Installation • Usage • Features • Disclaimer •
r3conwhale aims to develop a multifunctional recon chain for web applications, intelligently interpreting collected data, and optimizing performance and resource consumption through a concurrency-based approach.
r3conwhal3requires go >= 1.21.1+ to install and paths correctly set ($GOPATH, $GOROOT).
Run the following command to get the repo:
go install -v github.com/LiterallyEthical/r3conwhal3/cmd/r3conwhal3@latest
Run the following command to install dependencies
wget "https://raw.githubusercontent.com/LiterallyEthical/r3conwhal3/main/installer.sh"
chmod +x installer.sh
./installer.sh
OR
git clone https://github.com/LiterallyEthical/r3conwhal3
cd r3conwhal3/
chmod +x installer.sh
./installer.sh
- Pull the image
docker pull literallyethical/r3conwhal3
- Run the container
docker run -it -v </path/to/folder>:/app/results -p 8080:8080 --rm literallyethical/r3conwhal3 run -d <target-domain> -o /app/results
- Specify the OutputFolder to saving results for later and choose a target domain to enumerate. For detail information, please refer to the Docker documentation.
| ❗ Disclaimer |
|---|
| This project is in active development. Expect breaking changes with releases. |
- Download and configure CFG file
wget https://raw.githubusercontent.com/LiterallyEthical/r3conwhal3/main/cmd/r3conwhal3/docs/config.env
- The config.env file enables control over the entire execution of the automation chain.
- You can find the default configuration file on here.
- It is possible to set various scanning modes, tool options, personalized wordlists etc. You can find the detailed config options on wiki.
r3conwhal3 [run] [galery] options
| subcommand | Flag | Description |
|---|---|---|
| run | -A, --all | Perform all passive & active recon process |
| run | -a, --active | Perform active recon process (DNS bruteforce & DNS permutation) |
| run | -c, --config-dir | Path to directory which config.env exists (default "embedded") |
| run | -d, --domain | Target domain to enumerate |
| run | -o, --out-dir | Directory to keep all output (default "$HOME/r3conwhal3/results") |
| run | -p, --passive | Perform passive subdomain enumeration process |
| run | -w, --webops | Perform web operations |
| run | -v, --vulnscan | Perform vulnerability scanning |
| galery | -p, --path | Path to screenshots directory |
| run & galery | -h, --help | Show help menu |
| ❗ Disclaimer |
|---|
| See the wiki for running the r3conwhal3 with custom configuration. |
r3conwhal3 run -d <domain-name>
r3conwhal3 run -d <domain> [-c <path-to-config-dir>] [-outDir <path-to-out-dir>]
| ❗ Disclaimer |
|---|
| It is possible to see more running examples for r3conwhal3 on wiki. |
| ID | Tool | Role |
|---|---|---|
| 1 | subfinder | discovering subdomains |
| 2 | assetfinder | discovering more subdomains |
| 3 | amass | discovering more subdomains |
| 4 | subkill3r | discovering more subdomains (still under development) |
| ID | Tool | Role |
|---|---|---|
| 1 | puredns | subdomain resolving and bruteforcing |
| 2 | gotator | DNS permutations |
| ID | Tool | Role |
|---|---|---|
| 1 | httpx | filtering live domains from the gathered subdomains |
| 2 | gowitness | taking screenshots of filtered live domains |
| 3 | ffuf | directory discovery & fuzzing |
| ID | Tool | Role |
|---|---|---|
| 1 | subzy | subdomain takeover vulnerability checker |
Usage of this program for attacking targets without consent is illegal. It is the user's responsibility to obey all applicable laws. The developer assumes no liability and is not responsible for any misuse or damage caused by this program. Please use responsibly.