README.md

🃏 Rankle - Web Infrastructure Reconnaissance Tool

Named after Rankle, Master of Pranks from Magic: The Gathering - a legendary faerie who excels at uncovering secrets.

A comprehensive web infrastructure analyzer using 100% Open Source Python libraries with no API keys required.

Features: Modular architecture with centralized configuration, retry logic, and concurrent scanning!

---

🚀 Quick Start

# Install dependencies
pip install -r requirements.txt

# Run scan
python main.py example.com

# Save results
python main.py example.com -o json

Docker:

docker build -t rankle .
docker run --rm rankle example.com

---

📚 Documentation

Complete documentation is now available in the docs/ directory:

Getting Started

• Installation & Quick Start - Install Rankle and run your first scan
• Usage Guide - Command-line options and output formats

Technical Documentation

• Architecture - Modular design, key classes, and patterns
• Detection Capabilities - CMS, CDN, WAF, cloud providers
• API Reference - Core classes and modules

Development

• Contributing Guide - How to contribute to Rankle
• Development Setup - Environment configuration
• Testing - pytest, coverage, pre-commit hooks
• Utility Scripts - Demo and diagnostic scripts

Claude Code Skills

• Skills Overview - Custom Claude Code skills for development
• Workflows - Common development patterns

Additional Resources

• CHANGELOG.md - Version history and release notes
• SECURITY.md - Security policy and vulnerability reporting

---

🎯 Key Features

• Enhanced Technology Detection - Confidence scoring (0-100%), version detection, 30+ technologies
• CMS Detection - 16+ systems including enhanced Drupal detection (15+ patterns)
• Cloud Provider Detection - 14+ providers with ASN matching and confidence scoring
• CDN Detection - 20+ providers including TransparentEdge, Cloudflare, Akamai
• WAF Detection - 15+ solutions including Imperva, Sucuri, ModSecurity
• Origin Discovery - Find real infrastructure behind WAF/CDN (5 passive techniques)
• Advanced Fingerprinting - 8 techniques: HTTP methods, API discovery, exposed files
• DNS Enumeration - Complete analysis (A, AAAA, MX, NS, TXT, SOA, CNAME)
• Subdomain Discovery - Via Certificate Transparency logs (crt.sh)
• JavaScript Libraries - Detect 15+ libraries: jQuery, React, Vue, Angular

---

📦 Installation

Requirements

• Python 3.11 or higher
• Docker (optional)

Python Installation

# Required dependencies
pip install requests dnspython beautifulsoup4

# Or install all at once
pip install -r requirements.txt

# For development
pip install -e ".[dev]"
pre-commit install

Docker Installation

git clone https://github.com/javicosvml/rankle.git
cd rankle
docker build -t rankle .

See Installation Guide for detailed instructions.

---

💻 Usage

# Basic scan (terminal output only)
python main.py example.com

# Save as JSON (for automation)
python main.py example.com -o json

# Save as text report (human-readable)
python main.py example.com -o text

# Save both formats
python main.py example.com -o both

# Verbose output
python main.py example.com -v

Docker Usage

# Basic scan
docker run --rm rankle example.com

# Save output
docker run --rm -v $(pwd)/output:/output rankle example.com -o json

See Usage Guide for more examples.

---

🔍 Detection Capabilities

Rankle can detect and analyze:

• 16+ CMS - WordPress, Drupal, Joomla, Magento, Shopify, and more
• 20+ CDN Providers - TransparentEdge, Cloudflare, Akamai, Fastly, AWS CloudFront
• 15+ WAF Solutions - Imperva, Sucuri, ModSecurity, PerimeterX, DataDome
• 14+ Cloud Providers - AWS, Azure, GCP, DigitalOcean, OVH, Hetzner
• 15+ JavaScript Libraries - jQuery, Bootstrap, React, Vue, Angular
• API Endpoints - 15+ common paths including GraphQL, Swagger, health checks
• Exposed Files - Version control, backups, config files, development files
• Security Headers - X-Frame-Options, CSP, HSTS, and more

See Detection Capabilities for complete details.

---

🔗 Integration Examples

Nuclei

# Direct subdomain pipe
python main.py example.com -o json | jq -r '.subdomains[]' | nuclei -l -

Nmap

# Scan discovered IPs
cat scan.json | jq -r '.dns.A[]' | nmap -iL - -sV

httpx

# Verify live hosts
cat scan.json | jq -r '.subdomains[]' | httpx -silent | nuclei -l -

See Integration Examples for complete pipelines.

---

🏗️ Architecture

Rankle follows Python 3.11+ best practices with modern packaging:

rankle/
├── pyproject.toml          # Modern Python packaging (PEP 621)
├── main.py                 # Entry point
├── rankle/                 # Main package
│   ├── core/              # Scanner & session management
│   ├── modules/           # Reconnaissance modules (DNS, SSL, etc.)
│   ├── detectors/         # Technology detectors (CMS, CDN, WAF)
│   └── utils/             # Utilities and helpers
├── config/                 # Configuration & patterns
└── tests/                  # Unit tests (pytest)

Key Features:

• ✅ Modular architecture with lazy initialization
• ✅ Centralized configuration in config/
• ✅ Automatic retry logic with exponential backoff
• ✅ Concurrent scanning with ThreadPoolExecutor
• ✅ Connection pooling for HTTP sessions
• ✅ Full type hints (Python 3.11+)

See Architecture Documentation for details.

---

🤝 Contributing

Contributions are welcome! Please see Contributing Guide for detailed guidelines.

Quick Contribution Guide

1. Fork the repository
2. Create a feature branch: git checkout -b feature/amazing-feature
3. Make your changes
4. Test: python main.py example.com
5. Commit: git commit -m "Add: Amazing feature"
6. Push: git push origin feature/amazing-feature
7. Open a Pull Request

Areas for Contribution

High Priority:

• Additional CMS fingerprints (Django, Laravel, Rails)
• More CDN providers (regional CDNs)
• Enhanced WAF detection patterns
• Version detection improvements

See Development Guide for complete details.

---

🛡️ Security & Best Practices

Authorized Use Only:

• ✅ Authorized penetration testing
• ✅ Bug bounty programs (with permission)
• ✅ Security research (on your own systems)
• ✅ Educational purposes

Prohibited Use:

• ❌ Unauthorized access attempts
• ❌ Malicious reconnaissance
• ❌ Illegal activities

Security Features:

• No shell injection (never uses shell=True)
• Input validation with regex
• Timeout controls
• Graceful error handling
• Realistic User-Agent headers

See SECURITY.md for responsible use guidelines.

---

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

Disclaimer

This tool is provided for educational and authorized security testing purposes only.

Users must:

• Obtain proper authorization before scanning any target
• Comply with all applicable laws and regulations
• Use the tool responsibly and ethically

The authors and contributors are not responsible for any misuse or damage caused by this software.

---

🙏 Acknowledgments

• Named after Rankle, Master of Pranks from Magic: The Gathering
• Built with 100% Open Source libraries
• No API keys required
• Community-driven development

---

📞 Support & Contact

• Documentation: docs/
• Issues: GitHub Issues
• Discussions: GitHub Discussions
• Security: SECURITY.md

---

🔗 Links

• Repository: https://github.com/javicosvml/rankle
• Documentation: docs/
• Changelog: CHANGELOG.md

---

🃏 Rankle: Master of Pranks knows all your secrets

Made with ❤️ by the security community