4. Docker

Docker usage

❗ Please read the Post Installation Guide to learn about the different config files, in order to get the best results.

❗ To avoid output files being owned by root on your host, consider configuring Docker Rootless OR Linux Namespaces

• Run the Docker daemon as a non-root user (Rootless mode)
• Isolate containers with a user namespace
• Use Linux user namespaces to fix permissions in docker volumes

1) Pull from DockerHub

• Pull the image

$ docker pull six2dez/reconftw:main

• Download the config file

$ wget https://raw.githubusercontent.com/six2dez/reconftw/main/reconftw.cfg

• Create an output folder

$ mkdir Recon

• Run the container

$ docker run -it --rm \
  -v "${PWD}/reconftw.cfg":'/reconftw/reconftw.cfg' \
  -v "${PWD}/Recon/":'/reconftw/Recon/' \
  six2dez/reconftw:main -d example.com -r

**You may modify the config file at any point before running the container to change the behaviour of the container. Please refer to the Post Installation Guide to learn more.

2) Build from repository

• Clone the Docker build files

$ mkdir reconftw
$ cd reconftw
$ git init -b main
$ git remote add origin https://github.com/six2dez/reconftw.git
$ git sparse-checkout set "Docker/"
$ git pull --depth=1 origin main

• Build the image

$ docker buildx build -t reconftw \
  --build-arg COLLAB_SERVER='XXXXXXX' \
  --build-arg XSS_SERVER='XXXXXXX' \
  --build-arg SHODAN_API_KEY='XXXXXXX' \
  --build-arg LANG='en_US.UTF-8' \
  --build-arg LANGUAGE='en_US' \
  Docker/.

• Run the image

docker run reconftw -d example.com -s

** These build args are not necessary & can be skipped - but that defeats the purpose of building your own image.

3) Build Axiom Controller Image

• ❗ Make sure that you can save an image of >18GB with your Cloud Provider.

• Create a directory on your host, e.g.

$ mkdir reconftw

• Add your config files as described in the docs here.

reconftw
├── amass_config.ini
├── github_tokens.txt
...

• Create a JSON file with your provider config, save it as personal.json.

{
  "do_key": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
  "region": "us-east",
  "provider": "linode",
  "default_size": "g6-standard-1",
  "appliance_name": "",
  "appliance_key": "",
  "appliance_url": "",
  "email": ""
}

**This example uses Linode as the provider. If you also use Linode then you need only add your API Key. if you use another provider then you'll need to figure out the region, provider, & default_size accordingly. Leave the rest empty.

• Modify the Dockerfile template below to add additional config files

# syntax=docker/dockerfile:1.4

FROM six2dez/reconftw:main

# You will find the destination paths for the config files in the docs
COPY amass_config.ini ${HOME}/.config/amass/config.ini
COPY github_tokens.txt ${HOME}/Tools/.github_tokens

COPY personal.json ${HOME}/.axiom/accounts/personal.json

RUN <<eot
###>> Regenerate SSH Keys <<###
# You REALLY do NOT want to use the default SSH keys in the base image
find /root/.ssh -type f -delete
ssh-keygen -b 2048 -t rsa -f /root/.ssh/axiom_rsa -q -N ""
cat /root/.ssh/axiom_rsa.pub > /root/.axiom/configs/authorized_keys

###>> Configure Axiom Provider <<###
axiom-account personal

###>> Configure Axiom Provisioner <<###
# This command exits with return code 1, so leave the '|| :' or the build will fail.
axiom-build reconftw || :
eot

**Do not add anything above the first line (# syntax=...), & do not change that line.

• Build your reconFTW

$ cd reconftw
$ docker buildx build -t reconftw -f Dockerfile .

At this point your have a Docker Image reconftw:latest on your local machine & an Axiom Image axiom-reconftw-xxxxxxxxxx with your Cloud Provider.

• Run the image

docker run reconftw -d example.com -s

Exposed Ports

Ports 85-90 can be exposed by passing the flag -p 85-90:85-90 to docker run command.

Thanks to this issue for the tip.