Extensible CLI Reconnaissance & Vulnerability Assessment Tool
OpenRecon is an extensible, CLI-based reconnaissance and vulnerability assessment tool designed for:
- Security researchers
- Bug bounty hunters
- Penetration testers
- IT security students
This project consolidates multiple scanning techniques into a unified interface to efficiently identify vulnerabilities and surface-level threats.
Project Background: This is my final college project and also my first large-scale security tool — built from scratch with passion, learning, and extensive trial and error. Feedback and contributions are highly appreciated!
- Port Scanning: Comprehensive
nmapintegration for service detection - Host Discovery:
- ARP-based scanning for local networks
- ICMP ping sweep for wide-range detection
- Subdomain Enumeration: Uses
crt.sh, DNS resolution with local caching
- XSS Scanner: Detects reflected, stored, and DOM-based XSS
- SQL Injection: Identifies potential SQLi vulnerabilities
- CSRF Scanner: Checks for Cross-Site Request Forgery issues
- GraphQL Scanner: Finds exposed GraphQL endpoints
- CMS Detection: Fingerprints WordPress, Joomla, and other CMS platforms
pip install openreconIf you get a "command not found" error after installation, it may be because the executable isn’t in your system PATH (especially if using Microsoft Store Python or pip install --user). You may see a warning like:
WARNING: The script openrecon.exe is installed in 'C:\Users\...\Scripts' which is not on PATH.Quick Fix (works immediately):
python -m openrecon --helpPermanent Fix — Add to PATH:
- Copy the Scripts directory path shown in the warning message
- Press Win + R, type sysdm.cpl, and press Enter
- Go to the Advanced tab, and click Environment Variables
- Under User variables, select Path and click Edit
- Click New and paste the Scripts directory path -Click OK on all dialogs and restart your terminal
Linux
git clone https://github.com/yourusername/openrecon
cd openrecon
chmod +x setup.sh
./setup.shWindows
git clone https://github.com/R0salman/OpenRecon
cd OpenRecon
setup.batopenrecon --help
openrecon scan --target example.com --flags "-T4 -F"| Module | Description |
|---|---|
| portscan | Nmap-based port scanning and service detection |
| livediscovery | ARP-based active host detection for local networks |
| pingsweep | ICMP ping sweep to identify online hosts |
| subenum | Subdomain enumeration with crt.sh and DNS resolution (caches in ~/.openrecon) |
| xss | Comprehensive XSS vulnerability scanning |
| sql | SQL Injection detection |
| cms | CMS fingerprinting (WordPress, Joomla, etc.) |
| csrf | CSRF vulnerability scanning |
| graphql | GraphQL endpoint detection |
| payloads | Curated collection of security testing payloads (sourced from Payload Box) |
- Python 3.8+
- Nmap (must be in system PATH) - Download Nmap
- playwright
We welcome contributions! Here's how to help:
- Fork the repository
- Create your feature branch:
git checkout -b feature/your-feature - Commit your changes:
git commit -m 'Add some feature' - Push to the branch:
git push origin feature/your-feature - Submit a pull request
This project is licensed under the MIT License.
Important: This tool is intended for:
- Authorized security testing
- Educational purposes
- Research and development
Unauthorized use against systems without explicit permission is illegal and unethical. The developers assume no liability and are not responsible for any misuse or damage caused by this tool.