0x01‐Usage

Usage

r3conwhal3 [run] [galery] options

Options

subcommand	Flag	Description
run	-A, --all	Perform all passive & active recon process
run	-a, --active	Perform active recon process (DNS bruteforce & DNS permutation)
run	-c, --config-dir	Path to directory which config.env exists (default "embedded")
run	-d, --domain	Target domain to enumerate
run	-o, --out-dir	Directory to keep all output (default "$HOME/r3conwhal3/results")
run	-p, --passive	Perform passive subdomain enumeration process
run	-w, --webops	Perform web operations
run	-v, --vulnscan	Perform vulnerability scanning
galery	-p, --path	Path to screenshots directory
run & galery	-h, --help	Show help menu

Running locally

Running the scan with default(ALL) options

r3conwhal3 run -d <domain-name>

Running the scan with custom options

r3conwhal3 run  -d <domain> [-c <path-to-config-dir>] [-outDir <path-to-out-dir>]

Running only passive scan

r3conwhal3 run  -p -d <domain>

Running only active scan

r3conwhal3 run  -a -d <domain>

Running passive scan & web_ops

r3conwhal3 run  -pw -d <domain>

Running active scan & web_ops

r3conwhal3 run  -aw -d <domain>

Running passive scan & vuln_scan

r3conwhal3 run  -pv -d <domain>

Running active scan & vuln_scan

r3conwhal3 run  -av -d <domain>

Starting r3conwhal3 web galery for inspecting previous scan results

r3conwhal3 galery -p <path-to-screenshot-directory>

❗ Disclaimer
You can find previously gathered screenshots on $OUTDIR//screenshots(defaultOUTDIR:"$HOME/user/r3conwhal3/results").

Running The Docker Container 🐳

• Run the container

docker run -it -v </path/to/folder>:/app/results -p 8080:8080 --rm literallyethical/r3conwhal3 run -d <target-domain>  -o /app/results

• Specify the OutputFolder to saving results for later and choose a target domain to enumerate. For detail information, please refer to the Docker documentation.