ReconX — Network Reconnaissance Toolkit
Overview
ReconX is a powerful, all-in-one
network security reconnaissance toolkit
built with a modern
Streamlit web interface. Designed
for
penetration testers, ethical hackers, red
teamers
and cybersecurity enthusiasts,
ReconX brings together essential active and passive
recon techniques in one lightweight, interactive
dashboard.
Whether you’re prepping for a CTF, conducting OSINT,
scanning your own infrastructure or just learning
the ropes,
ReconX empowers you to explore and assess
digital footprints — securely, silently and
effectively.
Live Demo:
ReconX Web App
Source Code:
ReconX GitHub
Features
Port Scanning
-
Multithreaded TCP port scanner (range: 1–500)
-
Detects open ports, grabs banners, highlights
outdated services
OS Fingerprinting
-
Basic TCP handshake analysis to infer Linux/Unix
vs Windows OS
WHOIS Lookup
-
Retrieves domain ownership and registrar
information
Reverse DNS Lookup
-
Resolves IPs back to domain names (if records
exist)
DNS Enumeration
-
Retrieves A, AAAA, MX, NS, CNAME, TXT records
for a domain
GhostPath (Passive
Recon)
- Extracts subdomains via "crt.sh"
-
Gathers archived URLs via the Wayback Machine
-
Fully passive — no requests to target servers
Under the Hood: The
Engineering Behind ReconX
ReconX isn't just a powerful toolkit; it's
a testament to efficient, modular engineering. Beneath its
sleek Streamlit interface lies a robust, single-file
architecture designed for clarity, performance and easy
extensibility.
Core Architecture:
Single-File Modularity
Unlike complex multi-file projects, ReconX consolidates all
its core reconnaissance functionalities—from Port Scanning
to GhostPath—into a single, meticulously organized Python
script. Each distinct recon technique is encapsulated within
its own dedicated Python class, ensuring a clean, logical
separation of concerns.
This streamlined approach offers significant advantages:
Modular Design
Each feature is a self-contained class, promoting
clear separation and easier development.
Simplified Debugging
With logic centralized, issues are quicker to
pinpoint and resolve within their specific class.
Effortless Contributions
A single-file structure lowers the barrier to entry,
welcoming new contributors to understand and extend
features.
The intuitive, browser-based user interface of ReconX is
dynamically powered by Streamlit. This
remarkable Python library transforms complex backend logic
into interactive web elements with minimal code. For every
reconnaissance class, Streamlit crafts:
-
Responsive text
inputs for seamless target specification (domains/IPs).
-
Engaging buttons
to trigger scans and analyses instantly.
-
Organized sections
utilizing expandable elements, clean tables and
comprehensive logs to present results clearly.
This integration ensures that powerful security tasks are
accessible and understandable for users of all skill levels.
Beyond active scanning, ReconX integrates the potent
GhostPath engine for discreet, passive
reconnaissance. Operating entirely in the background,
GhostPath queries public data sources to gather intelligence
without directly interacting with the target server, leaving
no digital footprint. It comprises two specialized internal
classes:
-
GhostSubdomains: Leverages the power of crt.sh to
discover subdomains from public SSL certificate
transparency logs.
-
GhostWayback: Extracts historical URLs and snapshots from the
extensive Wayback Machine archives,
revealing past configurations and hidden assets.
GhostPath is an indispensable asset for OSINT (Open Source
Intelligence) investigations and stealthy enumeration,
providing critical data for a comprehensive security
assessment.
Installation & Usage
The quickest way to experience ReconX is through its
live web application. You can use it
directly, free of cost, fully anonymously and without
any limitations
on usage!
Alternatively, host it yourself:
Prerequisites
Ensure you have Python 3.x installed.
Clone the Repository
git clone https://github.com/atharvbyadav/ReconX.git
cd ReconX
Install Dependencies
pip install -r requirements.txt
Launch the App
streamlit run ReconX.py
Usage Guide
Port Scanning
Enter the Target IP, hit
Scan and see open ports, banners
and potential risks.
OS
Fingerprinting
Enter an IP and run detection to infer the OS type.
WHOIS
Lookup
Enter a domain or IP to view WHOIS data.
Reverse DNS
Lookup
Reverse resolve an IP to any registered domain.
DNS Enumeration
Enter a domain name to pull DNS records.
GhostPath
(Passive Recon)
Use crt.sh and
Wayback Machine to uncover
historical data and subdomains.
Disclaimer
This tool is for
educational and authorized security research
purposes only. Scanning networks you don't own or lack permission to
test is illegal.
Use responsibly. Stay ethical.
License
This project is licensed under the
BSD 3-Clause License. See the
LICENSE file for
full details.
Get Involved &
Connect
Contributions are welcome! Your ideas, bug fixes or
new features can make ReconX even better.
Feel free to fork this repo,
improve or expand features and open a
pull request.
Have ideas? Open an issue or reach out via the
contact links below.
Have questions, feedback, or just want to say hello?
Connect with Atharv Yadav and the project through these
channels:
"Collaboration is the backbone of innovation. Let’s build
better tools together."
