Hey guys, in this tutorial we will learn how we can do Footprinting, Scanning & Enumeration of any website. For to do this used to various tool or website but with the help of this tool we can do almost everything.
FinalRecon tool are hosted on Github page and made in python language. FinalRecon tool used to web reconnaissance such as scanning, enumeration and footprinting.
Read out the features of this tool by given below.
- Headers – check server, content-tye, xff and encoding.
- SSLinfo – check security of site.
- WHOIS – lookup information about the domain
- Crawl – fetching the web pages or link from website.
- Dns – check Dns A, AAA and more records.
- Sub – find the sub domain
- Trace – can be used in order for debugging purposes
- Dir – grab the hidden directory.
- Port Scan (PS) – find the open ports.
- Full Scan – contains all above scan
Kali Linux ( Tested on 2020.1 )
Lets get started 🙂 !!
FinalRecon tool are hosted on Github page so you need to download from there by using following commands.
git clone https://github.com/thewhiteh4t/FinalRecon.git
Go to the directory that is created after cloning.
This tool requires a few things which you can be complete by using following command.
pip3 install -r requirements.txt
Now you are ready to execute this tool. Just execute the given command.
Headers contains the additional information which is used to pass between clients and the server. With the help of this option you can obtain information such as :
- X-forword-for (XFF)
python3 finalrecon.py --headers http://testphp.vulnweb.com
You can check the serial number, version and SSL authority etc.
python3 finalrecon.py --sslinfo https://secnhack.in
WHOIS – Domain Footprinting
As you know that whenever person or organization register a new domian then the registration information becomes available for everyone. Hence whois is used to grab the information about the website.
python3 finalrecon.py --whois https://secnhack.in
Crawling – Spider Scan
Crawling is a program whose used to fetch the web pages or link from the websites. As you will know that this features are also available in burpsuite but as spider scan.
python3 finalrecon.py --crawl https://secnhack.in
After complete the crawling You can see the results in this directory in detail.
DNS Footprinting is the process to collecting information about DNS zone data, DNS records and much more.
python3 finalrecon.py --dns http://testphp.vulnweb.com/
The subdomain is part of another domain and if you want to grab all the subdomains of the website so you can use this feature.
python3 finalrecon.py --sub http://testphp.vulnweb.com/
Trace method can be used in order to debugging purposes and cause of this features attacker can trace the activity of that website.
python3 finalrecon.py --trace http://testphp.vulnweb.com
TCP Port Tracing
python3 finalrecon.py --trace http://testphp.vulnweb.com/ -m TCP
With the help of this features you can easily find the directory which is available on that server. If you are a CTF player then this feature can help you.
python3 finalrecon.py --dir http://testphp.vulnweb.com
PS ( Port Scan )
It has port scanning features that will automatically scan open ports and produce results without any effort.
python3 finalrecon.py --ps http://testphp.vulnweb.com
If you work for any organization or company and you have to enumerate the website and extract the vulnerability and give it the result as a file format then you can choose the full scan option because it perform all above scan and produce the result as file format.
python3 finalrecon.py --full http://testphp.vulnweb.com
After visiting on that directory you can see the results of all scans in file.
Happy Security and Hacking 🙂 !!
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.