FinalRecon is actively developed script that can help you conduct basic web reconnaissance automatically. I like to automate some of my work and this script looks quite good to gather information about target. I know at least where to start and what could be interesting for me in the next steps.
FinalRecon is an automatic web reconnaissance tool written in python. Goal of FinalRecon is to provide an overview of the target in a short amount of time while maintaining the accuracy of results. Instead of executing several tools one after another it can provide similar results keeping dependencies small and simple.
Some of basic tools I use, I run from my VPS. Mainly tools that need more time to complete all tasks. I can run them as separate sessions on the server and come back for the results in a few hours or days. Thus, not blocking my computer or laptop at home. Virtual machines (e.g. Kali) may shut down and wait for more manual or demanding tasks.
Of course, you can simply run the FinalRecon script on any Linux, by installing it from GitHub. I know from experience that scripts and programs used by hackers and written for hackers are written with the intention of using them in a suitable environment, e.g. a distribution like Kali Linux, where most packages and libraries already exist and are delivered or available from distribution repositories. So not always everything works right away without the extra time spent fixing it. As always in Linux ;) also I do not want to clutter my server too much, so that then I do not waste time cleaning it and restoring it to a usable state.
Some time ago I was playing with Docker for a while. I went back to Docker for FinalRecon. The script is available as a container. So there is no need to waste any time. Below I will present how I run FinalRecon as a Docker container on my VPS server.
Docker is a platform for developers and sysadmins to build, run, and share applications with containers. The use of containers to deploy applications is called containerization. Containers are not new, but their use for easily deploying applications is.
Installation of Docker on my Debian VPS is pretty simple. Follow these steps on your VPS with Debian system.
Install all necessary dependencies:
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
Download and add Docker repo key:
curl -fsSL https://download.docker.com/linux/debian/gpg | sudo apt-key add -
Add Docker repository:
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian $(lsb_release -cs) stable"
sudo apt-get update
Finally install Docker:
sudo apt-get install docker-ce docker-ce-cli containerd.io
That’s all. All containers you can download and use are listed in official Docker Hub.
Download FinalRecon Docker container:
sudo docker pull thewhiteh4t/finalrecon
Now, on this simple container I will show you how to use Docker and how to navigate in Docker.
To run container with FinalRecon use command:
sudo docker run -it --entrypoint /bin/sh thewhiteh4t/finalrecon
-i keep STDIN open even if not attached
-t allocate a pseudo-tty
--entrypoint="" overwrite the default entrypoint set by the image
Additionally you may want to use:
--name provide own name for container (read more about name parameter)
-d detached mode, run container in the background, print new container id
So you are in container with FinalRecon, this is just bash with installed script. Type
ls command to list files in folder you are. As you can see it is just another bash dedicated just for FinalRecon. Cool right?
To exit container type
exit. You will get back to your VPS shell, and the container session will be terminated. Other useful commands below.
List Running Docker Containers
sudo docker ps
List Stopped Docker Containers
sudo docker ps -f "status=exited"
List All Docker Containers
sudo docker ps -a
Back to running docker container
sudo docker attach <container_ID>
If you want to leave the container but keep it running in the background use keyboard shortcuts:
Ctrl+p turn interactive mode to daemon mode.
Ctrl+q exit container.
sudo docker ps command to list your containers. The one with status
Up is the one you left running in background.
If container is stopped you can start it using command:
sudo docker start <container_ID or container_name>
To stop, type:
sudo docker stop <container_ID or container_name>
To remove stopped container from the list:
sudo docker rm <container_ID or container_name>
Remove all stopped containers:
sudo docker rm $(sudo docker ps -a -q)
-a show all containers (default shows just running)
-q only display numeric IDs
To copy files between container and local host use:
docker cp CONTAINER:SRC_PATH DEST_PATH|-
With these few commands you are pretty good Docker user :)
If you’re in container type:
finalrecon -h to see how to use tool.
usage: finalrecon.py [-h] [--headers] [--sslinfo] [--whois] [--crawl] [--dns] [--sub] [--trace] [--dir] [--ps] [--full] [-t T] [-T T] [-w W]
Everything is clear.
Run a test on your website using command:
python3 finalrecon.py --full https://example.com/
You can observe results during scanning and after it is done it will be saved in
If you want to copy file with results from container to your local machine use command:
sudo docker cp <Container_Name>:/root/finalrecon/dumps/example.com.txt /home/<USER>/
In my case with automatically generated name for container it will be:
sudo docker cp pensive_panini:/root/finalrecon/dumps/example.com.txt /home/hoek/
Yeah, that’s pretty much all you need to know in this topic.
Happy reconnaissance! Good luck with your findings and please do not test your knowledge on my server, it will die if you all guys start scanning it. Let it work for others who have a thirst for knowledge.