jhaddix/reconftw.cfg

## reconftw.cfg
#################################################################
#			reconFTW config file			#
#################################################################

# General values
tools=~/Tools   # Path installed tools
SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path
profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile
reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version
generate_resolvers=false # Generate custom resolvers with dnsvalidator
update_resolvers=true # Fetch and rewrite resolvers from trickest/resolvers before DNS resolution
resolvers_url="https://raw.githubusercontent.com/six2dez/resolvers_reconftw/main/resolvers.txt"
resolvers_trusted_url="https://raw.githubusercontent.com/six2dez/resolvers_reconftw/main/resolvers_trusted.txt"
proxy_url="http://127.0.0.1:8080/" # Proxy url
install_golang=true # Set it to false if you already have Golang configured and ready
#dir_output=/custom/output/path

# Golang Vars (Comment or change on your own)
export GOROOT=/usr/local/go
export GOPATH=$HOME/go
export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH

# Tools config files
#NOTIFY_CONFIG=~/.config/notify/provider-config.yaml # No need to define
AMASS_CONFIG=~/.config/amass/config.ini
GITHUB_TOKENS=${tools}/.github_tokens
#CUSTOM_CONFIG=custom_config_path.txt # In case you use a custom config file, uncomment this line and set your files path

# APIs/TOKENS - Uncomment the lines you want removing the '#' at the beginning of the line
#SHODAN_API_KEY="XXXXXXXXXXXXX"
#WHOISXML_API="XXXXXXXXXX"
#XSS_SERVER="XXXXXXXXXXXXXXXXX"
#COLLAB_SERVER="XXXXXXXXXXXXXXXXX"
#slack_channel="XXXXXXXX"
#slack_auth="xoXX-XXX-XXX-XXX"

# File descriptors
DEBUG_STD="&>/dev/null" # Skips STD output on installer
DEBUG_ERROR="2>/dev/null" # Skips ERR output on installer

# Osint
OSINT=false # Enable or disable the whole OSINT module
GOOGLE_DORKS=false
GITHUB_DORKS=false
GITHUB_REPOS=false
METADATA=false # Fetch metadata from indexed office documents
EMAILS=false # Fetch emails from differents sites
DOMAIN_INFO=false # whois info
REVERSE_WHOIS=false # amass intel reverse whois info, takes some time
IP_INFO=false    # Reverse IP search, geolocation and whois
METAFINDER_LIMIT=20 # Max 250

# Subdomains
RUNAMASS=true
RUNSUBFINDER=true
SUBDOMAINS_GENERAL=true # Enable or disable the whole Subdomains module
SUBPASSIVE=true # Passive subdomains search
SUBCRT=true # crtsh search
SUBNOERROR=true # Check DNS NOERROR response and BF on them
SUBANALYTICS=true # Google Analytics search
SUBBRUTE=true # DNS bruteforcing
SUBSCRAPING=true # Subdomains extraction from web crawling
SUBPERMUTE=true # DNS permutations
SUBREGEXPERMUTE=true # Permutations by regex analysis
PERMUTATIONS_OPTION=gotator # The alternative is "ripgen" (faster, not deeper)
GOTATOR_FLAGS=" -depth 1 -numbers 3 -mindup -adv -md" # Flags for gotator
SUBTAKEOVER=false # Check subdomain takeovers, false by default cuz nuclei already check this
SUB_RECURSIVE_PASSIVE=false # Uses a lot of API keys queries
DEEP_RECURSIVE_PASSIVE=10 # Number of top subdomains for recursion
SUB_RECURSIVE_BRUTE=false # Needs big disk space and time to resolve
ZONETRANSFER=true # Check zone transfer
S3BUCKETS=true # Check S3 buckets misconfigs
REVERSE_IP=false # Check reverse IP subdomain search (set True if your target is CIDR/IP)
TLS_PORTS="21,22,25,80,110,135,143,261,271,324,443,448,465,563,614,631,636,664,684,695,832,853,854,990,993,989,992,994,995,1129,1131,1184,2083,2087,2089,2096,2221,2252,2376,2381,2478,2479,2482,2484,2679,2762,3077,3078,3183,3191,3220,3269,3306,3410,3424,3471,3496,3509,3529,3539,3535,3660,36611,3713,3747,3766,3864,3885,3995,3896,4031,4036,4062,4064,4081,4083,4116,4335,4336,4536,4590,4740,4843,4849,5443,5007,5061,5321,5349,5671,5783,5868,5986,5989,5990,6209,6251,6443,6513,6514,6619,6697,6771,7202,7443,7673,7674,7677,7775,8243,8443,8991,8989,9089,9295,9318,9443,9444,9614,9802,10161,10162,11751,12013,12109,14143,15002,16995,41230,16993,20003"
INSCOPE=false # Uses inscope tool to filter the scope, requires .scope file in reconftw folder

# Web detection
WEBPROBESIMPLE=true # Web probing on 80/443
WEBPROBEFULL=true # Web probing in a large port list
WEBSCREENSHOT=true # Webs screenshooting
VIRTUALHOSTS=false # Check virtualhosts by fuzzing HOST header
NMAP_WEBPROBE=true # If disabled it will run httpx directly over subdomains list, nmap before web probing is used to increase the speed and avoid repeated requests
UNCOMMON_PORTS_WEB="81,300,591,593,832,981,1010,1311,1099,2082,2095,2096,2480,3000,3001,3002,3003,3128,3333,4243,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7396,7474,8000,8001,8008,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8834,8880,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,11371,12443,15672,16080,17778,18091,18092,20720,32000,55440,55672"
# You can change to aquatone if gowitness fails, comment the one you don't want
AXIOM_SCREENSHOT_MODULE=webscreenshot # Choose between aquatone,gowitness,webscreenshot

# Host
FAVICON=true # Check Favicon domain discovery
PORTSCANNER=true # Enable or disable the whole Port scanner module
PORTSCAN_PASSIVE=true # Port scanner with Shodan
PORTSCAN_ACTIVE=true # Port scanner with nmap
CDN_IP=true # Check which IPs belongs to CDN

# Web analysis
WAF_DETECTION=false # Detect WAFs
NUCLEICHECK=true # Enable or disable nuclei
NUCLEI_SEVERITY="info,low,medium,high,critical" # Set templates criticity
NUCLEI_FLAGS=" -silent -t $HOME/nuclei-templates/ -retries 2" # Additional nuclei extra flags, don't set the severity here but the exclusions like " -etags openssh"
#NUCLEI_FLAGS_JS=" -silent -tags exposure,token -severity info,low,medium,high,critical" # Additional nuclei extra flags for js secrets
URL_CHECK=true # Enable or disable URL collection
URL_CHECK_PASSIVE=true # Search for urls, passive methods from Archive, OTX, CommonCrawl, etc
URL_CHECK_ACTIVE=true # Search for urls by crawling the websites
URL_GF=true # Url patterns classification
URL_EXT=true # Returns a list of files divided by extension
JSCHECKS=true # JS analysis
FUZZ=true # Web fuzzing
CMS_SCANNER=true # CMS scanner
WORDLIST=false # Wordlist generation
ROBOTSWORDLIST=true # Check historic disallow entries on waybackMachine
PASSWORD_DICT=false # Generate password dictionary
PASSWORD_MIN_LENGTH=5 # Min password lenght
PASSWORD_MAX_LENGTH=14 # Max password lenght

# Vulns
VULNS_GENERAL=true # Enable or disable the vulnerability module (very intrusive and slow)
XSS=true # Check for xss with dalfox
CORS=true # CORS misconfigs
TEST_SSL=true # SSL misconfigs
OPEN_REDIRECT=true # Check open redirects
SSRF_CHECKS=true # SSRF checks
CRLF_CHECKS=true # CRLF checks
LFI=true # LFI by fuzzing
SSTI=true # SSTI by fuzzing
SQLI=true # Check SQLI with sqlmap
BROKENLINKS=true # Check for brokenlinks
SPRAY=true # Performs password spraying
COMM_INJ=true # Check for command injections with commix
PROTO_POLLUTION=true # Check for prototype pollution flaws
SMUGGLING=true # Check for HTTP request smuggling flaws
WEBCACHE=true # Check for HTTP request smuggling flaws

# Extra features
NOTIFICATION=false # Notification for every function
SOFT_NOTIFICATION=false # Only for start/end
DEEP=false # DEEP mode, really slow and don't care about the number of results
DEEP_LIMIT=500 # First limit to not run unless you run DEEP
DEEP_LIMIT2=1500 # Second limit to not run unless you run DEEP
DIFF=false # Diff function, run every module over an already scanned target, printing only new findings (but save everything)
REMOVETMP=false # Delete temporary files after execution (to free up space)
REMOVELOG=false # Delete logs after execution
PROXY=false # Send to proxy the websites found
SENDZIPNOTIFY=false # Send to zip the results (over notify)
PRESERVE=true      # set to true to avoid deleting the .called_fn files on really large scans
FFUF_FLAGS=" -mc all -fc 404 -ac -sf" # Ffuf flags
HTTPX_FLAGS=" -follow-redirects -random-agent -status-code -silent -title -web-server -tech-detect -location" # Httpx flags for simple web probing

# HTTP options
HEADER="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" # Default header

# Threads
FFUF_THREADS=40
HTTPX_THREADS=50
HTTPX_UNCOMMONPORTS_THREADS=100
GOSPIDER_THREADS=20
BRUTESPRAY_THREADS=20
BRUTESPRAY_CONCURRENCE=10
GAU_THREADS=10
DNSTAKE_THREADS=100
DALFOX_THREADS=200
PUREDNS_PUBLIC_LIMIT=0 # Set between 2000 - 10000 if your router blows up, 0 means unlimited
PUREDNS_TRUSTED_LIMIT=400
PUREDNS_WILDCARDTEST_LIMIT=30
PUREDNS_WILDCARDBATCH_LIMIT=1500000
WEBSCREENSHOT_THREADS=200
GOWITNESS_THREADS=8
RESOLVE_DOMAINS_THREADS=150
PPFUZZ_THREADS=30
DNSVALIDATOR_THREADS=200
INTERLACE_THREADS=10
TLSX_THREADS=1000
XNLINKFINDER_DEPTH=3

# Rate limits
HTTPX_RATELIMIT=150
NUCLEI_RATELIMIT=150
FFUF_RATELIMIT=0

# Timeouts
AMASS_INTEL_TIMEOUT=15          # Minutes
AMASS_ENUM_TIMEOUT=180          # Minutes
CMSSCAN_TIMEOUT=3600            # Seconds
FFUF_MAXTIME=900                # Seconds
HTTPX_TIMEOUT=10                # Seconds
HTTPX_UNCOMMONPORTS_TIMEOUT=10  # Seconds
PERMUTATIONS_LIMIT=21474836480  # Bytes, default is 20 GB

# lists
fuzz_wordlist=${tools}/fuzz_wordlist.txt
lfi_wordlist=${tools}/lfi_wordlist.txt
ssti_wordlist=${tools}/ssti_wordlist.txt
subs_wordlist=${tools}/subdomains.txt
subs_wordlist_big=${tools}/subdomains_big.txt
resolvers=${tools}/resolvers.txt
resolvers_trusted=${tools}/resolvers_trusted.txt

# Axiom Fleet
# Will not start a new fleet if one exist w/ same name and size (or larger)
# AXIOM=false Uncomment only to overwrite command line flags
AXIOM_FLEET_LAUNCH=true # Enable or disable spin up a new fleet, if false it will use the current fleet with the AXIOM_FLEET_NAME prefix
AXIOM_FLEET_NAME="reconFTW" # Fleet's prefix name
AXIOM_FLEET_COUNT=5 # Fleet's number
AXIOM_FLEET_REGIONS="eu-central" # Fleet's region
AXIOM_FLEET_SHUTDOWN=true # # Enable or disable delete the fleet after the execution
# This is a script on your reconftw host that might prep things your way...
#AXIOM_POST_START="~/Tools/axiom_config.sh" # Useful  to send your config files to the fleet
AXIOM_EXTRA_ARGS="" # Leave empty if you don't want to add extra arguments
#AXIOM_EXTRA_ARGS=" --rm-logs" # Example

# BBRF
BBRF_CONNECTION=false
BBRF_SERVER=https://demo.bbrf.me/bbrf
BBRF_USERNAME="user"
BBRF_PASSWORD="password"

# TERM COLORS
bred='\033[1;31m'
bblue='\033[1;34m'
bgreen='\033[1;32m'
byellow='\033[1;33m'
red='\033[0;31m'
blue='\033[0;34m'
green='\033[0;32m'
yellow='\033[0;33m'
reset='\033[0m'
	#################################################################
	# reconFTW config file #
	#################################################################

	# General values
	tools=~/Tools # Path installed tools
	SCRIPTPATH="$( cd "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" # Get current script's path
	profile_shell=".$(basename $(echo $SHELL))rc" # Get current shell profile
	reconftw_version=$(git rev-parse --abbrev-ref HEAD)-$(git describe --tags) # Fetch current reconftw version
	generate_resolvers=false # Generate custom resolvers with dnsvalidator
	update_resolvers=true # Fetch and rewrite resolvers from trickest/resolvers before DNS resolution
	resolvers_url="https://raw.githubusercontent.com/six2dez/resolvers_reconftw/main/resolvers.txt"
	resolvers_trusted_url="https://raw.githubusercontent.com/six2dez/resolvers_reconftw/main/resolvers_trusted.txt"
	proxy_url="http://127.0.0.1:8080/" # Proxy url
	install_golang=true # Set it to false if you already have Golang configured and ready
	#dir_output=/custom/output/path

	# Golang Vars (Comment or change on your own)
	export GOROOT=/usr/local/go
	export GOPATH=$HOME/go
	export PATH=$GOPATH/bin:$GOROOT/bin:$HOME/.local/bin:$PATH

	# Tools config files
	#NOTIFY_CONFIG=~/.config/notify/provider-config.yaml # No need to define
	AMASS_CONFIG=~/.config/amass/config.ini
	GITHUB_TOKENS=${tools}/.github_tokens
	#CUSTOM_CONFIG=custom_config_path.txt # In case you use a custom config file, uncomment this line and set your files path

	# APIs/TOKENS - Uncomment the lines you want removing the '#' at the beginning of the line
	#SHODAN_API_KEY="XXXXXXXXXXXXX"
	#WHOISXML_API="XXXXXXXXXX"
	#XSS_SERVER="XXXXXXXXXXXXXXXXX"
	#COLLAB_SERVER="XXXXXXXXXXXXXXXXX"
	#slack_channel="XXXXXXXX"
	#slack_auth="xoXX-XXX-XXX-XXX"

	# File descriptors
	DEBUG_STD="&>/dev/null" # Skips STD output on installer
	DEBUG_ERROR="2>/dev/null" # Skips ERR output on installer

	# Osint
	OSINT=false # Enable or disable the whole OSINT module
	GOOGLE_DORKS=false
	GITHUB_DORKS=false
	GITHUB_REPOS=false
	METADATA=false # Fetch metadata from indexed office documents
	EMAILS=false # Fetch emails from differents sites
	DOMAIN_INFO=false # whois info
	REVERSE_WHOIS=false # amass intel reverse whois info, takes some time
	IP_INFO=false # Reverse IP search, geolocation and whois
	METAFINDER_LIMIT=20 # Max 250

	# Subdomains
	RUNAMASS=true
	RUNSUBFINDER=true
	SUBDOMAINS_GENERAL=true # Enable or disable the whole Subdomains module
	SUBPASSIVE=true # Passive subdomains search
	SUBCRT=true # crtsh search
	SUBNOERROR=true # Check DNS NOERROR response and BF on them
	SUBANALYTICS=true # Google Analytics search
	SUBBRUTE=true # DNS bruteforcing
	SUBSCRAPING=true # Subdomains extraction from web crawling
	SUBPERMUTE=true # DNS permutations
	SUBREGEXPERMUTE=true # Permutations by regex analysis
	PERMUTATIONS_OPTION=gotator # The alternative is "ripgen" (faster, not deeper)
	GOTATOR_FLAGS=" -depth 1 -numbers 3 -mindup -adv -md" # Flags for gotator
	SUBTAKEOVER=false # Check subdomain takeovers, false by default cuz nuclei already check this
	SUB_RECURSIVE_PASSIVE=false # Uses a lot of API keys queries
	DEEP_RECURSIVE_PASSIVE=10 # Number of top subdomains for recursion
	SUB_RECURSIVE_BRUTE=false # Needs big disk space and time to resolve
	ZONETRANSFER=true # Check zone transfer
	S3BUCKETS=true # Check S3 buckets misconfigs
	REVERSE_IP=false # Check reverse IP subdomain search (set True if your target is CIDR/IP)
	TLS_PORTS="21,22,25,80,110,135,143,261,271,324,443,448,465,563,614,631,636,664,684,695,832,853,854,990,993,989,992,994,995,1129,1131,1184,2083,2087,2089,2096,2221,2252,2376,2381,2478,2479,2482,2484,2679,2762,3077,3078,3183,3191,3220,3269,3306,3410,3424,3471,3496,3509,3529,3539,3535,3660,36611,3713,3747,3766,3864,3885,3995,3896,4031,4036,4062,4064,4081,4083,4116,4335,4336,4536,4590,4740,4843,4849,5443,5007,5061,5321,5349,5671,5783,5868,5986,5989,5990,6209,6251,6443,6513,6514,6619,6697,6771,7202,7443,7673,7674,7677,7775,8243,8443,8991,8989,9089,9295,9318,9443,9444,9614,9802,10161,10162,11751,12013,12109,14143,15002,16995,41230,16993,20003"
	INSCOPE=false # Uses inscope tool to filter the scope, requires .scope file in reconftw folder

	# Web detection
	WEBPROBESIMPLE=true # Web probing on 80/443
	WEBPROBEFULL=true # Web probing in a large port list
	WEBSCREENSHOT=true # Webs screenshooting
	VIRTUALHOSTS=false # Check virtualhosts by fuzzing HOST header
	NMAP_WEBPROBE=true # If disabled it will run httpx directly over subdomains list, nmap before web probing is used to increase the speed and avoid repeated requests
	UNCOMMON_PORTS_WEB="81,300,591,593,832,981,1010,1311,1099,2082,2095,2096,2480,3000,3001,3002,3003,3128,3333,4243,4567,4711,4712,4993,5000,5104,5108,5280,5281,5601,5800,6543,7000,7001,7396,7474,8000,8001,8008,8014,8042,8060,8069,8080,8081,8083,8088,8090,8091,8095,8118,8123,8172,8181,8222,8243,8280,8281,8333,8337,8443,8500,8834,8880,8888,8983,9000,9001,9043,9060,9080,9090,9091,9092,9200,9443,9502,9800,9981,10000,10250,11371,12443,15672,16080,17778,18091,18092,20720,32000,55440,55672"
	# You can change to aquatone if gowitness fails, comment the one you don't want
	AXIOM_SCREENSHOT_MODULE=webscreenshot # Choose between aquatone,gowitness,webscreenshot

	# Host
	FAVICON=true # Check Favicon domain discovery
	PORTSCANNER=true # Enable or disable the whole Port scanner module
	PORTSCAN_PASSIVE=true # Port scanner with Shodan
	PORTSCAN_ACTIVE=true # Port scanner with nmap
	CDN_IP=true # Check which IPs belongs to CDN

	# Web analysis
	WAF_DETECTION=false # Detect WAFs
	NUCLEICHECK=true # Enable or disable nuclei
	NUCLEI_SEVERITY="info,low,medium,high,critical" # Set templates criticity
	NUCLEI_FLAGS=" -silent -t $HOME/nuclei-templates/ -retries 2" # Additional nuclei extra flags, don't set the severity here but the exclusions like " -etags openssh"
	#NUCLEI_FLAGS_JS=" -silent -tags exposure,token -severity info,low,medium,high,critical" # Additional nuclei extra flags for js secrets
	URL_CHECK=true # Enable or disable URL collection
	URL_CHECK_PASSIVE=true # Search for urls, passive methods from Archive, OTX, CommonCrawl, etc
	URL_CHECK_ACTIVE=true # Search for urls by crawling the websites
	URL_GF=true # Url patterns classification
	URL_EXT=true # Returns a list of files divided by extension
	JSCHECKS=true # JS analysis
	FUZZ=true # Web fuzzing
	CMS_SCANNER=true # CMS scanner
	WORDLIST=false # Wordlist generation
	ROBOTSWORDLIST=true # Check historic disallow entries on waybackMachine
	PASSWORD_DICT=false # Generate password dictionary
	PASSWORD_MIN_LENGTH=5 # Min password lenght
	PASSWORD_MAX_LENGTH=14 # Max password lenght

	# Vulns
	VULNS_GENERAL=true # Enable or disable the vulnerability module (very intrusive and slow)
	XSS=true # Check for xss with dalfox
	CORS=true # CORS misconfigs
	TEST_SSL=true # SSL misconfigs
	OPEN_REDIRECT=true # Check open redirects
	SSRF_CHECKS=true # SSRF checks
	CRLF_CHECKS=true # CRLF checks
	LFI=true # LFI by fuzzing
	SSTI=true # SSTI by fuzzing
	SQLI=true # Check SQLI with sqlmap
	BROKENLINKS=true # Check for brokenlinks
	SPRAY=true # Performs password spraying
	COMM_INJ=true # Check for command injections with commix
	PROTO_POLLUTION=true # Check for prototype pollution flaws
	SMUGGLING=true # Check for HTTP request smuggling flaws
	WEBCACHE=true # Check for HTTP request smuggling flaws

	# Extra features
	NOTIFICATION=false # Notification for every function
	SOFT_NOTIFICATION=false # Only for start/end
	DEEP=false # DEEP mode, really slow and don't care about the number of results
	DEEP_LIMIT=500 # First limit to not run unless you run DEEP
	DEEP_LIMIT2=1500 # Second limit to not run unless you run DEEP
	DIFF=false # Diff function, run every module over an already scanned target, printing only new findings (but save everything)
	REMOVETMP=false # Delete temporary files after execution (to free up space)
	REMOVELOG=false # Delete logs after execution
	PROXY=false # Send to proxy the websites found
	SENDZIPNOTIFY=false # Send to zip the results (over notify)
	PRESERVE=true # set to true to avoid deleting the .called_fn files on really large scans
	FFUF_FLAGS=" -mc all -fc 404 -ac -sf" # Ffuf flags
	HTTPX_FLAGS=" -follow-redirects -random-agent -status-code -silent -title -web-server -tech-detect -location" # Httpx flags for simple web probing

	# HTTP options
	HEADER="User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0" # Default header

	# Threads
	FFUF_THREADS=40
	HTTPX_THREADS=50
	HTTPX_UNCOMMONPORTS_THREADS=100
	GOSPIDER_THREADS=20
	BRUTESPRAY_THREADS=20
	BRUTESPRAY_CONCURRENCE=10
	GAU_THREADS=10
	DNSTAKE_THREADS=100
	DALFOX_THREADS=200
	PUREDNS_PUBLIC_LIMIT=0 # Set between 2000 - 10000 if your router blows up, 0 means unlimited
	PUREDNS_TRUSTED_LIMIT=400
	PUREDNS_WILDCARDTEST_LIMIT=30
	PUREDNS_WILDCARDBATCH_LIMIT=1500000
	WEBSCREENSHOT_THREADS=200
	GOWITNESS_THREADS=8
	RESOLVE_DOMAINS_THREADS=150
	PPFUZZ_THREADS=30
	DNSVALIDATOR_THREADS=200
	INTERLACE_THREADS=10
	TLSX_THREADS=1000
	XNLINKFINDER_DEPTH=3

	# Rate limits
	HTTPX_RATELIMIT=150
	NUCLEI_RATELIMIT=150
	FFUF_RATELIMIT=0

	# Timeouts
	AMASS_INTEL_TIMEOUT=15 # Minutes
	AMASS_ENUM_TIMEOUT=180 # Minutes
	CMSSCAN_TIMEOUT=3600 # Seconds
	FFUF_MAXTIME=900 # Seconds
	HTTPX_TIMEOUT=10 # Seconds
	HTTPX_UNCOMMONPORTS_TIMEOUT=10 # Seconds
	PERMUTATIONS_LIMIT=21474836480 # Bytes, default is 20 GB

	# lists
	fuzz_wordlist=${tools}/fuzz_wordlist.txt
	lfi_wordlist=${tools}/lfi_wordlist.txt
	ssti_wordlist=${tools}/ssti_wordlist.txt
	subs_wordlist=${tools}/subdomains.txt
	subs_wordlist_big=${tools}/subdomains_big.txt
	resolvers=${tools}/resolvers.txt
	resolvers_trusted=${tools}/resolvers_trusted.txt

	# Axiom Fleet
	# Will not start a new fleet if one exist w/ same name and size (or larger)
	# AXIOM=false Uncomment only to overwrite command line flags
	AXIOM_FLEET_LAUNCH=true # Enable or disable spin up a new fleet, if false it will use the current fleet with the AXIOM_FLEET_NAME prefix
	AXIOM_FLEET_NAME="reconFTW" # Fleet's prefix name
	AXIOM_FLEET_COUNT=5 # Fleet's number
	AXIOM_FLEET_REGIONS="eu-central" # Fleet's region
	AXIOM_FLEET_SHUTDOWN=true # # Enable or disable delete the fleet after the execution
	# This is a script on your reconftw host that might prep things your way...
	#AXIOM_POST_START="~/Tools/axiom_config.sh" # Useful to send your config files to the fleet
	AXIOM_EXTRA_ARGS="" # Leave empty if you don't want to add extra arguments
	#AXIOM_EXTRA_ARGS=" --rm-logs" # Example

	# BBRF
	BBRF_CONNECTION=false
	BBRF_SERVER=https://demo.bbrf.me/bbrf
	BBRF_USERNAME="user"
	BBRF_PASSWORD="password"

	# TERM COLORS
	bred='\033[1;31m'
	bblue='\033[1;34m'
	bgreen='\033[1;32m'
	byellow='\033[1;33m'
	red='\033[0;31m'
	blue='\033[0;34m'
	green='\033[0;32m'
	yellow='\033[0;33m'
	reset='\033[0m'