Skip to content

exorrtech/recon-toolkit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
.github/workflows
.github/workflows
 
 
exorr_recon
exorr_recon
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pyproject.toml
pyproject.toml
 
 
recon.sh
recon.sh
 
 

Repository files navigation

EXORR Recon Toolkit

Python 3.9+ MIT License CI Version

Automated attack surface discovery pipeline by EXORR Security.

Orchestrates subfinder, httpx, nmap, and nuclei into a single automated recon pipeline. Python CLI with phase-by-phase execution, structured output, and JSON reporting.

Features

  • Multi-phase pipeline — subfinder -> httpx -> nmap -> nuclei, fully automated
  • Selective execution — run individual phases or the full chain
  • Structured output — JSON results with subdomain counts, live hosts, open ports, vuln findings
  • Graceful degradation — missing tools are reported, not crash-causing
  • Timestamped results — every run saved to organized output directories
  • Bash script includedrecon.sh for lightweight shell-based recon

Requirements

Tech Stack

Python 3.9+ subfinder httpx nmap nuclei JSON Reporting

Python 3.9+ CLI JSON/Markdown/HTML Reporting

Installation

git clone https://github.com/exorrtech/recon-toolkit.git
cd recon-toolkit
pip install -e .

Usage

Full pipeline

exorr-recon example.com

Specific phases only

exorr-recon example.com --phases subfinder,httpx

With verbose output and report

exorr-recon example.com --verbose --report results.json

Using the bash script

./recon.sh example.com --phase all
./recon.sh example.com --phase subfinder

Pipeline Phases

Phase Tool What it does
subfinder ProjectDiscovery subfinder Passive subdomain enumeration
httpx ProjectDiscovery httpx Probe live HTTP/HTTPS hosts
nmap Nmap Port scan top 100 ports with service detection
nuclei ProjectDiscovery nuclei Vulnerability scanning with templates

Each phase feeds its output into the next. Missing tools are skipped with a clear error message.

Output

Results are saved to ./recon-output/<target>/:

  • subdomains.txt — discovered subdomains
  • live_hosts.json — HTTP-probed live hosts
  • nmap_scan.txt — Nmap output
  • nuclei_results.txt — Nuclei findings

JSON report includes summary:

{
  "summary": {
    "subdomains": 50,
    "live_hosts": 12,
    "open_ports": 8,
    "vulnerabilities": 3
  }
}

Project Structure

recon-toolkit/
  exorr_recon/
    __init__.py
    __main__.py
    cli.py        # CLI interface
    engine.py     # Core pipeline engine
  tests/
    test_engine.py
  recon.sh       # Bash script alternative
  pyproject.toml
  README.md
  LICENSE

Running Tests

pip install -e ".[dev]"
pytest tests/ -v

Walk with the void. EXORR Security

About

Automated attack surface discovery pipeline — subfinder, httpx, nmap, nuclei integration

exorrtech.github.io

Topics

security nmap pentesting nuclei reconnaissance subfinder attack-surface httpx

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v1.0.0 — Initial Release Latest
Jun 6, 2026

Packages

 
 
 

Contributors

Languages