============================================================== ReconX - Domain Reconnaissance Spyglass ============================================================== Version: 2.1.0 Author: K0NxT3D Website: http://www.seaverns.com/security/reconx-domain-reconnaissance-spyglass/ Description: ------------- ReconX is a powerful command-line domain reconnaissance tool designed for cybersecurity researchers, penetration testers, and network administrators. It performs multi-layered reconnaissance on domains, including: - Common subdomain enumeration - Wordlist-based brute-force subdomain discovery - SSL certificate retrieval - Common TCP port scanning - HTML and plain-text report generation - Multi-domain batch scanning ReconX is optimized for Raspberry Pi and Linux systems, including Ubuntu 24, and uses multi-threaded scanning for speed and efficiency. -------------------------------------------------------------- Requirements: ------------- - Python 3.12+ (tested on Ubuntu 24 / RPi) - Recommended packages (see requirements.txt): dnspython >= 2.6.1 termcolor >= 2.4.0 colorama >= 0.4.6 requests >= 2.32.3 beautifulsoup4 >= 4.12.3 html5lib >= 1.1 Optional (for progress bars or enhanced output): tqdm >= 4.66.4 rich >= 13.7.1 Jinja2 >= 3.1.4 Installation: ------------- 1. Ensure Python 3 is installed: $ python3 --version 2. Clone or copy ReconX source code to your system: $ git clone https://github.com/your-repo/ReconX.git $ cd ReconX 3. Create a virtual environment (recommended): $ python3 -m venv venv $ source venv/bin/activate 4. Install required packages: $ pip install -r requirements.txt 5. Run ReconX: $ python3 ReconX.py (Follow the interactive menu) -------------------------------------------------------------- Usage: ------ Upon running ReconX, you will see the dark-theme ASCII banner and a menu: 1) Single domain quick scan - Performs common subdomain enumeration, SSL certificate retrieval, and port scanning. 2) Single domain + brute-force subdomains - Requires a wordlist file with potential subdomains (one per line). - Performs DNS resolution on each entry and logs valid results. 3) Multi-domain batch scan - Scan multiple domains listed in a text file (one domain per line). 4) Multi-domain batch + brute - Batch scan multiple domains and perform wordlist-based brute-force subdomain enumeration. 5) Exit - Quit the application. Prompts will also allow saving HTML reports for each scan. -------------------------------------------------------------- Subdomain Enumeration: ---------------------- - ReconX comes with a default list of 20+ common subdomains. - Brute-force mode allows you to supply your own wordlist. - Multi-threaded scanning ensures fast enumeration. - Duplicate subdomains are removed automatically. -------------------------------------------------------------- Port Scanning: -------------- - Scans the following common TCP ports by default: 21 (FTP), 22 (SSH), 23 (TELNET), 25 (SMTP), 53 (DNS), 80 (HTTP), 110 (POP3), 143 (IMAP), 443 (HTTPS), 587 (SMTP TLS), 3306 (MySQL), 8080 (HTTP-ALT) - Multi-threaded for speed. -------------------------------------------------------------- SSL Certificate Retrieval: -------------------------- - Connects to port 443 and retrieves certificate details: - Subject - Issuer - Validity period (NotBefore / NotAfter) - Errors are handled gracefully if the server does not support SSL. -------------------------------------------------------------- Report Generation: ------------------ - Text reports saved in ./reconx_reports/ with timestamped filenames: reconx__.txt - HTML reports (optional) provide: - Subdomains - Brute-force results - SSL certificate info - Open ports - Timestamp and generation info - HTML reports are styled in a dark, readable theme for easy review. -------------------------------------------------------------- Configuration / Patches: ------------------------ - DNS resolver patched for Ubuntu 24+ to avoid system DNS issues: Uses Google (8.8.8.8), Cloudflare (1.1.1.1), and Quad9 (9.9.9.9) as default resolvers. - Multi-threading configurable via constants at the top of the script: SUBDOMAIN_THREADS, PORT_THREADS, BRUTE_THREADS - Compatible with both terminal and headless server environments. -------------------------------------------------------------- Notes / Tips: ------------- - Recommended to use a small to medium-sized wordlist for brute-force scans to avoid network throttling. - Reports are fully timestamped and can be archived for audits or penetration test documentation. - Can run multiple instances for batch scanning large domain lists. - For Raspberry Pi users: running with `sudo` is generally not required unless scanning restricted ports (<1024). -------------------------------------------------------------- Example Usage: -------------- Single domain quick scan: $ python3 ReconX.py > 1 > example.com > y (Save HTML report? yes/no) Single domain brute-force: $ python3 ReconX.py > 2 > example.com > /path/to/wordlist.txt > y Multi-domain batch scan: $ python3 ReconX.py > 3 > /path/to/domains.txt > y Multi-domain batch + brute: $ python3 ReconX.py > 4 > /path/to/domains.txt > /path/to/wordlist.txt > y -------------------------------------------------------------- Credits: -------- ReconX is developed and maintained by K0NxT3D Website: http://www.seaverns.com/security/reconx-domain-reconnaissance-spyglass/ Inspired by ReconX, upgraded and rebranded for enhanced functionality, speed, and reporting. -------------------------------------------------------------- Disclaimer: ----------- - ReconX is intended for authorized penetration testing, research, and educational purposes only. - Unauthorized scanning of third-party systems may be illegal and is not the responsibility of the author. - Use responsibly and only on systems you own or have explicit permission to test. ==============================================================