v2.0 — Open Source Recon Framework

ReconX

115 recon modules. One command. Full pipeline.

Subdomain enumeration, vulnerability scanning, cloud recon, OSINT — orchestrated in dependency order with false positive reduction. Results visualized in an interactive knowledge graph.

115Modules
48K+Subdomains / scan
9Category Coverage
< 30 minFull Scan

What 115 modules actually do

Each module runs when its dependencies finish. Subdomain tools feed into port scanners, which feed into vuln detectors. No manual wiring.

Reconnaissance

13 modules

Subdomain enumeration, DNS recon, passive sources, CIDR mapping, VHost discovery

$ subfinder, amass, assetfinder, dnsx, shuffledns...

→ pipes into port scanning and web analysis

Web Analysis

17 modules

URL discovery, JS analysis, parameter mining, directory fuzzing, API scanning, CMS detection

Vulnerability Detection

21 modules

Nuclei, SQLi, XSS, SSRF, SSTI, subdomain takeover, secrets detection

Cloud & OSINT

22 modules

S3/GCS enumeration, WHOIS, Shodan, Google dorking, GitHub OSINT, email harvesting

Knowledge Graph

BloodHound-style attack surface mapping with domain-to-finding chains and attack paths

ReconX Dashboard

12 pages

World map, knowledge graph, findings, attack paths, reports with PDF export

The dashboard after a real scan

Subdomains
247
Critical
5
Live Hosts
189
Attack Paths
12
SQLi on api.target.com
XSS on cdn.target.com
SSRF on img.target.com
DashboardWorld MapKnowledge GraphFindingsAttack PathsSubdomainsURLsTechnologiesVulnerabilitiesCloud AssetsReportsSettings

Run it yourself

Install, point at a target, get a full recon pipeline with structured output and a live dashboard. That's it.

terminal

$ reconx -t target.com --full

[*] Loading 115 modules across 9 categories

[*] Building dependency graph... 247 edges resolved

[→] Phase 1/4: Subdomain enumeration (subfinder, amass, dnsx)

[→] Phase 2/4: Port scan + service fingerprint

[→] Phase 3/4: Web analysis + parameter discovery

[→] Phase 4/4: Vuln detection (nuclei, sqlmap, dalfox)

[*] False positive reduction... removed 34 duplicates

[+] Done in 22m 14s — 247 subdomains, 189 live hosts, 5 critical, 12 attack paths

[*] Dashboard → http://localhost:3000