==============================================================
ReconX - Domain Reconnaissance Spyglass
==============================================================

Version: 2.1.0
Author: K0NxT3D
Website: http://www.seaverns.com/security/reconx-domain-reconnaissance-spyglass/

Description:
-------------
ReconX is a powerful command-line domain reconnaissance tool designed
for cybersecurity researchers, penetration testers, and network administrators.
It performs multi-layered reconnaissance on domains, including:

- Common subdomain enumeration
- Wordlist-based brute-force subdomain discovery
- SSL certificate retrieval
- Common TCP port scanning
- HTML and plain-text report generation
- Multi-domain batch scanning

ReconX is optimized for Raspberry Pi and Linux systems, including Ubuntu 24, and
uses multi-threaded scanning for speed and efficiency.

--------------------------------------------------------------
Requirements:
-------------
- Python 3.12+ (tested on Ubuntu 24 / RPi)
- Recommended packages (see requirements.txt):
    dnspython >= 2.6.1
    termcolor >= 2.4.0
    colorama >= 0.4.6
    requests >= 2.32.3
    beautifulsoup4 >= 4.12.3
    html5lib >= 1.1

Optional (for progress bars or enhanced output):
    tqdm >= 4.66.4
    rich >= 13.7.1
    Jinja2 >= 3.1.4

Installation:
-------------
1. Ensure Python 3 is installed:
   $ python3 --version

2. Clone or copy ReconX source code to your system:
   $ git clone https://github.com/your-repo/ReconX.git
   $ cd ReconX

3. Create a virtual environment (recommended):
   $ python3 -m venv venv
   $ source venv/bin/activate

4. Install required packages:
   $ pip install -r requirements.txt

5. Run ReconX:
   $ python3 ReconX.py
   (Follow the interactive menu)

--------------------------------------------------------------
Usage:
------

Upon running ReconX, you will see the dark-theme ASCII banner and a menu:

1) Single domain quick scan
   - Performs common subdomain enumeration, SSL certificate retrieval, and port scanning.

2) Single domain + brute-force subdomains
   - Requires a wordlist file with potential subdomains (one per line).
   - Performs DNS resolution on each entry and logs valid results.

3) Multi-domain batch scan
   - Scan multiple domains listed in a text file (one domain per line).

4) Multi-domain batch + brute
   - Batch scan multiple domains and perform wordlist-based brute-force subdomain enumeration.

5) Exit
   - Quit the application.

Prompts will also allow saving HTML reports for each scan.

--------------------------------------------------------------
Subdomain Enumeration:
----------------------
- ReconX comes with a default list of 20+ common subdomains.
- Brute-force mode allows you to supply your own wordlist.
- Multi-threaded scanning ensures fast enumeration.
- Duplicate subdomains are removed automatically.

--------------------------------------------------------------
Port Scanning:
--------------
- Scans the following common TCP ports by default:
  21 (FTP), 22 (SSH), 23 (TELNET), 25 (SMTP), 53 (DNS),
  80 (HTTP), 110 (POP3), 143 (IMAP), 443 (HTTPS), 587 (SMTP TLS),
  3306 (MySQL), 8080 (HTTP-ALT)
- Multi-threaded for speed.

--------------------------------------------------------------
SSL Certificate Retrieval:
--------------------------
- Connects to port 443 and retrieves certificate details:
  - Subject
  - Issuer
  - Validity period (NotBefore / NotAfter)
- Errors are handled gracefully if the server does not support SSL.

--------------------------------------------------------------
Report Generation:
------------------
- Text reports saved in ./reconx_reports/ with timestamped filenames:
  reconx_<domain>_<YYYYMMDD_HHMMSS>.txt

- HTML reports (optional) provide:
  - Subdomains
  - Brute-force results
  - SSL certificate info
  - Open ports
  - Timestamp and generation info
- HTML reports are styled in a dark, readable theme for easy review.

--------------------------------------------------------------
Configuration / Patches:
------------------------
- DNS resolver patched for Ubuntu 24+ to avoid system DNS issues:
  Uses Google (8.8.8.8), Cloudflare (1.1.1.1), and Quad9 (9.9.9.9) as default resolvers.

- Multi-threading configurable via constants at the top of the script:
  SUBDOMAIN_THREADS, PORT_THREADS, BRUTE_THREADS

- Compatible with both terminal and headless server environments.

--------------------------------------------------------------
Notes / Tips:
-------------
- Recommended to use a small to medium-sized wordlist for brute-force scans to avoid network throttling.
- Reports are fully timestamped and can be archived for audits or penetration test documentation.
- Can run multiple instances for batch scanning large domain lists.
- For Raspberry Pi users: running with `sudo` is generally not required unless scanning restricted ports (<1024).

--------------------------------------------------------------
Example Usage:
--------------
Single domain quick scan:
$ python3 ReconX.py
> 1
> example.com
> y  (Save HTML report? yes/no)

Single domain brute-force:
$ python3 ReconX.py
> 2
> example.com
> /path/to/wordlist.txt
> y

Multi-domain batch scan:
$ python3 ReconX.py
> 3
> /path/to/domains.txt
> y

Multi-domain batch + brute:
$ python3 ReconX.py
> 4
> /path/to/domains.txt
> /path/to/wordlist.txt
> y

--------------------------------------------------------------
Credits:
--------
ReconX is developed and maintained by K0NxT3D
Website: http://www.seaverns.com/security/reconx-domain-reconnaissance-spyglass/

Inspired by ReconX, upgraded and rebranded for enhanced functionality, speed, and reporting.

--------------------------------------------------------------
Disclaimer:
-----------
- ReconX is intended for authorized penetration testing, research, and educational purposes only.
- Unauthorized scanning of third-party systems may be illegal and is not the responsibility of the author.
- Use responsibly and only on systems you own or have explicit permission to test.

==============================================================

