Skip to content

Shaheer-Cybersec/ReconX

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
modules
modules
 
 
wordlists
wordlists
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
reconx.py
reconx.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

ReconX

Automated Web Application Reconnaissance & Vulnerability Discovery Framework

Python Version License Status

Modular Python framework for OWASP Top 10 vulnerability detection and web application reconnaissance

Features

Reconnaissance

  • ✅ Subdomain enumeration (Certificate Transparency + DNS brute-force)
  • ✅ Port scanning & service detection
  • ✅ Technology fingerprinting (web server, CMS, frameworks, JS libraries)
  • ✅ Security header analysis

Vulnerability Detection

  • ✅ SQL Injection detector (error-based, 15 payloads)
  • ✅ XSS scanner (reflected, 10 payloads)
  • 🚧 Open Redirect detection (planned)
  • 🚧 Security misconfiguration checks (planned)

Reporting

  • ✅ HTML report generation
  • 🚧 Markdown output (planned)
  • 🚧 JSON export (planned)

Installation

git clone https://github.com/Shaheer-Cybersec/ReconX.git
cd ReconX
python3 -m venv venv
source venv/Scripts/activate  # Windows
pip install -r requirements.txt

Usage

# Subdomain enumeration
python reconx.py -d example.com --recon

# Port scanning
python reconx.py -d example.com --ports

# Technology detection
python reconx.py -d example.com --tech

# SQL injection testing
python reconx.py -d example.com --sqli --url "http://example.com/page.php?id=1"

# XSS testing
python reconx.py -d example.com --xss --url "http://example.com/search.php?q=test"

# Full reconnaissance scan
python reconx.py -d example.com --scan

Example Output

[] Starting subdomain enumeration for example.com [+] Found 25 subdomains from crt.sh [+] Found: www.example.com [+] Found: mail.example.com [] Scanning 8 ports on example.com [+] Port 80 (HTTP) - OPEN [+] Port 443 (HTTPS) - OPEN [*] Detecting technologies for example.com [+] Web Server: nginx [+] CMS: WordPress [+] Language: PHP [+] JavaScript Libraries: jQuery, Bootstrap

⚠️ Legal Disclaimer

AUTHORIZED TESTING ONLY

Only use on systems you own or have written permission to test.

Unauthorized access is illegal under CFAA (USA), Computer Misuse Act (UK), and similar laws worldwide.

Development Progress

v0.2 (Current - April 2025)

  • Core framework structure
  • Subdomain enumeration module
  • Port scanner
  • Technology detection
  • SQL injection detector
  • XSS scanner
  • Basic HTML report generator

v0.3 (Planned - May 2025)

  • Complete report system with all findings
  • Open redirect detector
  • Security misconfiguration checks
  • JSON export
  • Test against DVWA/bWAPP

Tested Against

  • ✅ Google.com (subdomain enumeration)
  • ✅ Tesla.com (subdomain enumeration)
  • ✅ WordPress.com (technology detection)
  • ✅ Public vulnerable sites (SQLi, XSS)

Author

Shaheer Hussain
Cybersecurity Analyst | Penetration Testing Enthusiast

Certifications:

  • API Penetration Testing (APIsec University)
  • ISC2 Certified in Cybersecurity

License

MIT License - see LICENSE

Star this repo if you find it useful!

About

Automated web application reconnaissance and vulnerability scanner for OWASP Top 10 testing.

Topics

python owasp penetration-testing web-security vulnerability-scanner

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages