A Python-based passive reconnaissance tool designed to automate the initial phases of web application security testing. This tool complements manual testing by quickly identifying technical stacks, security header gaps, and hidden directories.
- Header Analysis: Checks for missing security headers like CSP, X-Frame-Options, and HSTS.
- Tech Stack Identification: Detects CMS, frameworks, and server versions.
- Crawler: Extracts subdomains and internal/external links from the target.
- Robots.txt Parser: Scans for disallowed paths that might reveal sensitive directories.
- Python 3.9+
- VS Code
-
git clone https://github.com/arjunharshana/recon_tool.git cd recon_tool -
Open your terminal in the
recon_toolfolder and run:# Create the virtual env python -m venv venv # Activate the environment (use gitbash in terminal) source venv/Scripts/activate # Update pip python -m pip install --upgrade pip
-
pip install -r requirements.txt
-
python main.py [target_url]