
| See the wiki for running the r3conwhal3 with custom configuration. |
Example Usage
Running the scan with default options
r3conwhal3 run -d <domain-name>
Running the scan with custom options
r3conwhal3 run -d <domain> [-c <path-to-config-dir>] [-outDir <path-to-out-dir>]
| :exclamation: Disclaimer |
|---|
| It is possible to see more running examples for r3conwhal3 on wiki. |
Features
Passive Subdomain Enumeration
| ID | Tool | Role |
|---|
| 1 | subfinder | discovering subdomains |
| 2 | assetfinder | discovering more subdomains |
| 3 | amass | discovering more subdomains |
| 4 | subkill3r | discovering more subdomains (still under development) |
Active Subdomain Enumeration
| ID | Tool | Role |
|---|
| 1 | puredns | subdomain resolving and bruteforcing |
| 2 | gotator | DNS permutations |
Web Operations
| ID | Tool | Role |
|---|
| 1 | httpx | filtering live domains from the gathered subdomains |
| 2 | gowitness | taking screenshots of filtered live domains |
| 3 | ffuf | directory discovery & fuzzing |
Vulnerability Scanning
| ID | Tool | Role |
|---|
| 1 | subzy | subdomain takeover vulnerability checker |
Disclaimer
Usage of this program for attacking targets without consent is illegal. It is the user's responsibility to obey all applicable laws. The developer assumes no liability and is not responsible for any misuse or damage caused by this program. Please use responsibly.