Information Gatheringwebreconnaissancednssubdomainwhoiscrawlssl

FinalRecon

Fast and simple Python script for web reconnaissance that follows a modular structure and provides detailed information on various areas.

Description

FinalRecon is a comprehensive tool designed for all-in-one web reconnaissance, enabling users to gather extensive information about target websites efficiently. It automates multiple reconnaissance tasks in a single script, making it ideal for security professionals conducting initial assessments of web applications and domains.

Use cases include subdomain enumeration, DNS lookup, SSL certificate analysis, WHOIS queries, crawling, and header inspection, all of which help in mapping out the attack surface of a target. The modular structure allows for selective execution of specific modules or a full scan with the --full flag.

It is particularly useful in penetration testing workflows where quick and thorough web intel is needed before deeper exploitation attempts.

How It Works

FinalRecon operates as a Python script leveraging asynchronous libraries like python3-aiohttp and python3-aiodns for efficient, multi-threaded operations. It performs tasks such as HTTP requests for headers and crawling, DNS resolution via dnspython, subdomain brute-forcing, directory fuzzing with wordlists, WHOIS lookups, and SSL info extraction using cryptography tools. Threads are configurable for dir enum (-dt) and port scans (-pt), with options for timeouts, redirects, and SSL handling.

Installation

bash

sudo apt install finalrecon

Flags

--url URLTarget URL

--headersHeader Information

--sslinfoSSL Certificate Information

--whoisWhois Lookup

--crawlCrawl Target

--dnsDNS Enumeration

--subSub-Domain Enumeration

--dirDirectory Enumeration (inferred from -dt, -w)

--waybackWayback Machine lookup (mentioned)

--psPort Scan (inferred from -pt)

--fullFull reconnaissance scan

-nbHide Banner

-dt DTNumber of threads for directory enum [ Default : 30 ]

-pt PTNumber of threads for port scan [ Default : 50 ]

-T TRequest Timeout [ Default : 30.0 ]

-w WPath to Wordlist [ Default : wordlists/dirb_common.txt ]

-rAllow Redirect [ Default : False ]

-sToggle SSL Verification [ Default : True ]

-sp SPSpecify SSL Port [ Default : 443 ]

Examples

Show help message and usage options

finalrecon -h

Perform basic reconnaissance on the target URL

finalrecon --url https://example.com

Retrieve header information from the target

finalrecon --url https://example.com --headers

Get SSL certificate information

finalrecon --url https://example.com --sslinfo

Perform WHOIS lookup on the domain

finalrecon --url https://example.com --whois

Crawl the target website

finalrecon --url https://example.com --crawl

Enumerate DNS records

finalrecon --url https://example.com --dns

Enumerate sub-domains

finalrecon --url https://example.com --sub

Updated 2026-04-16kali.org ↗