ReconFlow/docker-compose.yml at main · 1amrahul/ReconFlow · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# ReconFlow Docker Compose Configuration
# For automated reconnaissance scanning

services:
  # Main ReconFlow Scanner
  reconflow:
    build:
      context: .
      dockerfile: Dockerfile
      pull_policy: build
    container_name: reconflow
    image: reconflow:latest
    # Privileged mode for raw socket access (masscan, nmap)
    privileged: true
    # Or use specific capabilities instead of privileged
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - SYS_NICE
      - SYS_RESOURCE
    # Network configuration
    network_mode: host
    # Mount volumes for persistence
    volumes:
      # Output directory for scan results
      - ./output:/app/output
      # Wordlists volume (optional)
      - ./wordlists:/wordlists:ro
      # Subfinder API keys (optional)
      - ./config/subfinder:/home/reconflow/.config/subfinder:ro
    # Environment variables
    environment:
      - HOME=/home/reconflow
      - GOPATH=/root/go
      - PATH=/usr/local/bin:/root/go/bin:${PATH}
      - DISPLAY=:99
      # Rate limiting
      - RF_RATE_LIMIT=100
      # Proxy settings (uncomment and configure if needed)
      # - HTTP_PROXY=http://proxy:8080
      # - HTTPS_PROXY=http://proxy:8080
      # - SOCKS_PROXY=socks5://proxy:1080
    # Working directory
    working_dir: /app
    # Restart policy
    restart: unless-stopped
    # Health check
    healthcheck:
      test: ["CMD", "pgrep", "-x", "reconflow"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s
    # Logging
    logging:
      driver: "json-file"
      options:
        max-size: "100m"
        max-file: "5"
    # Shm size for chromium (used by gowitness)
    shm_size: '2gb'

  # ReconFlow with VPN support (for stealth scanning)
  reconflow-vpn:
    build:
      context: .
      dockerfile: Dockerfile
    container_name: reconflow-vpn
    image: reconflow:latest
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - SYS_NICE
      - SYS_RESOURCE
    network_mode: service:vpn
    volumes:
      - ./output:/app/output
      - ./wordlists:/wordlists:ro
    depends_on:
      - vpn
    profiles:
      - vpn
    restart: unless-stopped

  # VPN container for anonymized scanning
  vpn:
    image: ghcr.io/raV720/vpn-container:latest
    container_name: reconflow-vpn-network
    profiles:
      - vpn
    network_mode: host
    cap_add:
      - NET_ADMIN
      - NET_RAW
    environment:
      - OPENVPN_USERNAME=your_vpn_username
      - OPENVPN_PASSWORD=your_vpn_password
      - OPENVPN_CONFIG=your_vpn_config.ovpn
    restart: unless-stopped

  # ReconFlow Development/Debug mode
  reconflow-dev:
    build:
      context: .
      dockerfile: Dockerfile.dev
    container_name: reconflow-dev
    image: reconflow:dev
    privileged: true
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - SYS_NICE
      - SYS_RESOURCE
    network_mode: host
    volumes:
      - .:/app
      - ./output:/app/output
    environment:
      - DEBUG=1
      - VERBOSE=1
    stdin_open: true
    tty: true
    profiles:
      - dev
    restart: unless-stopped

# Networks (for internal communication if not using host mode)
networks:
  default:
    name: reconflow-network
    driver: bridge