reconforge 1.0.0__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. reconforge-1.0.0/LICENSE +21 -0
  2. reconforge-1.0.0/PKG-INFO +364 -0
  3. reconforge-1.0.0/README.md +309 -0
  4. reconforge-1.0.0/pyproject.toml +156 -0
  5. reconforge-1.0.0/reconforge/__init__.py +29 -0
  6. reconforge-1.0.0/reconforge/analyzer.py +309 -0
  7. reconforge-1.0.0/reconforge/api.py +196 -0
  8. reconforge-1.0.0/reconforge/batch.py +192 -0
  9. reconforge-1.0.0/reconforge/cache.py +124 -0
  10. reconforge-1.0.0/reconforge/cli.py +415 -0
  11. reconforge-1.0.0/reconforge/compare.py +185 -0
  12. reconforge-1.0.0/reconforge/config.py +81 -0
  13. reconforge-1.0.0/reconforge/dns_enum.py +217 -0
  14. reconforge-1.0.0/reconforge/export.py +409 -0
  15. reconforge-1.0.0/reconforge/logger.py +73 -0
  16. reconforge-1.0.0/reconforge/portscan.py +106 -0
  17. reconforge-1.0.0/reconforge/report.py +136 -0
  18. reconforge-1.0.0/reconforge/scopecheck.py +105 -0
  19. reconforge-1.0.0/reconforge/subdomains.py +79 -0
  20. reconforge-1.0.0/reconforge/techdetect.py +79 -0
  21. reconforge-1.0.0/reconforge/utils.py +124 -0
  22. reconforge-1.0.0/reconforge/webserver.py +167 -0
  23. reconforge-1.0.0/reconforge.egg-info/PKG-INFO +364 -0
  24. reconforge-1.0.0/reconforge.egg-info/SOURCES.txt +32 -0
  25. reconforge-1.0.0/reconforge.egg-info/dependency_links.txt +1 -0
  26. reconforge-1.0.0/reconforge.egg-info/entry_points.txt +2 -0
  27. reconforge-1.0.0/reconforge.egg-info/requires.txt +15 -0
  28. reconforge-1.0.0/reconforge.egg-info/top_level.txt +1 -0
  29. reconforge-1.0.0/setup.cfg +4 -0
  30. reconforge-1.0.0/setup.py +64 -0
  31. reconforge-1.0.0/tests/__init__.py +0 -0
  32. reconforge-1.0.0/tests/test_portscan.py +72 -0
  33. reconforge-1.0.0/tests/test_subdomains.py +55 -0
  34. reconforge-1.0.0/tests/test_techdetect.py +78 -0
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 ferasbusiness666
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
@@ -0,0 +1,364 @@
1
+ Metadata-Version: 2.4
2
+ Name: reconforge
3
+ Version: 1.0.0
4
+ Summary: AI-assisted recon toolkit for bug bounty hunters and security researchers
5
+ Home-page: https://github.com/ferasbusiness666/ReconForge
6
+ Author: Feras
7
+ Author-email: Feras <feras@example.com>
8
+ License: MIT
9
+ Project-URL: Homepage, https://github.com/ferasbusiness666/ReconForge
10
+ Project-URL: Documentation, https://github.com/ferasbusiness666/ReconForge/tree/main/docs
11
+ Project-URL: Repository, https://github.com/ferasbusiness666/ReconForge.git
12
+ Project-URL: Bug Tracker, https://github.com/ferasbusiness666/ReconForge/issues
13
+ Project-URL: Changelog, https://github.com/ferasbusiness666/ReconForge/blob/main/CHANGELOG.md
14
+ Project-URL: Security Policy, https://github.com/ferasbusiness666/ReconForge/blob/main/docs/SECURITY.md
15
+ Keywords: security,recon,reconnaissance,bug-bounty,penetration-testing,subdomain-discovery,port-scanning,technology-detection,vulnerability-assessment,automation,infosec,cybersecurity,hacking,ethical-hacking
16
+ Classifier: Development Status :: 5 - Production/Stable
17
+ Classifier: Environment :: Console
18
+ Classifier: Intended Audience :: Information Technology
19
+ Classifier: Intended Audience :: System Administrators
20
+ Classifier: Intended Audience :: Developers
21
+ Classifier: License :: OSI Approved :: MIT License
22
+ Classifier: Natural Language :: English
23
+ Classifier: Operating System :: OS Independent
24
+ Classifier: Programming Language :: Python :: 3
25
+ Classifier: Programming Language :: Python :: 3.9
26
+ Classifier: Programming Language :: Python :: 3.10
27
+ Classifier: Programming Language :: Python :: 3.11
28
+ Classifier: Programming Language :: Python :: 3.12
29
+ Classifier: Topic :: Internet
30
+ Classifier: Topic :: Security
31
+ Classifier: Topic :: System :: Networking
32
+ Classifier: Topic :: System :: Monitoring
33
+ Classifier: Topic :: Utilities
34
+ Requires-Python: >=3.9
35
+ Description-Content-Type: text/markdown
36
+ License-File: LICENSE
37
+ Requires-Dist: click>=8.0.0
38
+ Requires-Dist: rich>=13.0.0
39
+ Requires-Dist: requests>=2.28.0
40
+ Provides-Extra: dev
41
+ Requires-Dist: pytest>=7.0.0; extra == "dev"
42
+ Requires-Dist: pytest-cov>=4.0.0; extra == "dev"
43
+ Requires-Dist: black>=23.0.0; extra == "dev"
44
+ Requires-Dist: flake8>=6.0.0; extra == "dev"
45
+ Requires-Dist: mypy>=1.0.0; extra == "dev"
46
+ Requires-Dist: isort>=5.12.0; extra == "dev"
47
+ Requires-Dist: bandit>=1.7.0; extra == "dev"
48
+ Requires-Dist: safety>=2.0.0; extra == "dev"
49
+ Requires-Dist: pip-audit>=2.0.0; extra == "dev"
50
+ Requires-Dist: pre-commit>=3.0.0; extra == "dev"
51
+ Dynamic: author
52
+ Dynamic: home-page
53
+ Dynamic: license-file
54
+ Dynamic: requires-python
55
+
56
+ # ReconForge
57
+
58
+ ```text
59
+ ____ _____ ____ ___ _ _ _____ ___ ____ ____ _____
60
+ | _ \| ____/ ___/ _ \| \ | | ___/ _ \| _ \ / ___| ____|
61
+ | |_) | _|| | | | | | \| | |_ | | | | |_) | | _| _|
62
+ | _ <| |__| |__| |_| | |\ | _|| |_| | _ <| |_| | |___
63
+ |_| \_\_____\____\___/|_| \_|_| \___/|_| \_\\____|_____|
64
+ ```
65
+
66
+ [![Python](https://img.shields.io/badge/python-3.9%2B-blue.svg)](#installation)
67
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
68
+ [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](#contributing)
69
+ [![GitHub stars](https://img.shields.io/github/stars/ferasbusiness666/reconforge?style=social)](https://github.com/ferasbusiness666/ReconForge)
70
+ [![GitHub issues](https://img.shields.io/github/issues/ferasbusiness666/reconforge)](https://github.com/ferasbusiness666/ReconForge/issues)
71
+
72
+ **AI-assisted recon toolkit for bug bounty hunters and security researchers**
73
+
74
+ ReconForge combines practical recon automation with AI triage prompts so authorized testers can move from raw findings to prioritized hypotheses faster. Built for speed, reliability, and ease of use.
75
+
76
+ ## ✨ Features
77
+
78
+ - 🔎 **Subdomain Discovery** - Find subdomains from certificate transparency data via crt.sh
79
+ - ⚡ **Concurrent Port Scanning** - Fast multi-port scanning with ThreadPoolExecutor
80
+ - 🧬 **Technology Detection** - Identify tech stacks from headers, cookies, and body signals
81
+ - 🧭 **Scope Checking** - Validate targets against exact hosts, wildcards, IP ranges, and CIDR blocks
82
+ - 📄 **Markdown Reports** - Professional reports with findings, technologies, and collection notes
83
+ - 🤖 **AI Triage Prompts** - Structured prompts for analyzing HTTP responses, auth flows, APIs, and more
84
+ - 🎨 **Rich Terminal Output** - Beautiful tables, status indicators, and progress spinners
85
+ - 🚀 **Production Ready** - Comprehensive tests, CI/CD, and error handling
86
+
87
+ ## 🚀 Quick Start
88
+
89
+ ### Installation
90
+
91
+ ```bash
92
+ # Install from PyPI (coming soon)
93
+ pip install reconforge
94
+
95
+ # Or install from source
96
+ git clone https://github.com/ferasbusiness666/ReconForge.git
97
+ cd ReconForge
98
+ pip install .
99
+ ```
100
+
101
+ ### Basic Usage
102
+
103
+ ```bash
104
+ # Discover subdomains
105
+ reconforge subdomains -d example.com
106
+
107
+ # Scan common ports
108
+ reconforge portscan -t api.example.com
109
+
110
+ # Detect technologies
111
+ reconforge techdetect -u https://api.example.com
112
+
113
+ # Check scope
114
+ reconforge scopecheck -t targets.txt -s scope.txt
115
+
116
+ # Generate full report
117
+ reconforge report -d example.com --output report.md
118
+ ```
119
+
120
+ ## 📖 Detailed Usage
121
+
122
+ ### Subdomain Discovery
123
+
124
+ Discover subdomains using certificate transparency logs:
125
+
126
+ ```bash
127
+ reconforge subdomains -d example.com
128
+ ```
129
+
130
+ **Output:**
131
+ ```
132
+ Subdomains for example.com
133
+ ┏━━━━┳━━━━━━━━━━━━━━━━━━━┓
134
+ ┃ # ┃ Subdomain ┃
135
+ ┡━━━━╇━━━━━━━━━━━━━━━━━━━┩
136
+ │ 1 │ api.example.com │
137
+ │ 2 │ login.example.com │
138
+ │ 3 │ www.example.com │
139
+ └────┴───────────────────┘
140
+ Total: 3
141
+ ```
142
+
143
+ ### Port Scanning
144
+
145
+ Scan common ports with concurrent scanning for speed:
146
+
147
+ ```bash
148
+ # Default: scan common ports (80, 443, 8080, 8443, 22, 21, 3306, 6379)
149
+ reconforge portscan -t api.example.com
150
+
151
+ # Custom ports
152
+ reconforge portscan -t api.example.com --ports 80,443,3000,5000
153
+ ```
154
+
155
+ **Output:**
156
+ ```
157
+ Port scan for api.example.com
158
+ ┏━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
159
+ ┃ Port ┃ Status ┃ Banner / Note ┃
160
+ ┡━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
161
+ │ 80 │ 🟢 open │ HTTP/1.1 301 Moved Permanently │
162
+ │ 443 │ 🟢 open │ No banner │
163
+ │ 8080 │ 🔴 closed │ Connection refused │
164
+ └──────┴───────────┴─────────────────────────────────┘
165
+ ```
166
+
167
+ ### Technology Detection
168
+
169
+ Fingerprint web technologies from HTTP headers and response body:
170
+
171
+ ```bash
172
+ reconforge techdetect -u https://api.example.com
173
+ ```
174
+
175
+ **Output:**
176
+ ```
177
+ Final URL: https://api.example.com/
178
+ HTTP status: 200
179
+
180
+ Detected Technologies
181
+ ┏━━━━━━━━━━━━━━━━━━━━━━━━━┓
182
+ ┃ Technology ┃
183
+ ┡━━━━━━━━━━━━━━━━━━━━━━━━━┩
184
+ │ nginx │
185
+ │ HSTS │
186
+ │ Content Security Policy │
187
+ └─────────────────────────┘
188
+ ```
189
+
190
+ ### Scope Checking
191
+
192
+ Validate targets against your bug bounty scope:
193
+
194
+ ```bash
195
+ reconforge scopecheck -t targets.txt -s scope.txt
196
+ ```
197
+
198
+ **scope.txt:**
199
+ ```
200
+ example.com
201
+ *.example.com
202
+ 192.0.2.0/24
203
+ ```
204
+
205
+ **targets.txt:**
206
+ ```
207
+ api.example.com
208
+ login.example.com
209
+ thirdparty.net
210
+ 192.0.2.50
211
+ ```
212
+
213
+ **Output:**
214
+ ```
215
+ In-Scope Targets
216
+ ┏━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
217
+ ┃ Target ┃ Reason ┃
218
+ ┡━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
219
+ │ api.example.com │ matched wildcard *.example.com │
220
+ │ 192.0.2.50 │ matched CIDR 192.0.2.0/24 │
221
+ └───────────────────┴────────────────────────────┘
222
+
223
+ Out-of-Scope Targets
224
+ ┏━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━┓
225
+ ┃ Target ┃ Reason ┃
226
+ ┡━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━┩
227
+ │ thirdparty.net │ no scope rule matched │
228
+ └────────────────────┴───────────────────────┘
229
+ ```
230
+
231
+ ### Generate Report
232
+
233
+ Create a comprehensive markdown report combining all findings:
234
+
235
+ ```bash
236
+ reconforge report -d example.com --output report.md
237
+ ```
238
+
239
+ See [`examples/example_report.md`](examples/example_report.md) for a sample report.
240
+
241
+ ## 🤖 AI Triage Prompts
242
+
243
+ ReconForge includes a library of AI-assisted triage prompts in [`prompts/ai_triage.md`](prompts/ai_triage.md) for analyzing:
244
+
245
+ - HTTP responses and headers
246
+ - Authentication and session flows
247
+ - Sensitive and admin-looking endpoints
248
+ - JavaScript routes and feature flags
249
+ - API authorization patterns
250
+ - Parameter anomalies
251
+ - Finding prioritization
252
+
253
+ **Important:** Always remove secrets, tokens, and proprietary data before pasting into any AI system.
254
+
255
+ ## 🛠 Development
256
+
257
+ ### Setup Development Environment
258
+
259
+ ```bash
260
+ git clone https://github.com/ferasbusiness666/ReconForge.git
261
+ cd ReconForge
262
+ python -m venv venv
263
+ source venv/bin/activate
264
+ pip install -r requirements-dev.txt
265
+ pip install -e .
266
+ ```
267
+
268
+ ### Running Tests
269
+
270
+ ```bash
271
+ # All tests
272
+ pytest
273
+
274
+ # With coverage
275
+ pytest --cov=reconforge
276
+
277
+ # Specific test file
278
+ pytest tests/test_subdomains.py -v
279
+ ```
280
+
281
+ ### Code Quality
282
+
283
+ ```bash
284
+ # Format code
285
+ black reconforge tests
286
+
287
+ # Lint
288
+ flake8 reconforge tests
289
+
290
+ # Type check
291
+ mypy reconforge
292
+
293
+ # Sort imports
294
+ isort reconforge tests
295
+ ```
296
+
297
+ ## 📋 Project Structure
298
+
299
+ ```
300
+ reconforge/
301
+ __init__.py # Package metadata
302
+ cli.py # CLI commands
303
+ subdomains.py # Subdomain discovery
304
+ portscan.py # Port scanning with concurrency
305
+ techdetect.py # Technology detection
306
+ scopecheck.py # Scope validation
307
+ report.py # Report generation
308
+ prompts/
309
+ ai_triage.md # AI triage prompt library
310
+ tests/
311
+ test_*.py # Unit tests
312
+ examples/
313
+ example_report.md # Sample generated report
314
+ .github/workflows/
315
+ ci.yml # GitHub Actions CI/CD
316
+ requirements.txt # Runtime dependencies
317
+ requirements-dev.txt # Development dependencies
318
+ setup.py # Package configuration
319
+ ```
320
+
321
+ ## 🎯 Why ReconForge?
322
+
323
+ ### Avoid Out-of-Scope Mistakes
324
+
325
+ Bug bounty scope can include exact hosts, wildcard subdomains, and IP ranges while excluding third-party systems. ReconForge's scope checker separates in-scope and out-of-scope targets before testing.
326
+
327
+ ### Reduce Manual Recon Time
328
+
329
+ Manual recon means jumping between CT logs, socket checks, browser tabs, and notes. ReconForge provides an auditable workflow for common first-pass tasks with easy-to-copy output.
330
+
331
+ ### Bring AI Into Recon
332
+
333
+ ReconForge includes model-agnostic AI triage prompts that help analyze findings while keeping final validation in your hands.
334
+
335
+ ## 🔒 Security & Ethics
336
+
337
+ ReconForge is intended **only for systems you own or have explicit permission to test**. You are responsible for:
338
+
339
+ - Following program scope and rules of engagement
340
+ - Complying with all applicable laws and regulations
341
+ - Respecting rate limits and terms of service
342
+ - Using only on authorized targets
343
+
344
+ ## 📝 License
345
+
346
+ MIT License - see [`LICENSE`](LICENSE) for details.
347
+
348
+ ## 🤝 Contributing
349
+
350
+ Contributions are welcome! See [`CONTRIBUTING.md`](CONTRIBUTING.md) for guidelines.
351
+
352
+ ## 📚 Resources
353
+
354
+ - [Bug Bounty Platforms](https://www.bugcrowd.com) - Find authorized programs
355
+ - [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/) - Testing methodology
356
+ - [PortSwigger Web Security](https://portswigger.net/web-security) - Security training
357
+
358
+ ## 🙏 Acknowledgments
359
+
360
+ Built with ❤️ for the security research community.
361
+
362
+ ---
363
+
364
+ **Questions?** Open an [issue](https://github.com/ferasbusiness666/ReconForge/issues) or check the [discussions](https://github.com/ferasbusiness666/ReconForge/discussions).
@@ -0,0 +1,309 @@
1
+ # ReconForge
2
+
3
+ ```text
4
+ ____ _____ ____ ___ _ _ _____ ___ ____ ____ _____
5
+ | _ \| ____/ ___/ _ \| \ | | ___/ _ \| _ \ / ___| ____|
6
+ | |_) | _|| | | | | | \| | |_ | | | | |_) | | _| _|
7
+ | _ <| |__| |__| |_| | |\ | _|| |_| | _ <| |_| | |___
8
+ |_| \_\_____\____\___/|_| \_|_| \___/|_| \_\\____|_____|
9
+ ```
10
+
11
+ [![Python](https://img.shields.io/badge/python-3.9%2B-blue.svg)](#installation)
12
+ [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
13
+ [![PRs Welcome](https://img.shields.io/badge/PRs-welcome-brightgreen.svg)](#contributing)
14
+ [![GitHub stars](https://img.shields.io/github/stars/ferasbusiness666/reconforge?style=social)](https://github.com/ferasbusiness666/ReconForge)
15
+ [![GitHub issues](https://img.shields.io/github/issues/ferasbusiness666/reconforge)](https://github.com/ferasbusiness666/ReconForge/issues)
16
+
17
+ **AI-assisted recon toolkit for bug bounty hunters and security researchers**
18
+
19
+ ReconForge combines practical recon automation with AI triage prompts so authorized testers can move from raw findings to prioritized hypotheses faster. Built for speed, reliability, and ease of use.
20
+
21
+ ## ✨ Features
22
+
23
+ - 🔎 **Subdomain Discovery** - Find subdomains from certificate transparency data via crt.sh
24
+ - ⚡ **Concurrent Port Scanning** - Fast multi-port scanning with ThreadPoolExecutor
25
+ - 🧬 **Technology Detection** - Identify tech stacks from headers, cookies, and body signals
26
+ - 🧭 **Scope Checking** - Validate targets against exact hosts, wildcards, IP ranges, and CIDR blocks
27
+ - 📄 **Markdown Reports** - Professional reports with findings, technologies, and collection notes
28
+ - 🤖 **AI Triage Prompts** - Structured prompts for analyzing HTTP responses, auth flows, APIs, and more
29
+ - 🎨 **Rich Terminal Output** - Beautiful tables, status indicators, and progress spinners
30
+ - 🚀 **Production Ready** - Comprehensive tests, CI/CD, and error handling
31
+
32
+ ## 🚀 Quick Start
33
+
34
+ ### Installation
35
+
36
+ ```bash
37
+ # Install from PyPI (coming soon)
38
+ pip install reconforge
39
+
40
+ # Or install from source
41
+ git clone https://github.com/ferasbusiness666/ReconForge.git
42
+ cd ReconForge
43
+ pip install .
44
+ ```
45
+
46
+ ### Basic Usage
47
+
48
+ ```bash
49
+ # Discover subdomains
50
+ reconforge subdomains -d example.com
51
+
52
+ # Scan common ports
53
+ reconforge portscan -t api.example.com
54
+
55
+ # Detect technologies
56
+ reconforge techdetect -u https://api.example.com
57
+
58
+ # Check scope
59
+ reconforge scopecheck -t targets.txt -s scope.txt
60
+
61
+ # Generate full report
62
+ reconforge report -d example.com --output report.md
63
+ ```
64
+
65
+ ## 📖 Detailed Usage
66
+
67
+ ### Subdomain Discovery
68
+
69
+ Discover subdomains using certificate transparency logs:
70
+
71
+ ```bash
72
+ reconforge subdomains -d example.com
73
+ ```
74
+
75
+ **Output:**
76
+ ```
77
+ Subdomains for example.com
78
+ ┏━━━━┳━━━━━━━━━━━━━━━━━━━┓
79
+ ┃ # ┃ Subdomain ┃
80
+ ┡━━━━╇━━━━━━━━━━━━━━━━━━━┩
81
+ │ 1 │ api.example.com │
82
+ │ 2 │ login.example.com │
83
+ │ 3 │ www.example.com │
84
+ └────┴───────────────────┘
85
+ Total: 3
86
+ ```
87
+
88
+ ### Port Scanning
89
+
90
+ Scan common ports with concurrent scanning for speed:
91
+
92
+ ```bash
93
+ # Default: scan common ports (80, 443, 8080, 8443, 22, 21, 3306, 6379)
94
+ reconforge portscan -t api.example.com
95
+
96
+ # Custom ports
97
+ reconforge portscan -t api.example.com --ports 80,443,3000,5000
98
+ ```
99
+
100
+ **Output:**
101
+ ```
102
+ Port scan for api.example.com
103
+ ┏━━━━━━┳━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
104
+ ┃ Port ┃ Status ┃ Banner / Note ┃
105
+ ┡━━━━━━╇━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
106
+ │ 80 │ 🟢 open │ HTTP/1.1 301 Moved Permanently │
107
+ │ 443 │ 🟢 open │ No banner │
108
+ │ 8080 │ 🔴 closed │ Connection refused │
109
+ └──────┴───────────┴─────────────────────────────────┘
110
+ ```
111
+
112
+ ### Technology Detection
113
+
114
+ Fingerprint web technologies from HTTP headers and response body:
115
+
116
+ ```bash
117
+ reconforge techdetect -u https://api.example.com
118
+ ```
119
+
120
+ **Output:**
121
+ ```
122
+ Final URL: https://api.example.com/
123
+ HTTP status: 200
124
+
125
+ Detected Technologies
126
+ ┏━━━━━━━━━━━━━━━━━━━━━━━━━┓
127
+ ┃ Technology ┃
128
+ ┡━━━━━━━━━━━━━━━━━━━━━━━━━┩
129
+ │ nginx │
130
+ │ HSTS │
131
+ │ Content Security Policy │
132
+ └─────────────────────────┘
133
+ ```
134
+
135
+ ### Scope Checking
136
+
137
+ Validate targets against your bug bounty scope:
138
+
139
+ ```bash
140
+ reconforge scopecheck -t targets.txt -s scope.txt
141
+ ```
142
+
143
+ **scope.txt:**
144
+ ```
145
+ example.com
146
+ *.example.com
147
+ 192.0.2.0/24
148
+ ```
149
+
150
+ **targets.txt:**
151
+ ```
152
+ api.example.com
153
+ login.example.com
154
+ thirdparty.net
155
+ 192.0.2.50
156
+ ```
157
+
158
+ **Output:**
159
+ ```
160
+ In-Scope Targets
161
+ ┏━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
162
+ ┃ Target ┃ Reason ┃
163
+ ┡━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
164
+ │ api.example.com │ matched wildcard *.example.com │
165
+ │ 192.0.2.50 │ matched CIDR 192.0.2.0/24 │
166
+ └───────────────────┴────────────────────────────┘
167
+
168
+ Out-of-Scope Targets
169
+ ┏━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━┓
170
+ ┃ Target ┃ Reason ┃
171
+ ┡━━━━━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━┩
172
+ │ thirdparty.net │ no scope rule matched │
173
+ └────────────────────┴───────────────────────┘
174
+ ```
175
+
176
+ ### Generate Report
177
+
178
+ Create a comprehensive markdown report combining all findings:
179
+
180
+ ```bash
181
+ reconforge report -d example.com --output report.md
182
+ ```
183
+
184
+ See [`examples/example_report.md`](examples/example_report.md) for a sample report.
185
+
186
+ ## 🤖 AI Triage Prompts
187
+
188
+ ReconForge includes a library of AI-assisted triage prompts in [`prompts/ai_triage.md`](prompts/ai_triage.md) for analyzing:
189
+
190
+ - HTTP responses and headers
191
+ - Authentication and session flows
192
+ - Sensitive and admin-looking endpoints
193
+ - JavaScript routes and feature flags
194
+ - API authorization patterns
195
+ - Parameter anomalies
196
+ - Finding prioritization
197
+
198
+ **Important:** Always remove secrets, tokens, and proprietary data before pasting into any AI system.
199
+
200
+ ## 🛠 Development
201
+
202
+ ### Setup Development Environment
203
+
204
+ ```bash
205
+ git clone https://github.com/ferasbusiness666/ReconForge.git
206
+ cd ReconForge
207
+ python -m venv venv
208
+ source venv/bin/activate
209
+ pip install -r requirements-dev.txt
210
+ pip install -e .
211
+ ```
212
+
213
+ ### Running Tests
214
+
215
+ ```bash
216
+ # All tests
217
+ pytest
218
+
219
+ # With coverage
220
+ pytest --cov=reconforge
221
+
222
+ # Specific test file
223
+ pytest tests/test_subdomains.py -v
224
+ ```
225
+
226
+ ### Code Quality
227
+
228
+ ```bash
229
+ # Format code
230
+ black reconforge tests
231
+
232
+ # Lint
233
+ flake8 reconforge tests
234
+
235
+ # Type check
236
+ mypy reconforge
237
+
238
+ # Sort imports
239
+ isort reconforge tests
240
+ ```
241
+
242
+ ## 📋 Project Structure
243
+
244
+ ```
245
+ reconforge/
246
+ __init__.py # Package metadata
247
+ cli.py # CLI commands
248
+ subdomains.py # Subdomain discovery
249
+ portscan.py # Port scanning with concurrency
250
+ techdetect.py # Technology detection
251
+ scopecheck.py # Scope validation
252
+ report.py # Report generation
253
+ prompts/
254
+ ai_triage.md # AI triage prompt library
255
+ tests/
256
+ test_*.py # Unit tests
257
+ examples/
258
+ example_report.md # Sample generated report
259
+ .github/workflows/
260
+ ci.yml # GitHub Actions CI/CD
261
+ requirements.txt # Runtime dependencies
262
+ requirements-dev.txt # Development dependencies
263
+ setup.py # Package configuration
264
+ ```
265
+
266
+ ## 🎯 Why ReconForge?
267
+
268
+ ### Avoid Out-of-Scope Mistakes
269
+
270
+ Bug bounty scope can include exact hosts, wildcard subdomains, and IP ranges while excluding third-party systems. ReconForge's scope checker separates in-scope and out-of-scope targets before testing.
271
+
272
+ ### Reduce Manual Recon Time
273
+
274
+ Manual recon means jumping between CT logs, socket checks, browser tabs, and notes. ReconForge provides an auditable workflow for common first-pass tasks with easy-to-copy output.
275
+
276
+ ### Bring AI Into Recon
277
+
278
+ ReconForge includes model-agnostic AI triage prompts that help analyze findings while keeping final validation in your hands.
279
+
280
+ ## 🔒 Security & Ethics
281
+
282
+ ReconForge is intended **only for systems you own or have explicit permission to test**. You are responsible for:
283
+
284
+ - Following program scope and rules of engagement
285
+ - Complying with all applicable laws and regulations
286
+ - Respecting rate limits and terms of service
287
+ - Using only on authorized targets
288
+
289
+ ## 📝 License
290
+
291
+ MIT License - see [`LICENSE`](LICENSE) for details.
292
+
293
+ ## 🤝 Contributing
294
+
295
+ Contributions are welcome! See [`CONTRIBUTING.md`](CONTRIBUTING.md) for guidelines.
296
+
297
+ ## 📚 Resources
298
+
299
+ - [Bug Bounty Platforms](https://www.bugcrowd.com) - Find authorized programs
300
+ - [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/) - Testing methodology
301
+ - [PortSwigger Web Security](https://portswigger.net/web-security) - Security training
302
+
303
+ ## 🙏 Acknowledgments
304
+
305
+ Built with ❤️ for the security research community.
306
+
307
+ ---
308
+
309
+ **Questions?** Open an [issue](https://github.com/ferasbusiness666/ReconForge/issues) or check the [discussions](https://github.com/ferasbusiness666/ReconForge/discussions).