FinalRecon: a simple and fast tool to gather information about web sites, works on Windows
FinalRecon is an open-source intelligence tool (OSINT), an all-in-one web intelligence software.
- Displays HTTP response headers from a website
- SSL certificate information
- Site Crawler for Searching Directories and Files
- Enumerating DNS Records
- Enumeration of subdomains
- Search for hidden directories
- Port scan
The program comes with several dictionaries for finding hidden folders and files. This tool is very fast and very easy to use. Of course, each of the program actions can be performed in a separate tool, but in this program these actions can be performed with one line of the command, and not ten.
Another advantage of FinalRecon, it works well on Windows, although it is not intended for this operating system.
How to install FinalRecon
How to install FinalRecon on Kali Linux
sudo apt install git python3-pip libpq-dev git clone https://github.com/thewhiteh4t/FinalRecon cd FinalRecon sudo pip3 install -r requirements.txt python3 ./finalrecon.py -h
How to install FinalRecon on Arch Linux
sudo pacman -S git python-pip git clone https://github.com/thewhiteh4t/FinalRecon cd FinalRecon sudo pip3 install -r requirements.txt python3 ./finalrecon.py -h
How to install FinalRecon on BlackArch
Run the following command:
sudo pacman -S finalrecon python-aiodns
How to install FinalRecon on Windows
Start by installing Python, to do this, go to the article “How to install Python and PIP on Windows”.
Then download and unzip the program files: https://github.com/thewhiteh4t/FinalRecon/archive/master.zip
Now open the command line: Win+x -> Windows PowerShell.
At the command prompt, go to the script folder using the cd command:
Install the dependencies:
pip install -r requirements.txt
Open finalrecon.py and delete the following lines from it (almost at the very top):
if os.geteuid() != 0: print('\n' + R + '[-]' + C + ' Please Run as Root!' + '\n') sys.exit() else: pass
Let's check if everything is OK, for this launch the following command to display help:
python ./finalrecon.py -h
How to use FinalRecon on Linux
You must specify the option to select the desired action, as well as the site address. To perform all the actions at once, specify the --full option:
python3 ./finalrecon.py --full SITE_ADDRESS
Information gathering example:
Files with the results of gathered information are stored in the dumps folder in the program directory. In BlackArch, files are saved in the /usr/share/finalrecon/dumps/ directory. These files contain additional information from the site crawler and found links:
To search for hidden files and folders, the tool uses the dictionary that comes with the program. Dictionaries are located in the wordlists folder, there are only three dictionaries:
The default dictionary is dirb_common.txt. If you want to specify a large dictionary (dirb_big.txt), then this can be done with the -w option:
python3 ./finalrecon.py -w wordlists/dirb_big.txt --full SITE_ADDRESS
All FinalRecon options
finalrecon.py [-h] [--headers] [--sslinfo] [--whois] [--crawl] [--dns] [--sub] [--trace] [--dir] [--ps] [--full] [-t T] [-T T] [-w W] [-r] [-s] [-d D] [-m M] [-p P] [-tt TT] [-o O] url
positional arguments: url Target URL optional arguments: -h, --help show this help message and exit --headers Header Information --sslinfo SSL Certificate Information --whois Whois Lookup --crawl Crawl Target --dns DNS Enumeration --sub Sub-Domain Enumeration --trace Traceroute --dir Directory Search --ps Fast Port Scan --full Full Recon Extra Options: -t T Number of Threads [ Default : 50 ] -T T Request Timeout [ Default : 10.0 ] -w W Path to Wordlist [ Default : wordlists/dirb_common.txt ] -r Allow Redirect [ Default : False ] -s Toggle SSL Verification [ Default : True ] -d D Custom DNS Servers [ Default : 22.214.171.124 ] -m M Traceroute Mode [ Default : UDP ] [ Available : TCP, ICMP ] -p P Port for Traceroute [ Default : 80 / 33434 ] -tt TT Traceroute Timeout [ Default : 1.0 ] -o O Export Output [ Default : txt ] [ Available : xml, csv ]
How to run FinalRecon on Windows
At the command prompt, go to the program folder and run it as follows:
python ./finalrecon.py --full SITE ADDRESS
FinalRecon output example on Windows:
Most of the functions of FinalRecon work on Windows, but tracerouting does not work, and also at the very end the following error occurs:
If you do not want to install FinalRecon, then you can use the Free online OSINT tool for collecting data about sites based on FinalRecon: https://w-e-b.site/?act=finalrecon
It scans through the Tor network, so it takes longer.
If an error occurred while scanning:
[-] Protocol Missing, Include http:// or https://
This means you did not specify the protocol, that is, it is not enough to provide a domain, you have to provide protocol as well, for example, w-e-b.site (this is wrong), but a domain with the protocol https://w-e-b.site (this is correct):
AttributeError: module 'os' has no attribute 'geteuid'
If at startup you get an error:
Traceback (most recent call last): File "./finalrecon.py", line 15, in <module> if os.geteuid() != 0: AttributeError: module 'os' has no attribute 'geteuid'
It means that you are running FinalRecon on Windows, but you have not edited the finalrecon.py file as described above in the instructions for installing FinalRecon on Windows.
Last Updated on
- Perimeter analysis for website security audit (68.1%)
- The fastest subdomains enumeration and monitoring (also works on Windows!) (65.5%)
- How to discover subdomains without brute-force (62.9%)
- How to search subdomains and build graphs of network structure with Amass (61.2%)
- How to find out hostnames for many IP addresses (60.2%)
- 3WiFi: open database of Wi-Fi Access Points passwords (RANDOM - 23.1%)