ReconX is a CLI reconnaissance and OSINT tool written in Python.
It integrates multiple passive and active enumeration techniques: whois, DNS, nmap, HTTP headers, clickjacking testing (with PoC), robots.txt, link extraction, IP geolocation, traceroute, advanced subdomain scanner, and reverse IP lookup.
- About
- Features
- Demo
- Installation
- Usage
- Dependencies
- Logs & Output
- Best Practices & Ethics
- Contributing
ReconX is designed for pentesters, bug bounty hunters, and OSINT enthusiasts who need a lightweight terminal-based reconnaissance tool with multiple integrated functions. It focuses on simplicity, readable terminal output, and automatic logging of results.
- ✅ Whois Lookup (
whois) - ✅ DNS Lookup (
dig) - ✅ Nmap scan with default flags (
-sV -sC) + auto logging - ✅ HTTP Headers grabber
- ✅ Clickjacking Test (auto-generates PoC HTML in
poc/) - ✅ Robots.txt scanner
- ✅ Link extractor (
<a href>) - ✅ IP Geolocation (via
ip-api.com) - ✅ Traceroute (
mtrreport) - ✅ Subdomain Scanner (crt.sh, Wayback, RapidDNS, ThreatCrowd, CertSpotter, Sonar, AlienVault, Hackertarget) with concurrency (
ThreadPoolExecutor) - ✅ Reverse IP Lookup (hackertarget API)
- ✔️ Results auto-saved into
logs/
Short caption: ReconX running in the terminal (click to view full size).
Run the tool:
python3 reconx.pyExample menu:
██████╗ ███████╗ ██████╗ ██████╗ ███╗ ██╗██╗ ██╗
██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗ ██║╚██╗██╔╝
██████╔╝█████╗ ██║ ██║ ██║██╔██╗ ██║ ╚███╔╝
██╔══██╗██╔══╝ ██║ ██║ ██║██║╚██╗██║ ██╔██╗
██║ ██║███████╗╚██████╗╚██████╔╝██║ ╚████║██╔╝ ██╗
╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═╝
[+] ReconX - Advanced Reconnaissance Tool
[+] GitHub: github.com/mrofcodyx/reconx
============================================================
[1] WhoIs Lookup
[2] DNS Lookup
[3] Nmap Port Scan
[4] HTTP Header Grabber
[5] Clickjacking Test (with PoC)
[6] Robots.txt Scanner
[7] Link Grabber
[8] IP GeoLocation Finder
[9] Traceroute
[10] Subdomain Scanner (Advanced)
[11] Reverse IP Lookup
[12] Exit
============================================================
[+] Select an option:
- Clone the repo:
git clone https://github.com/mrofcodyx/reconx.git
cd reconx- (Optional) Create and activate a virtualenv:
python3 -m venv .venv
source .venv/bin/activate # Linux/Mac
.venv\Scripts\activate # Windows- Install Python dependencies:
Install them:
pip install -r requirements.txt- Install required system tools:
nmap(port scanning)dig(DNS queries, package:dnsutilsorbind-utils)whois(whois client)mtr(traceroute reports)
For Debian/Ubuntu:
sudo apt update
sudo apt install -y nmap dnsutils whois mtrRun interactively:
python3 reconx.pyExamples:
- Subdomain scanning → results saved to
logs/subdomains_example.com_YYYYMMDD_HHMMSS.txt - Clickjacking PoC → generated under
poc/clickjacking_example.com_YYYYMMDD_HHMMSS.html
- Python 3.8+ recommended
- Python libs:
requests,beautifulsoup4 - Relies on external system binaries (
nmap,dig,whois,mtr) viaos.system()calls - Subdomain enumeration uses multiple public sources (crt.sh, Wayback, Sonar, etc.) — be mindful of API limits
- Logs are stored in
logs/(nmap, subdomains, etc.) - Clickjacking PoCs in
poc/ - Terminal output is colorized for readability
Use ReconX only on systems you own or are explicitly authorized to test. Unauthorized scanning may be illegal.
- Run only in controlled environments or with written permission
- Respect API limits and ToS from third-party services
- Handle sensitive data (logs, domains, hosts) responsibly
- Fork the repo
- Create a branch:
git checkout -b feature/my-feature - Commit & push:
git commit -m "feat: description"/git push origin feature/my-feature - Open a Pull Request with a clear description
- Created by mr_ofcodyx
- GitHub: @Mr_ofcodyx