Suggestions !! #8
Comments
|
Great! I will try and implement these in next update, my goal for APIs was to include ones which don't need an auth key, I can add others which require keys if they really add value to the tool |
|
Hi @thewhiteh4t Agree with you ... Yes, these services will surely add more value to this amazing tool, adding more results... You can ask the user to add "API Keys" instead of giving it your own API Keys (as findomain or other tools are doing). This Will surely become best ever Tool with these Enhancements. One more thing to add here.. ffuf is amazing tool.. You can just feed the subdomains list to it against word list for Directory Bruteforcing. Thanks again !! |
|
Yes that's a better way to implement it, please compare my implementation of directory searching with fuff, what is missing in my implementation? Also is fuff better than gobuster and lulzbuster? |
|
Hi @thewhiteh4t I am only suggesting ffuf due to its multiple features which you can see on their documentation & its specially good when we wanna directory bruteforce "list of domains".. Sincerely, |
|
Alright, thanks a lot, I will look into it and will do some testing too! |
|
@attacker34 facebook developer api added, update to v1.0.4, you will see a new directory : |
|
@attacker34 do you have pro api of spyse?
if you have pro api, can you tell me how many subdomain results you are getting for |
|
We are already getting a lot of subdomains from free sources and facebook api unlike spyse |
|
@attacker34 Wayback machine integrated in |
|
Hi @thewhiteh4t that's great... Now, In order to get more Good results you can attach it with "fprobe" for displaying only alive links.. With ./waybackurls we get a ton of data which can include dead links. |
|
@attacker34 thanks! That will be very useful and it's easy to implement without even using fprobe or any other tool, will update soon |
|
Hi @thewhiteh4t Great.. But try to display the Content size of Response... |
|
Sure, I will test fprobe and analyse the ouput quality |
|
Is it possible to include a secret finder (e,g, https://github.com/m4ll0k/SecretFinder) in the tool? |
|
@chestervdb this is a nice tool, currently finalrecon only looks for urls in javascripts, api keys etc would be really nice, i dont intend to add another tool in finalrecon but i can definitely implement it 👍 |
Hi @thewhiteh4t
Wow, Hats off to you... You really made it Super Quick tool with good results even better than now findomain as I used that one too.
I will suggest you to add:
Spyse Subdomain Enum API
Add BruteX for Attacking on results of Port Scan Results but keep it as a different module so that user can choose whether to run it or not.
While Searching for Directories of main website(Which user Entered for search) should be passed through https://github.com/tomnomnom/waybackurls & https://github.com/attacker34/waybackSqliScanner
As i got fewer results of directories with your current tool.
Each subdomain should be tested against these tools
https://github.com/MichaelStott/CRLF-Injection-Scanner
https://github.com/ak1t4/open-redirect-scanner/
I hope these are the best Enhancements which you can do for next release of this Awesome Tool.
The text was updated successfully, but these errors were encountered: