FinalRecon: a simple and fast tool to gather information about web sites, works on Windows

FinalRecon is an open-source intelligence tool (OSINT), an all-in-one web intelligence software.

Features:

  • Displays HTTP response headers from a website
  • Whois
  • SSL certificate information
  • Site Crawler for Searching Directories and Files
  • Enumerating DNS Records
  • Enumeration of subdomains
  • Tracerouting
  • Search for hidden directories
  • Port scan

The program comes with several dictionaries for finding hidden folders and files. This tool is very fast and very easy to use. Of course, each of the program actions can be performed in a separate tool, but in this program these actions can be performed with one line of the command, and not ten.

Another advantage of FinalRecon, it works well on Windows, although it is not intended for this operating system.

How to install FinalRecon

How to install FinalRecon on Kali Linux

sudo apt install git python3-pip libpq-dev
git clone https://github.com/thewhiteh4t/FinalRecon
cd FinalRecon
sudo pip3 install -r requirements.txt
python3 ./finalrecon.py -h

How to install FinalRecon on Arch Linux

sudo pacman -S git python-pip
git clone https://github.com/thewhiteh4t/FinalRecon
cd FinalRecon
sudo pip3 install -r requirements.txt
python3 ./finalrecon.py -h

How to install FinalRecon on BlackArch

Run the following command:

sudo pacman -S finalrecon python-aiodns

How to install FinalRecon on Windows

Start by installing Python, to do this, go to the article “How to install Python and PIP on Windows”.

Then download and unzip the program files: https://github.com/thewhiteh4t/FinalRecon/archive/master.zip

Now open the command line: Win+x -> Windows PowerShell.

At the command prompt, go to the script folder using the cd command:

cd C:\Users\MiAl\Downloads\FinalRecon-master\

Install the dependencies:

pip install -r requirements.txt

Open finalrecon.py and delete the following lines from it (almost at the very top):

if os.geteuid() != 0:
    print('\n' + R + '[-]' + C + ' Please Run as Root!' + '\n')
    sys.exit()
else:
    pass

Let's check if everything is OK, for this launch the following command to display help:

python ./finalrecon.py -h

How to use FinalRecon on Linux

You must specify the option to select the desired action, as well as the site address. To perform all the actions at once, specify the --full option:

Launch Example:

python3 ./finalrecon.py --full SITE_ADDRESS

Information gathering example:

Files with the results of gathered information are stored in the dumps folder in the program directory. In BlackArch, files are saved in the /usr/share/finalrecon/dumps/ directory. These files contain additional information from the site crawler and found links:

To search for hidden files and folders, the tool uses the dictionary that comes with the program. Dictionaries are located in the wordlists folder, there are only three dictionaries:

  • dirb_big.txt
  • dirb_common.txt
  • dirb_small.txt

The default dictionary is dirb_common.txt. If you want to specify a large dictionary (dirb_big.txt), then this can be done with the -w option:

python3 ./finalrecon.py -w wordlists/dirb_big.txt --full SITE_ADDRESS

All FinalRecon options

Usage:

finalrecon.py [-h] [--headers] [--sslinfo] [--whois] [--crawl] [--dns]
                     [--sub] [--trace] [--dir] [--ps] [--full] [-t T] [-T T]
                     [-w W] [-r] [-s] [-d D] [-m M] [-p P] [-tt TT] [-o O]
                     url

Options:

positional arguments:
  url         Target URL

optional arguments:
  -h, --help  show this help message and exit
  --headers   Header Information
  --sslinfo   SSL Certificate Information
  --whois     Whois Lookup
  --crawl     Crawl Target
  --dns       DNS Enumeration
  --sub       Sub-Domain Enumeration
  --trace     Traceroute
  --dir       Directory Search
  --ps        Fast Port Scan
  --full      Full Recon

Extra Options:
  -t T        Number of Threads [ Default : 50 ]
  -T T        Request Timeout [ Default : 10.0 ]
  -w W        Path to Wordlist [ Default : wordlists/dirb_common.txt ]
  -r          Allow Redirect [ Default : False ]
  -s          Toggle SSL Verification [ Default : True ]
  -d D        Custom DNS Servers [ Default : 1.1.1.1 ]
  -m M        Traceroute Mode [ Default : UDP ] [ Available : TCP, ICMP ]
  -p P        Port for Traceroute [ Default : 80 / 33434 ]
  -tt TT      Traceroute Timeout [ Default : 1.0 ]
  -o O        Export Output [ Default : txt ] [ Available : xml, csv ]

How to run FinalRecon on Windows

At the command prompt, go to the program folder and run it as follows:

python ./finalrecon.py --full SITE ADDRESS

FinalRecon output example on Windows:

Most of the functions of FinalRecon work on Windows, but tracerouting does not work, and also at the very end the following error occurs:

FinalRecon online

If you do not want to install FinalRecon, then you can use the Free online OSINT tool for collecting data about sites based on FinalRecon: https://w-e-b.site/?act=finalrecon

It scans through the Tor network, so it takes longer.

FinalRecon troubleshooting

Protocol missing

If an error occurred while scanning:

[-] Protocol Missing, Include http:// or https://

This means you did not specify the protocol, that is, it is not enough to provide a domain, you have to provide protocol as well, for example, w-e-b.site (this is wrong), but a domain with the protocol https://w-e-b.site (this is correct):

AttributeError: module 'os' has no attribute 'geteuid'

If at startup you get an error:

Traceback (most recent call last):
  File "./finalrecon.py", line 15, in <module>
    if os.geteuid() != 0:
AttributeError: module 'os' has no attribute 'geteuid'

It means that you are running FinalRecon on Windows, but you have not edited the finalrecon.py file as described above in the instructions for installing FinalRecon on Windows.

Recommended for you:

2 Comments to FinalRecon: a simple and fast tool to gather information about web sites, works on Windows

  1. johndoe says:

    Hi Alex, got an error running on Kali:

    !] Starting DNS Enumeration…
    
    Traceback (most recent call last):
      File "./finalrecon.py", line 224, in <module>
        full_recon()
      File "./finalrecon.py", line 159, in full_recon
        dnsrec(domain, output, data)
      File "/root/misc/FinalRecon/modules/dns.py", line 19, in dnsrec
        pkt = q.send('8.8.8.8', 53, tcp='UDP')
      File "/usr/local/lib/python3.8/site-packages/dnslib/dns.py", line 365, in send
        sock.connect((dest,port))
    ConnectionRefusedError: [Errno 111] Connection refused
    
    • Alex says:

      Hello! I guess you use FinalRecon with torsocks. Right now FinalRecon is not fully compatible with Tor network. Some problems can be fixed, but some issues are impossible to fix due to Tor network limitations. Tor network allows only TCP traffic, it does not allow UDP, ICMP, TCP half-open.

      It is possible to run FinalRecon trough Tor like this:

      sudo proxychains4 finalrecon -m TCP -t 15 --full site.com

      but you will always have some issues.

Leave a Reply

Your email address will not be published. Required fields are marked *