reconforge 1.0.0__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- reconforge-1.0.0/LICENSE +21 -0
- reconforge-1.0.0/PKG-INFO +364 -0
- reconforge-1.0.0/README.md +309 -0
- reconforge-1.0.0/pyproject.toml +156 -0
- reconforge-1.0.0/reconforge/__init__.py +29 -0
- reconforge-1.0.0/reconforge/analyzer.py +309 -0
- reconforge-1.0.0/reconforge/api.py +196 -0
- reconforge-1.0.0/reconforge/batch.py +192 -0
- reconforge-1.0.0/reconforge/cache.py +124 -0
- reconforge-1.0.0/reconforge/cli.py +415 -0
- reconforge-1.0.0/reconforge/compare.py +185 -0
- reconforge-1.0.0/reconforge/config.py +81 -0
- reconforge-1.0.0/reconforge/dns_enum.py +217 -0
- reconforge-1.0.0/reconforge/export.py +409 -0
- reconforge-1.0.0/reconforge/logger.py +73 -0
- reconforge-1.0.0/reconforge/portscan.py +106 -0
- reconforge-1.0.0/reconforge/report.py +136 -0
- reconforge-1.0.0/reconforge/scopecheck.py +105 -0
- reconforge-1.0.0/reconforge/subdomains.py +79 -0
- reconforge-1.0.0/reconforge/techdetect.py +79 -0
- reconforge-1.0.0/reconforge/utils.py +124 -0
- reconforge-1.0.0/reconforge/webserver.py +167 -0
- reconforge-1.0.0/reconforge.egg-info/PKG-INFO +364 -0
- reconforge-1.0.0/reconforge.egg-info/SOURCES.txt +32 -0
- reconforge-1.0.0/reconforge.egg-info/dependency_links.txt +1 -0
- reconforge-1.0.0/reconforge.egg-info/entry_points.txt +2 -0
- reconforge-1.0.0/reconforge.egg-info/requires.txt +15 -0
- reconforge-1.0.0/reconforge.egg-info/top_level.txt +1 -0
- reconforge-1.0.0/setup.cfg +4 -0
- reconforge-1.0.0/setup.py +64 -0
- reconforge-1.0.0/tests/__init__.py +0 -0
- reconforge-1.0.0/tests/test_portscan.py +72 -0
- reconforge-1.0.0/tests/test_subdomains.py +55 -0
- reconforge-1.0.0/tests/test_techdetect.py +78 -0
reconforge-1.0.0/LICENSE
ADDED
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
MIT License
|
|
2
|
+
|
|
3
|
+
Copyright (c) 2026 ferasbusiness666
|
|
4
|
+
|
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
|
7
|
+
in the Software without restriction, including without limitation the rights
|
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
|
10
|
+
furnished to do so, subject to the following conditions:
|
|
11
|
+
|
|
12
|
+
The above copyright notice and this permission notice shall be included in all
|
|
13
|
+
copies or substantial portions of the Software.
|
|
14
|
+
|
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
|
21
|
+
SOFTWARE.
|
|
@@ -0,0 +1,364 @@
|
|
|
1
|
+
Metadata-Version: 2.4
|
|
2
|
+
Name: reconforge
|
|
3
|
+
Version: 1.0.0
|
|
4
|
+
Summary: AI-assisted recon toolkit for bug bounty hunters and security researchers
|
|
5
|
+
Home-page: https://github.com/ferasbusiness666/ReconForge
|
|
6
|
+
Author: Feras
|
|
7
|
+
Author-email: Feras <feras@example.com>
|
|
8
|
+
License: MIT
|
|
9
|
+
Project-URL: Homepage, https://github.com/ferasbusiness666/ReconForge
|
|
10
|
+
Project-URL: Documentation, https://github.com/ferasbusiness666/ReconForge/tree/main/docs
|
|
11
|
+
Project-URL: Repository, https://github.com/ferasbusiness666/ReconForge.git
|
|
12
|
+
Project-URL: Bug Tracker, https://github.com/ferasbusiness666/ReconForge/issues
|
|
13
|
+
Project-URL: Changelog, https://github.com/ferasbusiness666/ReconForge/blob/main/CHANGELOG.md
|
|
14
|
+
Project-URL: Security Policy, https://github.com/ferasbusiness666/ReconForge/blob/main/docs/SECURITY.md
|
|
15
|
+
Keywords: security,recon,reconnaissance,bug-bounty,penetration-testing,subdomain-discovery,port-scanning,technology-detection,vulnerability-assessment,automation,infosec,cybersecurity,hacking,ethical-hacking
|
|
16
|
+
Classifier: Development Status :: 5 - Production/Stable
|
|
17
|
+
Classifier: Environment :: Console
|
|
18
|
+
Classifier: Intended Audience :: Information Technology
|
|
19
|
+
Classifier: Intended Audience :: System Administrators
|
|
20
|
+
Classifier: Intended Audience :: Developers
|
|
21
|
+
Classifier: License :: OSI Approved :: MIT License
|
|
22
|
+
Classifier: Natural Language :: English
|
|
23
|
+
Classifier: Operating System :: OS Independent
|
|
24
|
+
Classifier: Programming Language :: Python :: 3
|
|
25
|
+
Classifier: Programming Language :: Python :: 3.9
|
|
26
|
+
Classifier: Programming Language :: Python :: 3.10
|
|
27
|
+
Classifier: Programming Language :: Python :: 3.11
|
|
28
|
+
Classifier: Programming Language :: Python :: 3.12
|
|
29
|
+
Classifier: Topic :: Internet
|
|
30
|
+
Classifier: Topic :: Security
|
|
31
|
+
Classifier: Topic :: System :: Networking
|
|
32
|
+
Classifier: Topic :: System :: Monitoring
|
|
33
|
+
Classifier: Topic :: Utilities
|
|
34
|
+
Requires-Python: >=3.9
|
|
35
|
+
Description-Content-Type: text/markdown
|
|
36
|
+
License-File: LICENSE
|
|
37
|
+
Requires-Dist: click>=8.0.0
|
|
38
|
+
Requires-Dist: rich>=13.0.0
|
|
39
|
+
Requires-Dist: requests>=2.28.0
|
|
40
|
+
Provides-Extra: dev
|
|
41
|
+
Requires-Dist: pytest>=7.0.0; extra == "dev"
|
|
42
|
+
Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
|
|
43
|
+
Requires-Dist: black>=23.0.0; extra == "dev"
|
|
44
|
+
Requires-Dist: flake8>=6.0.0; extra == "dev"
|
|
45
|
+
Requires-Dist: mypy>=1.0.0; extra == "dev"
|
|
46
|
+
Requires-Dist: isort>=5.12.0; extra == "dev"
|
|
47
|
+
Requires-Dist: bandit>=1.7.0; extra == "dev"
|
|
48
|
+
Requires-Dist: safety>=2.0.0; extra == "dev"
|
|
49
|
+
Requires-Dist: pip-audit>=2.0.0; extra == "dev"
|
|
50
|
+
Requires-Dist: pre-commit>=3.0.0; extra == "dev"
|
|
51
|
+
Dynamic: author
|
|
52
|
+
Dynamic: home-page
|
|
53
|
+
Dynamic: license-file
|
|
54
|
+
Dynamic: requires-python
|
|
55
|
+
|
|
56
|
+
# ReconForge
|
|
57
|
+
|
|
58
|
+
```text
|
|
59
|
+
____ _____ ____ ___ _ _ _____ ___ ____ ____ _____
|
|
60
|
+
| _ \| ____/ ___/ _ \| \ | | ___/ _ \| _ \ / ___| ____|
|
|
61
|
+
| |_) | _|| | | | | | \| | |_ | | | | |_) | | _| _|
|
|
62
|
+
| _ <| |__| |__| |_| | |\ | _|| |_| | _ <| |_| | |___
|
|
63
|
+
|_| \_\_____\____\___/|_| \_|_| \___/|_| \_\\____|_____|
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
[](#installation)
|
|
67
|
+
[](LICENSE)
|
|
68
|
+
[](#contributing)
|
|
69
|
+
[](https://github.com/ferasbusiness666/ReconForge)
|
|
70
|
+
[](https://github.com/ferasbusiness666/ReconForge/issues)
|
|
71
|
+
|
|
72
|
+
**AI-assisted recon toolkit for bug bounty hunters and security researchers**
|
|
73
|
+
|
|
74
|
+
ReconForge combines practical recon automation with AI triage prompts so authorized testers can move from raw findings to prioritized hypotheses faster. Built for speed, reliability, and ease of use.
|
|
75
|
+
|
|
76
|
+
## ✨ Features
|
|
77
|
+
|
|
78
|
+
- 🔎 **Subdomain Discovery** - Find subdomains from certificate transparency data via crt.sh
|
|
79
|
+
- ⚡ **Concurrent Port Scanning** - Fast multi-port scanning with ThreadPoolExecutor
|
|
80
|
+
- 🧬 **Technology Detection** - Identify tech stacks from headers, cookies, and body signals
|
|
81
|
+
- 🧭 **Scope Checking** - Validate targets against exact hosts, wildcards, IP ranges, and CIDR blocks
|
|
82
|
+
- 📄 **Markdown Reports** - Professional reports with findings, technologies, and collection notes
|
|
83
|
+
- 🤖 **AI Triage Prompts** - Structured prompts for analyzing HTTP responses, auth flows, APIs, and more
|
|
84
|
+
- 🎨 **Rich Terminal Output** - Beautiful tables, status indicators, and progress spinners
|
|
85
|
+
- 🚀 **Production Ready** - Comprehensive tests, CI/CD, and error handling
|
|
86
|
+
|
|
87
|
+
## 🚀 Quick Start
|
|
88
|
+
|
|
89
|
+
### Installation
|
|
90
|
+
|
|
91
|
+
```bash
|
|
92
|
+
# Install from PyPI (coming soon)
|
|
93
|
+
pip install reconforge
|
|
94
|
+
|
|
95
|
+
# Or install from source
|
|
96
|
+
git clone https://github.com/ferasbusiness666/ReconForge.git
|
|
97
|
+
cd ReconForge
|
|
98
|
+
pip install .
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
### Basic Usage
|
|
102
|
+
|
|
103
|
+
```bash
|
|
104
|
+
# Discover subdomains
|
|
105
|
+
reconforge subdomains -d example.com
|
|
106
|
+
|
|
107
|
+
# Scan common ports
|
|
108
|
+
reconforge portscan -t api.example.com
|
|
109
|
+
|
|
110
|
+
# Detect technologies
|
|
111
|
+
reconforge techdetect -u https://api.example.com
|
|
112
|
+
|
|
113
|
+
# Check scope
|
|
114
|
+
reconforge scopecheck -t targets.txt -s scope.txt
|
|
115
|
+
|
|
116
|
+
# Generate full report
|
|
117
|
+
reconforge report -d example.com --output report.md
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
## 📖 Detailed Usage
|
|
121
|
+
|
|
122
|
+
### Subdomain Discovery
|
|
123
|
+
|
|
124
|
+
Discover subdomains using certificate transparency logs:
|
|
125
|
+
|
|
126
|
+
```bash
|
|
127
|
+
reconforge subdomains -d example.com
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
**Output:**
|
|
131
|
+
```
|
|
132
|
+
Subdomains for example.com
|
|
133
|
+
┏━━━━┳━━━━━━━━━━━━━━━━━━━┓
|
|
134
|
+
┃ # ┃ Subdomain ┃
|
|
135
|
+
┡━━━━╇━━━━━━━━━━━━━━━━━━━┩
|
|
136
|
+
│ 1 │ api.example.com │
|
|
137
|
+
│ 2 │ login.example.com │
|
|
138
|
+
│ 3 │ www.example.com │
|
|
139
|
+
└────┴───────────────────┘
|
|
140
|
+
Total: 3
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
### Port Scanning
|
|
144
|
+
|
|
145
|
+
Scan common ports with concurrent scanning for speed:
|
|
146
|
+
|
|
147
|
+
```bash
|
|
148
|
+
# Default: scan common ports (80, 443, 8080, 8443, 22, 21, 3306, 6379)
|
|
149
|
+
reconforge portscan -t api.example.com
|
|
150
|
+
|
|
151
|
+
# Custom ports
|
|
152
|
+
reconforge portscan -t api.example.com --ports 80,443,3000,5000
|
|
153
|
+
```
|
|
154
|
+
|
|
155
|
+
**Output:**
|
|
156
|
+
```
|
|
157
|
+
Port scan for api.example.com
|
|
158
|
+
┏━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
|
|
159
|
+
┃ Port ┃ Status ┃ Banner / Note ┃
|
|
160
|
+
┡━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
|
|
161
|
+
│ 80 │ 🟢 open │ HTTP/1.1 301 Moved Permanently │
|
|
162
|
+
│ 443 │ 🟢 open │ No banner │
|
|
163
|
+
│ 8080 │ 🔴 closed │ Connection refused │
|
|
164
|
+
└──────┴───────────┴─────────────────────────────────┘
|
|
165
|
+
```
|
|
166
|
+
|
|
167
|
+
### Technology Detection
|
|
168
|
+
|
|
169
|
+
Fingerprint web technologies from HTTP headers and response body:
|
|
170
|
+
|
|
171
|
+
```bash
|
|
172
|
+
reconforge techdetect -u https://api.example.com
|
|
173
|
+
```
|
|
174
|
+
|
|
175
|
+
**Output:**
|
|
176
|
+
```
|
|
177
|
+
Final URL: https://api.example.com/
|
|
178
|
+
HTTP status: 200
|
|
179
|
+
|
|
180
|
+
Detected Technologies
|
|
181
|
+
┏━━━━━━━━━━━━━━━━━━━━━━━━━┓
|
|
182
|
+
┃ Technology ┃
|
|
183
|
+
┡━━━━━━━━━━━━━━━━━━━━━━━━━┩
|
|
184
|
+
│ nginx │
|
|
185
|
+
│ HSTS │
|
|
186
|
+
│ Content Security Policy │
|
|
187
|
+
└─────────────────────────┘
|
|
188
|
+
```
|
|
189
|
+
|
|
190
|
+
### Scope Checking
|
|
191
|
+
|
|
192
|
+
Validate targets against your bug bounty scope:
|
|
193
|
+
|
|
194
|
+
```bash
|
|
195
|
+
reconforge scopecheck -t targets.txt -s scope.txt
|
|
196
|
+
```
|
|
197
|
+
|
|
198
|
+
**scope.txt:**
|
|
199
|
+
```
|
|
200
|
+
example.com
|
|
201
|
+
*.example.com
|
|
202
|
+
192.0.2.0/24
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
**targets.txt:**
|
|
206
|
+
```
|
|
207
|
+
api.example.com
|
|
208
|
+
login.example.com
|
|
209
|
+
thirdparty.net
|
|
210
|
+
192.0.2.50
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
**Output:**
|
|
214
|
+
```
|
|
215
|
+
In-Scope Targets
|
|
216
|
+
┏━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
|
|
217
|
+
┃ Target ┃ Reason ┃
|
|
218
|
+
┡━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
|
|
219
|
+
│ api.example.com │ matched wildcard *.example.com │
|
|
220
|
+
│ 192.0.2.50 │ matched CIDR 192.0.2.0/24 │
|
|
221
|
+
└───────────────────┴────────────────────────────┘
|
|
222
|
+
|
|
223
|
+
Out-of-Scope Targets
|
|
224
|
+
┏━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━┓
|
|
225
|
+
┃ Target ┃ Reason ┃
|
|
226
|
+
┡━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━┩
|
|
227
|
+
│ thirdparty.net │ no scope rule matched │
|
|
228
|
+
└────────────────────┴───────────────────────┘
|
|
229
|
+
```
|
|
230
|
+
|
|
231
|
+
### Generate Report
|
|
232
|
+
|
|
233
|
+
Create a comprehensive markdown report combining all findings:
|
|
234
|
+
|
|
235
|
+
```bash
|
|
236
|
+
reconforge report -d example.com --output report.md
|
|
237
|
+
```
|
|
238
|
+
|
|
239
|
+
See [`examples/example_report.md`](examples/example_report.md) for a sample report.
|
|
240
|
+
|
|
241
|
+
## 🤖 AI Triage Prompts
|
|
242
|
+
|
|
243
|
+
ReconForge includes a library of AI-assisted triage prompts in [`prompts/ai_triage.md`](prompts/ai_triage.md) for analyzing:
|
|
244
|
+
|
|
245
|
+
- HTTP responses and headers
|
|
246
|
+
- Authentication and session flows
|
|
247
|
+
- Sensitive and admin-looking endpoints
|
|
248
|
+
- JavaScript routes and feature flags
|
|
249
|
+
- API authorization patterns
|
|
250
|
+
- Parameter anomalies
|
|
251
|
+
- Finding prioritization
|
|
252
|
+
|
|
253
|
+
**Important:** Always remove secrets, tokens, and proprietary data before pasting into any AI system.
|
|
254
|
+
|
|
255
|
+
## 🛠 Development
|
|
256
|
+
|
|
257
|
+
### Setup Development Environment
|
|
258
|
+
|
|
259
|
+
```bash
|
|
260
|
+
git clone https://github.com/ferasbusiness666/ReconForge.git
|
|
261
|
+
cd ReconForge
|
|
262
|
+
python -m venv venv
|
|
263
|
+
source venv/bin/activate
|
|
264
|
+
pip install -r requirements-dev.txt
|
|
265
|
+
pip install -e .
|
|
266
|
+
```
|
|
267
|
+
|
|
268
|
+
### Running Tests
|
|
269
|
+
|
|
270
|
+
```bash
|
|
271
|
+
# All tests
|
|
272
|
+
pytest
|
|
273
|
+
|
|
274
|
+
# With coverage
|
|
275
|
+
pytest --cov=reconforge
|
|
276
|
+
|
|
277
|
+
# Specific test file
|
|
278
|
+
pytest tests/test_subdomains.py -v
|
|
279
|
+
```
|
|
280
|
+
|
|
281
|
+
### Code Quality
|
|
282
|
+
|
|
283
|
+
```bash
|
|
284
|
+
# Format code
|
|
285
|
+
black reconforge tests
|
|
286
|
+
|
|
287
|
+
# Lint
|
|
288
|
+
flake8 reconforge tests
|
|
289
|
+
|
|
290
|
+
# Type check
|
|
291
|
+
mypy reconforge
|
|
292
|
+
|
|
293
|
+
# Sort imports
|
|
294
|
+
isort reconforge tests
|
|
295
|
+
```
|
|
296
|
+
|
|
297
|
+
## 📋 Project Structure
|
|
298
|
+
|
|
299
|
+
```
|
|
300
|
+
reconforge/
|
|
301
|
+
__init__.py # Package metadata
|
|
302
|
+
cli.py # CLI commands
|
|
303
|
+
subdomains.py # Subdomain discovery
|
|
304
|
+
portscan.py # Port scanning with concurrency
|
|
305
|
+
techdetect.py # Technology detection
|
|
306
|
+
scopecheck.py # Scope validation
|
|
307
|
+
report.py # Report generation
|
|
308
|
+
prompts/
|
|
309
|
+
ai_triage.md # AI triage prompt library
|
|
310
|
+
tests/
|
|
311
|
+
test_*.py # Unit tests
|
|
312
|
+
examples/
|
|
313
|
+
example_report.md # Sample generated report
|
|
314
|
+
.github/workflows/
|
|
315
|
+
ci.yml # GitHub Actions CI/CD
|
|
316
|
+
requirements.txt # Runtime dependencies
|
|
317
|
+
requirements-dev.txt # Development dependencies
|
|
318
|
+
setup.py # Package configuration
|
|
319
|
+
```
|
|
320
|
+
|
|
321
|
+
## 🎯 Why ReconForge?
|
|
322
|
+
|
|
323
|
+
### Avoid Out-of-Scope Mistakes
|
|
324
|
+
|
|
325
|
+
Bug bounty scope can include exact hosts, wildcard subdomains, and IP ranges while excluding third-party systems. ReconForge's scope checker separates in-scope and out-of-scope targets before testing.
|
|
326
|
+
|
|
327
|
+
### Reduce Manual Recon Time
|
|
328
|
+
|
|
329
|
+
Manual recon means jumping between CT logs, socket checks, browser tabs, and notes. ReconForge provides an auditable workflow for common first-pass tasks with easy-to-copy output.
|
|
330
|
+
|
|
331
|
+
### Bring AI Into Recon
|
|
332
|
+
|
|
333
|
+
ReconForge includes model-agnostic AI triage prompts that help analyze findings while keeping final validation in your hands.
|
|
334
|
+
|
|
335
|
+
## 🔒 Security & Ethics
|
|
336
|
+
|
|
337
|
+
ReconForge is intended **only for systems you own or have explicit permission to test**. You are responsible for:
|
|
338
|
+
|
|
339
|
+
- Following program scope and rules of engagement
|
|
340
|
+
- Complying with all applicable laws and regulations
|
|
341
|
+
- Respecting rate limits and terms of service
|
|
342
|
+
- Using only on authorized targets
|
|
343
|
+
|
|
344
|
+
## 📝 License
|
|
345
|
+
|
|
346
|
+
MIT License - see [`LICENSE`](LICENSE) for details.
|
|
347
|
+
|
|
348
|
+
## 🤝 Contributing
|
|
349
|
+
|
|
350
|
+
Contributions are welcome! See [`CONTRIBUTING.md`](CONTRIBUTING.md) for guidelines.
|
|
351
|
+
|
|
352
|
+
## 📚 Resources
|
|
353
|
+
|
|
354
|
+
- [Bug Bounty Platforms](https://www.bugcrowd.com) - Find authorized programs
|
|
355
|
+
- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/) - Testing methodology
|
|
356
|
+
- [PortSwigger Web Security](https://portswigger.net/web-security) - Security training
|
|
357
|
+
|
|
358
|
+
## 🙏 Acknowledgments
|
|
359
|
+
|
|
360
|
+
Built with ❤️ for the security research community.
|
|
361
|
+
|
|
362
|
+
---
|
|
363
|
+
|
|
364
|
+
**Questions?** Open an [issue](https://github.com/ferasbusiness666/ReconForge/issues) or check the [discussions](https://github.com/ferasbusiness666/ReconForge/discussions).
|
|
@@ -0,0 +1,309 @@
|
|
|
1
|
+
# ReconForge
|
|
2
|
+
|
|
3
|
+
```text
|
|
4
|
+
____ _____ ____ ___ _ _ _____ ___ ____ ____ _____
|
|
5
|
+
| _ \| ____/ ___/ _ \| \ | | ___/ _ \| _ \ / ___| ____|
|
|
6
|
+
| |_) | _|| | | | | | \| | |_ | | | | |_) | | _| _|
|
|
7
|
+
| _ <| |__| |__| |_| | |\ | _|| |_| | _ <| |_| | |___
|
|
8
|
+
|_| \_\_____\____\___/|_| \_|_| \___/|_| \_\\____|_____|
|
|
9
|
+
```
|
|
10
|
+
|
|
11
|
+
[](#installation)
|
|
12
|
+
[](LICENSE)
|
|
13
|
+
[](#contributing)
|
|
14
|
+
[](https://github.com/ferasbusiness666/ReconForge)
|
|
15
|
+
[](https://github.com/ferasbusiness666/ReconForge/issues)
|
|
16
|
+
|
|
17
|
+
**AI-assisted recon toolkit for bug bounty hunters and security researchers**
|
|
18
|
+
|
|
19
|
+
ReconForge combines practical recon automation with AI triage prompts so authorized testers can move from raw findings to prioritized hypotheses faster. Built for speed, reliability, and ease of use.
|
|
20
|
+
|
|
21
|
+
## ✨ Features
|
|
22
|
+
|
|
23
|
+
- 🔎 **Subdomain Discovery** - Find subdomains from certificate transparency data via crt.sh
|
|
24
|
+
- ⚡ **Concurrent Port Scanning** - Fast multi-port scanning with ThreadPoolExecutor
|
|
25
|
+
- 🧬 **Technology Detection** - Identify tech stacks from headers, cookies, and body signals
|
|
26
|
+
- 🧭 **Scope Checking** - Validate targets against exact hosts, wildcards, IP ranges, and CIDR blocks
|
|
27
|
+
- 📄 **Markdown Reports** - Professional reports with findings, technologies, and collection notes
|
|
28
|
+
- 🤖 **AI Triage Prompts** - Structured prompts for analyzing HTTP responses, auth flows, APIs, and more
|
|
29
|
+
- 🎨 **Rich Terminal Output** - Beautiful tables, status indicators, and progress spinners
|
|
30
|
+
- 🚀 **Production Ready** - Comprehensive tests, CI/CD, and error handling
|
|
31
|
+
|
|
32
|
+
## 🚀 Quick Start
|
|
33
|
+
|
|
34
|
+
### Installation
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
# Install from PyPI (coming soon)
|
|
38
|
+
pip install reconforge
|
|
39
|
+
|
|
40
|
+
# Or install from source
|
|
41
|
+
git clone https://github.com/ferasbusiness666/ReconForge.git
|
|
42
|
+
cd ReconForge
|
|
43
|
+
pip install .
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
### Basic Usage
|
|
47
|
+
|
|
48
|
+
```bash
|
|
49
|
+
# Discover subdomains
|
|
50
|
+
reconforge subdomains -d example.com
|
|
51
|
+
|
|
52
|
+
# Scan common ports
|
|
53
|
+
reconforge portscan -t api.example.com
|
|
54
|
+
|
|
55
|
+
# Detect technologies
|
|
56
|
+
reconforge techdetect -u https://api.example.com
|
|
57
|
+
|
|
58
|
+
# Check scope
|
|
59
|
+
reconforge scopecheck -t targets.txt -s scope.txt
|
|
60
|
+
|
|
61
|
+
# Generate full report
|
|
62
|
+
reconforge report -d example.com --output report.md
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
## 📖 Detailed Usage
|
|
66
|
+
|
|
67
|
+
### Subdomain Discovery
|
|
68
|
+
|
|
69
|
+
Discover subdomains using certificate transparency logs:
|
|
70
|
+
|
|
71
|
+
```bash
|
|
72
|
+
reconforge subdomains -d example.com
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
**Output:**
|
|
76
|
+
```
|
|
77
|
+
Subdomains for example.com
|
|
78
|
+
┏━━━━┳━━━━━━━━━━━━━━━━━━━┓
|
|
79
|
+
┃ # ┃ Subdomain ┃
|
|
80
|
+
┡━━━━╇━━━━━━━━━━━━━━━━━━━┩
|
|
81
|
+
│ 1 │ api.example.com │
|
|
82
|
+
│ 2 │ login.example.com │
|
|
83
|
+
│ 3 │ www.example.com │
|
|
84
|
+
└────┴───────────────────┘
|
|
85
|
+
Total: 3
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
### Port Scanning
|
|
89
|
+
|
|
90
|
+
Scan common ports with concurrent scanning for speed:
|
|
91
|
+
|
|
92
|
+
```bash
|
|
93
|
+
# Default: scan common ports (80, 443, 8080, 8443, 22, 21, 3306, 6379)
|
|
94
|
+
reconforge portscan -t api.example.com
|
|
95
|
+
|
|
96
|
+
# Custom ports
|
|
97
|
+
reconforge portscan -t api.example.com --ports 80,443,3000,5000
|
|
98
|
+
```
|
|
99
|
+
|
|
100
|
+
**Output:**
|
|
101
|
+
```
|
|
102
|
+
Port scan for api.example.com
|
|
103
|
+
┏━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
|
|
104
|
+
┃ Port ┃ Status ┃ Banner / Note ┃
|
|
105
|
+
┡━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
|
|
106
|
+
│ 80 │ 🟢 open │ HTTP/1.1 301 Moved Permanently │
|
|
107
|
+
│ 443 │ 🟢 open │ No banner │
|
|
108
|
+
│ 8080 │ 🔴 closed │ Connection refused │
|
|
109
|
+
└──────┴───────────┴─────────────────────────────────┘
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
### Technology Detection
|
|
113
|
+
|
|
114
|
+
Fingerprint web technologies from HTTP headers and response body:
|
|
115
|
+
|
|
116
|
+
```bash
|
|
117
|
+
reconforge techdetect -u https://api.example.com
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
**Output:**
|
|
121
|
+
```
|
|
122
|
+
Final URL: https://api.example.com/
|
|
123
|
+
HTTP status: 200
|
|
124
|
+
|
|
125
|
+
Detected Technologies
|
|
126
|
+
┏━━━━━━━━━━━━━━━━━━━━━━━━━┓
|
|
127
|
+
┃ Technology ┃
|
|
128
|
+
┡━━━━━━━━━━━━━━━━━━━━━━━━━┩
|
|
129
|
+
│ nginx │
|
|
130
|
+
│ HSTS │
|
|
131
|
+
│ Content Security Policy │
|
|
132
|
+
└─────────────────────────┘
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
### Scope Checking
|
|
136
|
+
|
|
137
|
+
Validate targets against your bug bounty scope:
|
|
138
|
+
|
|
139
|
+
```bash
|
|
140
|
+
reconforge scopecheck -t targets.txt -s scope.txt
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
**scope.txt:**
|
|
144
|
+
```
|
|
145
|
+
example.com
|
|
146
|
+
*.example.com
|
|
147
|
+
192.0.2.0/24
|
|
148
|
+
```
|
|
149
|
+
|
|
150
|
+
**targets.txt:**
|
|
151
|
+
```
|
|
152
|
+
api.example.com
|
|
153
|
+
login.example.com
|
|
154
|
+
thirdparty.net
|
|
155
|
+
192.0.2.50
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
**Output:**
|
|
159
|
+
```
|
|
160
|
+
In-Scope Targets
|
|
161
|
+
┏━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
|
|
162
|
+
┃ Target ┃ Reason ┃
|
|
163
|
+
┡━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
|
|
164
|
+
│ api.example.com │ matched wildcard *.example.com │
|
|
165
|
+
│ 192.0.2.50 │ matched CIDR 192.0.2.0/24 │
|
|
166
|
+
└───────────────────┴────────────────────────────┘
|
|
167
|
+
|
|
168
|
+
Out-of-Scope Targets
|
|
169
|
+
┏━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━┓
|
|
170
|
+
┃ Target ┃ Reason ┃
|
|
171
|
+
┡━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━┩
|
|
172
|
+
│ thirdparty.net │ no scope rule matched │
|
|
173
|
+
└────────────────────┴───────────────────────┘
|
|
174
|
+
```
|
|
175
|
+
|
|
176
|
+
### Generate Report
|
|
177
|
+
|
|
178
|
+
Create a comprehensive markdown report combining all findings:
|
|
179
|
+
|
|
180
|
+
```bash
|
|
181
|
+
reconforge report -d example.com --output report.md
|
|
182
|
+
```
|
|
183
|
+
|
|
184
|
+
See [`examples/example_report.md`](examples/example_report.md) for a sample report.
|
|
185
|
+
|
|
186
|
+
## 🤖 AI Triage Prompts
|
|
187
|
+
|
|
188
|
+
ReconForge includes a library of AI-assisted triage prompts in [`prompts/ai_triage.md`](prompts/ai_triage.md) for analyzing:
|
|
189
|
+
|
|
190
|
+
- HTTP responses and headers
|
|
191
|
+
- Authentication and session flows
|
|
192
|
+
- Sensitive and admin-looking endpoints
|
|
193
|
+
- JavaScript routes and feature flags
|
|
194
|
+
- API authorization patterns
|
|
195
|
+
- Parameter anomalies
|
|
196
|
+
- Finding prioritization
|
|
197
|
+
|
|
198
|
+
**Important:** Always remove secrets, tokens, and proprietary data before pasting into any AI system.
|
|
199
|
+
|
|
200
|
+
## 🛠 Development
|
|
201
|
+
|
|
202
|
+
### Setup Development Environment
|
|
203
|
+
|
|
204
|
+
```bash
|
|
205
|
+
git clone https://github.com/ferasbusiness666/ReconForge.git
|
|
206
|
+
cd ReconForge
|
|
207
|
+
python -m venv venv
|
|
208
|
+
source venv/bin/activate
|
|
209
|
+
pip install -r requirements-dev.txt
|
|
210
|
+
pip install -e .
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
### Running Tests
|
|
214
|
+
|
|
215
|
+
```bash
|
|
216
|
+
# All tests
|
|
217
|
+
pytest
|
|
218
|
+
|
|
219
|
+
# With coverage
|
|
220
|
+
pytest --cov=reconforge
|
|
221
|
+
|
|
222
|
+
# Specific test file
|
|
223
|
+
pytest tests/test_subdomains.py -v
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
### Code Quality
|
|
227
|
+
|
|
228
|
+
```bash
|
|
229
|
+
# Format code
|
|
230
|
+
black reconforge tests
|
|
231
|
+
|
|
232
|
+
# Lint
|
|
233
|
+
flake8 reconforge tests
|
|
234
|
+
|
|
235
|
+
# Type check
|
|
236
|
+
mypy reconforge
|
|
237
|
+
|
|
238
|
+
# Sort imports
|
|
239
|
+
isort reconforge tests
|
|
240
|
+
```
|
|
241
|
+
|
|
242
|
+
## 📋 Project Structure
|
|
243
|
+
|
|
244
|
+
```
|
|
245
|
+
reconforge/
|
|
246
|
+
__init__.py # Package metadata
|
|
247
|
+
cli.py # CLI commands
|
|
248
|
+
subdomains.py # Subdomain discovery
|
|
249
|
+
portscan.py # Port scanning with concurrency
|
|
250
|
+
techdetect.py # Technology detection
|
|
251
|
+
scopecheck.py # Scope validation
|
|
252
|
+
report.py # Report generation
|
|
253
|
+
prompts/
|
|
254
|
+
ai_triage.md # AI triage prompt library
|
|
255
|
+
tests/
|
|
256
|
+
test_*.py # Unit tests
|
|
257
|
+
examples/
|
|
258
|
+
example_report.md # Sample generated report
|
|
259
|
+
.github/workflows/
|
|
260
|
+
ci.yml # GitHub Actions CI/CD
|
|
261
|
+
requirements.txt # Runtime dependencies
|
|
262
|
+
requirements-dev.txt # Development dependencies
|
|
263
|
+
setup.py # Package configuration
|
|
264
|
+
```
|
|
265
|
+
|
|
266
|
+
## 🎯 Why ReconForge?
|
|
267
|
+
|
|
268
|
+
### Avoid Out-of-Scope Mistakes
|
|
269
|
+
|
|
270
|
+
Bug bounty scope can include exact hosts, wildcard subdomains, and IP ranges while excluding third-party systems. ReconForge's scope checker separates in-scope and out-of-scope targets before testing.
|
|
271
|
+
|
|
272
|
+
### Reduce Manual Recon Time
|
|
273
|
+
|
|
274
|
+
Manual recon means jumping between CT logs, socket checks, browser tabs, and notes. ReconForge provides an auditable workflow for common first-pass tasks with easy-to-copy output.
|
|
275
|
+
|
|
276
|
+
### Bring AI Into Recon
|
|
277
|
+
|
|
278
|
+
ReconForge includes model-agnostic AI triage prompts that help analyze findings while keeping final validation in your hands.
|
|
279
|
+
|
|
280
|
+
## 🔒 Security & Ethics
|
|
281
|
+
|
|
282
|
+
ReconForge is intended **only for systems you own or have explicit permission to test**. You are responsible for:
|
|
283
|
+
|
|
284
|
+
- Following program scope and rules of engagement
|
|
285
|
+
- Complying with all applicable laws and regulations
|
|
286
|
+
- Respecting rate limits and terms of service
|
|
287
|
+
- Using only on authorized targets
|
|
288
|
+
|
|
289
|
+
## 📝 License
|
|
290
|
+
|
|
291
|
+
MIT License - see [`LICENSE`](LICENSE) for details.
|
|
292
|
+
|
|
293
|
+
## 🤝 Contributing
|
|
294
|
+
|
|
295
|
+
Contributions are welcome! See [`CONTRIBUTING.md`](CONTRIBUTING.md) for guidelines.
|
|
296
|
+
|
|
297
|
+
## 📚 Resources
|
|
298
|
+
|
|
299
|
+
- [Bug Bounty Platforms](https://www.bugcrowd.com) - Find authorized programs
|
|
300
|
+
- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/) - Testing methodology
|
|
301
|
+
- [PortSwigger Web Security](https://portswigger.net/web-security) - Security training
|
|
302
|
+
|
|
303
|
+
## 🙏 Acknowledgments
|
|
304
|
+
|
|
305
|
+
Built with ❤️ for the security research community.
|
|
306
|
+
|
|
307
|
+
---
|
|
308
|
+
|
|
309
|
+
**Questions?** Open an [issue](https://github.com/ferasbusiness666/ReconForge/issues) or check the [discussions](https://github.com/ferasbusiness666/ReconForge/discussions).
|