Modular, distro-aware, self-healing reconnaissance toolkit. Built for pentesters who don't waste time fixing broken environments.
Documentation · Quick Start · Modules · Auto-Update · Plugins · Contributing · Roadmap
recon-kit is a senior-level modular reconnaissance toolkit written entirely in Bash.
It detects your Linux distribution automatically, resolves and installs every missing dependency through your native package manager, runs 6 independent recon modules with live visual feedback, auto-recovers from tool failures through its built-in AUTOFIX engine, and produces a structured Markdown report — all without any manual configuration.
One command. Any distro. Full recon.
git clone https://github.com/wavegxz-design/recon-kit
cd recon-kit && chmod +x recon-kit.sh
# Interactive mode
./recon-kit.sh -t target.com
# Full scan, all modules
./recon-kit.sh -t target.com -m all
# Full scan with UDP (root required)
sudo ./recon-kit.sh -t target.com -m all
⚠️ Authorized targets only. Unauthorized reconnaissance is illegal.
| Module | Flag | Tools | What it does |
|---|---|---|---|
| 🔍 WHOIS | whois |
whois | Registrar, creation/expiry dates, nameservers — auto-extracts root domain from subdomains |
| 🌐 DNS | dns |
dig | A, AAAA, MX, NS, TXT, SOA, SRV, CAA, DMARC — plus zone transfer attempt |
| 🕵️ Subdomains | subdomains |
subfinder, dig | Passive discovery via subfinder + 35-entry active brute force |
| 🔌 Port Scan | portscan |
nmap | Quick top-1000 · Full TCP 65535 (background) · UDP top-100 (root) |
| 🕸️ Web Recon | web |
curl, httpx, whatweb | Security headers audit · tech fingerprint · robots.txt · live hosts |
| 🔐 SSL/TLS | cert |
openssl | Subject, issuer, SANs, expiry countdown, weak cipher detection |
Run specific modules:
./recon-kit.sh -t target.com -m whois,dns,portscan
./recon-kit.sh -t target.com -m subdomains,web,cert| Family | Distributions | Package Manager | Status |
|---|---|---|---|
| Debian | Kali Linux · Parrot OS · Ubuntu · Debian · Linux Mint · Pop!_OS | apt |
✅ Stable |
| Arch | Arch Linux · Manjaro · EndeavourOS · BlackArch | pacman |
✅ Stable |
| RHEL | Fedora · CentOS · RHEL · Rocky Linux · AlmaLinux | dnf |
✅ Stable |
| SUSE | openSUSE Leap · Tumbleweed | zypper |
🔄 Beta |
recon-kit never crashes silently. When a tool fails or is missing, the AUTOFIX engine runs a 4-step recovery chain before skipping any module:
┌─────────────────────────────────────────────────────────────┐
│ AUTOFIX RECOVERY CHAIN │
├──────┬──────────────────────────────────────────────────────┤
│ 01 │ Reinstall via package manager / go install / gem │
│ 02 │ Repair binary permissions (chmod +x) │
│ 03 │ Switch to available alternative tool │
│ 04 │ Retry with --fix-missing or distro equivalent │
└──────┴──────────────────────────────────────────────────────┘
Every failure is timestamped and logged to recon.log. Nothing is swallowed.
recon-kit includes a built-in update system with backup and rollback support — no manual file replacement needed.
# Check and apply latest update interactively
./recon-kit.sh --update
# Check for updates without installing
./recon-kit.sh --check
# Roll back to a previous version from backup
./recon-kit.sh --rollback
# Run the update module standalone
bash update.sh
bash update.sh --check
bash update.sh --rollback┌─────────────────────────────────────────────────────────────┐
│ UPDATE SAFETY CHAIN │
├──────┬──────────────────────────────────────────────────────┤
│ 01 │ Fetch latest release tag from GitHub API │
│ 02 │ Show changelog between current → latest │
│ 03 │ Backup current version with timestamp │
│ 04 │ Download new version to /tmp │
│ 05 │ Validate bash syntax (bash -n) │
│ 06 │ Verify VERSION= matches release tag │
│ 07 │ Replace script · if fails → auto-restore backup │
└──────┴──────────────────────────────────────────────────────┘
On every launch, recon-kit silently checks for updates once per 24 hours in a background process — no delay on startup. If a new version is available, a notice appears alongside the banner:
┌────────────────────────────────────────────────────────┐
│ Update available: 2.1.0 → 2.2.0 │
│ Run: ./recon-kit.sh --update │
│ krypthane.workernova.workers.dev │
└────────────────────────────────────────────────────────┘
Every update creates a timestamped backup. The --rollback flag shows an interactive menu to restore any previous version:
./recon-kit.sh --rollback
Available backups:
──────────────────────────────────────────────────────────
1) recon-kit_backup_20260321_172135.sh (v2.0.0)
2) recon-kit_backup_20260318_091020.sh (v1.0.0)
──────────────────────────────────────────────────────────
[>] Select backup (1-2):Extend recon-kit without touching the core. Drop any .sh file into ~/.recon-kit/plugins/ — it loads automatically on startup.
Plugin template:
# PLUGIN: my-module
# DESC: One-line description of what this does
# AUTHOR: yourhandle
plugin_mymodule() {
section "MY MODULE — $TARGET"
# log() info() warn() err() act() for consistent output
local out="$OUTPUT_DIR/plugins/mymodule.txt"
log "Done → $out"
}Invoke it:
./recon-kit.sh -t target.com -m mymodule
./recon-kit.sh -p # list all installed plugins📚 Community plugins → wiki/plugins
Every scan produces a timestamped, self-contained output directory:
~/.recon-kit/output/
└── target_com_20260321_143055/
│
├── REPORT.md ← Executive summary (Markdown)
├── recon.log ← Full timestamped operation log
│
├── whois/
│ └── whois.txt ← Queried against root domain
│
├── dns/
│ ├── records.txt ← All DNS record types
│ └── axfr.txt ← Zone transfer result
│
├── subdomains/
│ ├── subfinder.txt
│ ├── bruteforce.txt
│ └── all.txt ← Deduplicated master list
│
├── nmap/
│ ├── quick.txt / quick.xml ← Top 1000 ports + versions
│ ├── full.txt ← All 65535 TCP (background)
│ └── udp.txt ← UDP top 100 (root only)
│
├── web/
│ ├── whatweb.txt
│ └── live_hosts.txt
│
├── headers/
│ ├── https.txt / http.txt
│ └── security_audit.txt ← Missing headers report
│
├── cert/
│ └── cert.txt
│
└── plugins/ ← Output from custom plugins
# recon-kit Report — target.com
| Field | Value |
|----------|----------------------------|
| Target | target.com |
| Date | 2026-03-21 14:30:55 |
| Duration | 142s |
| Distro | kali (debian) |
| Operator | krypthane | wavegxz-design |
## Summary
| Metric | Result |
|---------------------|--------|
| Open ports (quick) | 7 |
| Subdomains found | 23 |
| Missing sec headers | 3 |
| Modules run | 6 || Topic | Link |
|---|---|
| Installation guide | docs/install.md |
| Module reference | docs/modules.md |
| Plugin development | wiki/plugins |
| AUTOFIX internals | docs/autofix.md |
| Update system | docs/update.md |
| Changelog | CHANGELOG.md |
v2.2
- Shodan / Censys API integration module
- Nuclei vulnerability scanning module
- Telegram / Slack notification on scan complete
v3.0
- HTML report with charts and graphs
- Screenshot capture via gowitness
- Docker container release
- Web dashboard (local UI)
- Multi-target batch scanning
💡 Have an idea? Open a feature request →
Contributions are welcome — from bug reports to new modules and plugins.
Before opening a PR, read CONTRIBUTING.md.
git clone https://github.com/YOUR_USERNAME/recon-kit
cd recon-kit
git checkout -b feat/your-feature-name
git commit -m "feat: clear description"
git push origin feat/your-feature-name
# → Open PRWhat we accept:
- New recon modules or plugin templates
- Distro support expansions
- Bug fixes with reproduction steps
- Documentation improvements
- Performance optimizations
|
NEXORA-TOOLKIT
Advanced modular ADB toolkit for Android device management. Built in Bash with full logging, multi-distro install, and menu-driven interface. |
Use only on systems you own or have explicit written authorization to test.
Unauthorized reconnaissance may violate:
- Computer Fraud and Abuse Act (CFAA) — United States
- Computer Misuse Act (CMA) — United Kingdom
- Ley Federal de Telecomunicaciones y Radiodifusión — México
- Equivalent legislation in your jurisdiction
The author assumes no liability for misuse.
Built with focus by krypthane
⭐ If recon-kit saved you time, drop a star — it helps more people find it.