ReconX — Network Reconnaissance Toolkit
Overview
ReconX is a powerful, all-in-one network security reconnaissance toolkit built with a modern Streamlit web interface. Designed for penetration testers, ethical hackers, red teamers and cybersecurity enthusiasts, ReconX brings together essential active and passive recon techniques in one lightweight, interactive dashboard.
Whether you’re prepping for a CTF, conducting OSINT, scanning your own infrastructure or just learning the ropes, ReconX empowers you to explore and assess digital footprints — securely, silently and effectively.
Live Demo: ReconX Web App
Source Code: ReconX GitHub
Features
Port Scanning
- Multithreaded TCP port scanner (range: 1–500)
- Detects open ports, grabs banners, highlights outdated services
OS Fingerprinting
- Basic TCP handshake analysis to infer Linux/Unix vs Windows OS
WHOIS Lookup
- Retrieves domain ownership and registrar information
Reverse DNS Lookup
- Resolves IPs back to domain names (if records exist)
DNS Enumeration
- Retrieves A, AAAA, MX, NS, CNAME, TXT records for a domain
GhostPath (Passive Recon)
- Extracts subdomains via "crt.sh"
- Gathers archived URLs via the Wayback Machine
- Fully passive — no requests to target servers
Under the Hood: The Engineering Behind ReconX
ReconX isn't just a powerful toolkit; it's a testament to efficient, modular engineering. Beneath its sleek Streamlit interface lies a robust, single-file architecture designed for clarity, performance and easy extensibility.
Core Architecture: Single-File Modularity
Unlike complex multi-file projects, ReconX consolidates all its core reconnaissance functionalities—from Port Scanning to GhostPath—into a single, meticulously organized Python script. Each distinct recon technique is encapsulated within its own dedicated Python class, ensuring a clean, logical separation of concerns.
This streamlined approach offers significant advantages:
Modular Design
Each feature is a self-contained class, promoting clear separation and easier development.
Simplified Debugging
With logic centralized, issues are quicker to pinpoint and resolve within their specific class.
Effortless Contributions
A single-file structure lowers the barrier to entry, welcoming new contributors to understand and extend features.
The intuitive, browser-based user interface of ReconX is dynamically powered by Streamlit. This remarkable Python library transforms complex backend logic into interactive web elements with minimal code. For every reconnaissance class, Streamlit crafts:
- Responsive text inputs for seamless target specification (domains/IPs).
- Engaging buttons to trigger scans and analyses instantly.
- Organized sections utilizing expandable elements, clean tables and comprehensive logs to present results clearly.
This integration ensures that powerful security tasks are accessible and understandable for users of all skill levels.
Beyond active scanning, ReconX integrates the potent GhostPath engine for discreet, passive reconnaissance. Operating entirely in the background, GhostPath queries public data sources to gather intelligence without directly interacting with the target server, leaving no digital footprint. It comprises two specialized internal classes:
-
GhostSubdomains: Leverages the power of crt.sh to discover subdomains from public SSL certificate transparency logs.
-
GhostWayback: Extracts historical URLs and snapshots from the extensive Wayback Machine archives, revealing past configurations and hidden assets.
GhostPath is an indispensable asset for OSINT (Open Source Intelligence) investigations and stealthy enumeration, providing critical data for a comprehensive security assessment.
Installation & Usage
The quickest way to experience ReconX is through its live web application.
You can use it directly, free of cost, fully anonymously and without any limitations on usage!
Alternatively, host it yourself:
Prerequisites
Ensure you have Python 3.x installed.
Clone the Repository
git clone https://github.com/atharvbyadav/ReconX.git
cd ReconX
Install Dependencies
pip install -r requirements.txt
Launch the App
streamlit run ReconX.py
Usage Guide
Port Scanning
Enter the Target IP, hit Scan and see open ports, banners and potential risks.
OS Fingerprinting
Enter an IP and run detection to infer the OS type.
WHOIS Lookup
Enter a domain or IP to view WHOIS data.
Reverse DNS Lookup
Reverse resolve an IP to any registered domain.
DNS Enumeration
Enter a domain name to pull DNS records.
GhostPath (Passive Recon)
Use crt.sh and Wayback Machine to uncover historical data and subdomains.
Disclaimer
This tool is for educational and authorized security research purposes only. Scanning networks you don't own or lack permission to test is illegal.
Use responsibly. Stay ethical.
License
This project is licensed under the BSD 3-Clause License.
See the LICENSE file for full details.
Get Involved & Connect
Contributions are welcome! Your ideas, bug fixes or new features can make ReconX even better.
Feel free to fork this repo, improve or expand features and open a pull request.
Have ideas? Open an issue or reach out via the contact links below.
Have questions, feedback, or just want to say hello? Connect with Atharv Yadav and the project through these channels:
"Collaboration is the backbone of innovation. Let’s build better tools together."
