ReconX is a powerful, all-in-one network security reconnaissance toolkit built with a modern Streamlit web interface. Designed for penetration testers, ethical hackers, red teamers and cybersecurity enthusiasts, ReconX brings together essential active and passive recon techniques in one lightweight, interactive dashboard. Whether youβre prepping for a CTF, conducting OSINT, scanning your own infrastructure or just learning the ropes, ReconX empowers you to explore and assess digital footprints β securely, silently and effectively. π Live Demo: ReconX Web Appπ Repository: ReconX GitHub |
![]() |
- Multithreaded TCP port scanner (range: 1β500)
- Detects open ports, grabs banners, highlights outdated services
- Basic TCP handshake analysis to infer Linux/Unix vs Windows OS
- Retrieves domain ownership and registrar information
- Resolves IPs back to domain names (if records exist)
- Retrieves A, AAAA, MX, NS, CNAME, TXT records for a domain
- Extracts subdomains via
crt.sh
- Gathers archived URLs via the Wayback Machine
- Fully passive β no requests to target servers
ReconX may look like a polished web app β and it is β but under the hood, itβs powered by a well-organized collection of recon logic packed efficiently into a single, maintainable Python script.
Instead of scattering logic across multiple files or scripts, all core functionalities β Port Scanning, OS Fingerprinting, WHOIS Lookup, DNS Enumeration, Reverse DNS and GhostPath β are implemented as individual Python classes within one main file.
This approach provides:
- A clean, modular structure without file sprawl
- Easier debugging β you only focus on the relevant class
- Smooth onboarding for contributors or learners
The appβs interface is built with Streamlit, enabling a fast, reactive and browser-based frontend. Each recon class is wrapped in Streamlit UI components:
- Text inputs for target domains/IPs
- Buttons to trigger scans
- Sections with expanders, tables and logs to display results
ReconX also embeds GhostPath, a passive reconnaissance engine that runs directly in the app. It consists of two internal classes:
GhostSubdomains
: Fetches subdomains using crt.shGhostWayback
: Gathers archived URLs from the Wayback Machine
These components operate quietly in the background, leaving no footprint on the target. They're perfect for stealthy reconnaissance workflows and OSINT-based enumeration.
- β All-in-one file means simpler code navigation and faster debugging
- β Class-based design provides modularity and clarity
- β Streamlit frontend offers interactivity without extra complexity
- β GhostPath integration brings passive recon into your active workflow
Ensure you have Python 3.x installed.
git clone https://github.com/atharvbyadav/ReconX.git
cd ReconX
pip install -r requirements.txt
streamlit run ReconX.py
Enter the Target IP, hit Scan and see open ports, banners and potential risks.
Enter an IP and run detection to infer the OS type.
Enter a domain or IP to view WHOIS data.
Reverse resolve an IP to any registered domain.
Enter a domain name to pull DNS records.
Use crt.sh and Wayback Machine to uncover historical data and subdomains.
This tool is for educational and authorized security research purposes only. Scanning networks you don't own or lack permission to test is illegal.
Use responsibly. Stay ethical.
This project is licensed under the BSD 3-Clause License. See the LICENSE file for full details.
Contributions are welcome! Feel free to fork this repo, improve or expand features and open a pull request.
Have ideas? Open an issue or reach out via the contact links below.
- π¨βπ» Author: Atharv Yadav
- π§ Email: uuwr5t1s@duck.com
Looks suspicious? Good. Itβs mine. The ducks work for me. π¦π» - π Website: atharvbyadav.github.io
- π GitHub: @atharvbyadav
- π§ Connect: LinkedIn Β· X
"Collaboration is the backbone of innovation. Letβs build better tools together."