38-phase automated reconnaissance framework for security researchers

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ExploitCraft from gravatar.com ExploitCraft
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Tags recon , reconnaissance , security , penetration-testing , osint
  • Requires: Python >=3.10
  • Provides-Extra: ai , shodan , dns , full , v7
Classifiers
Report project as malware

Project description

🥷 ReconNinja

v8.0.0 — Automated reconnaissance framework for authorized security testing

Version Python License Stars

For authorized security testing only. Always obtain written permission before scanning.

What's New in v8.0.0

Category Features
🔑 API Security REST API fuzzer, OAuth/OIDC scanner, web vuln probes (XSS/SQLi/LFI/SSRF), open redirect
🕵️ OSINT LinkedIn employee recon, paste site monitor, SE OSINT (email/phone harvest)
📱 Mobile APK static analysis, Google Play + App Store scraper
🔒 Privacy Tor/VPN/proxy detection, DNS leak checker
⛓️ Web3 Smart contract scanner, ENS domain lookup
🤖 AI Multi-model consensus, MITRE ATT&CK attack paths, CVSSv3 remediation engine
🖥️ GUI Local desktop GUI (--gui), Windows .exe build
📤 Output PDF reports, Jira/GitHub Issues push, Splunk/Elastic SIEM streaming

Installation

# From PyPI
pip install ReconNinja

# From source
git clone https://github.com/yourusername/ReconNinja
cd ReconNinja
pip install -r requirements.txt

# Optional: GUI support
pip install flask

# Optional: PDF export
pip install weasyprint   # or: pip install fpdf2

Windows (.exe)

Download the pre-built ReconNinja.exe from the Releases page.
No Python install required — just run it.

Quick Start

# Standard scan
python reconninja.py -t example.com

# GUI mode (non-technical users)
python reconninja.py --gui

# Full scan — all 48 phases
python reconninja.py -t example.com --profile full_suite

# v8 new modules
python reconninja.py -t example.com --api-fuzz --oauth-scan --web-vulns --open-redirect
python reconninja.py -t example.com --linkedin --paste-monitor --se-osint
python reconninja.py -t example.com --web3-scan --ens-lookup --anon-detect --dns-leak
python reconninja.py -t example.com --ai-consensus --attack-paths --ai-remediate
python reconninja.py -t example.com --pdf-report --jira https://jira.co:email:token:SEC
python reconninja.py --apk-scan /path/to/app.apk

All Flags

Discovery & Enumeration
Flag Description
--subdomains Subdomain enumeration (amass, subfinder, dnsx)
--rustscan Fast port scan via RustScan
--masscan High-speed port scan via Masscan
--httpx HTTP probing + tech fingerprinting
--whatweb Web technology detection
--ferox Directory/file brute-force (feroxbuster)
--nikto Web server vulnerability scan
--waf WAF detection (passive + wafw00f)
--cors CORS misconfiguration scanner
--ssl SSL/TLS certificate analysis
--dns-zone DNS zone transfer (AXFR) check
--wayback Wayback Machine URL discovery
--js-extract Extract endpoints and secrets from JS files
--graphql GraphQL endpoint discovery + introspection
--typosquat Typosquatting domain variant detection
Vulnerability Scanning
Flag Description
--nuclei Nuclei template-based vulnerability scanner
--cve NVD CVE lookup for detected services
--jwt-scan JWT vulnerability scanner (none-alg, weak secrets)
--db-exposure Unauthenticated Redis/ES/MongoDB/Memcached detection
--api-fuzz [v8] REST API fuzzer — IDOR, auth bypass, mass assignment
--oauth-scan [v8] OAuth 2.0/OIDC misconfiguration scanner
--web-vulns [v8] XSS, SQLi, LFI, SSRF probe suite
--open-redirect [v8] Open redirect vulnerability scanner
OSINT & Intelligence
Flag Description
--github-osint GitHub secret/config file search
--shodan Shodan host intelligence
--censys Censys host intelligence
--virustotal / --vt VirusTotal domain/IP lookup
--greynoise GreyNoise IP context (noise vs targeted)
--whois WHOIS domain registration data
--breach-check HaveIBeenPwned domain breach check
--asn-map BGP/ASN IP range mapping
--cloud-buckets Cloud bucket enumeration (S3/Azure/GCS)
--cloud-meta AWS/Azure/GCP metadata SSRF probe
--supply-chain Outdated JS libraries + npm squatting
--linkedin [v8] LinkedIn employee OSINT + tech stack inference
--paste-monitor [v8] Paste site credential/secret leak scanner
--se-osint [v8] Social engineering contact harvesting
--app-store [v8] Google Play + Apple App Store metadata
Infrastructure & Cloud
Flag Description
--k8s-probe Kubernetes/Docker API exposure
--smtp-enum SMTP user enumeration (VRFY/RCPT TO)
--snmp-scan SNMP community string brute-force
--ldap-enum LDAP anonymous bind + attribute dump
--devops-scan Terraform state + Jenkins exposure
--anon-detect [v8] Tor/VPN/proxy/hosting IP detection
--dns-leak [v8] DNS leak: rebinding, open resolver, internal exposure
Mobile & Web3
Flag Description
--apk-scan PATH [v8] APK static analysis — secrets, dangerous APIs, permissions
--web3-scan [v8] Smart contract recon, ABI exposure, on-chain data
--ens-lookup [v8] ENS domain + on-chain social profile resolution
AI Analysis
Flag Description
--ai AI-powered findings analysis (Groq/OpenAI/Gemini/Ollama)
--ai-consensus [v8] Multi-model consensus + disagreement flagging
--attack-paths [v8] MITRE ATT&CK kill-chain attack path generation
--ai-remediate [v8] Per-finding remediation + CVSSv3 scoring
Output & Integrations
Flag Description
--output-format all / html / json / md / pdf / sarif
--pdf-report [v8] Export pentest-ready PDF report
--sarif Export SARIF 2.1.0 report
--jira URL:EMAIL:TOKEN:PROJECT [v8] Push findings to Jira
--gh-issues TOKEN:OWNER/REPO [v8] Push findings to GitHub Issues
--siem URL:TOKEN[:type] [v8] Stream to Splunk/Elastic HEC
--notify URL Webhook alerts (Slack/Discord/HTTPS)
--diff A.json B.json Compare two scan reports
GUI & Performance
Flag Description
--gui [v8] Launch local desktop GUI
--gui-port N GUI port (default: 7117)
--timeout N Per-operation timeout in seconds (default: 30)
--threads N Thread pool size (default: 20)
--async-concurrency N Async port scan concurrency (default: 1000)
--rate-limit N Seconds between requests (default: 0)
--resume DIR Resume interrupted scan from checkpoint
--profile standard / full_suite / stealth
--exclude Comma-separated phases to skip

Architecture

reconninja.py          ← CLI entry point
gui/app.py             ← Desktop GUI (Flask + SSE)
core/                  ← 43 scan modules
  orchestrator.py      ← 48-phase pipeline with resume + checkpointing
output/                ← report_html, reports, sarif_export, integrations
plugins/               ← drop-in .py extension modules
utils/                 ← models, helpers, logger, notify
tests/                 ← pytest suite

Version History

Version Highlights
8.0.0 GUI, 13 new modules, AI consensus+attack paths+remediation, PDF/Jira/SIEM, 17 bug fixes
7.1.0 Critical import bug fix (all v7 phases were NameError)
7.0.0 19 new modules: cloud meta, GraphQL, JWT, ASN, supply chain, K8s, DB exposure, SMTP, SNMP, LDAP, DevOps, GreyNoise, typosquat, Censys
6.0.0 Resume/checkpoint, scan diff, email security, breach check, SARIF export, plugins
5.0.0 Shodan, VirusTotal, WHOIS, Wayback, SSL, GitHub OSINT, JS extractor, cloud buckets, WAF, CORS

License

MIT — For authorized security testing only.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for ExploitCraft from gravatar.com ExploitCraft
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Tags recon , reconnaissance , security , penetration-testing , osint
  • Requires: Python >=3.10
  • Provides-Extra: ai , shodan , dns , full , v7
Classifiers

Release history Release notifications | RSS feed

8.3.0

8.2.1

8.1.0

This version

8.0.0

7.1.0

7.0.0

6.0.0

5.2.2

5.2.1

5.2.0

5.1.1

5.0.0

4.0.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

reconninja-8.0.0.tar.gz (174.1 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

reconninja-8.0.0-py3-none-any.whl (186.3 kB view details)

Uploaded Python 3

File details

Details for the file reconninja-8.0.0.tar.gz.

File metadata

  • Download URL: reconninja-8.0.0.tar.gz
  • Upload date:
  • Size: 174.1 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for reconninja-8.0.0.tar.gz
Algorithm Hash digest
SHA256 72ac396cf6fd91c094a2ea2539e9edb0e29df46cb28f841714ebe956bc9b2922
MD5 f1f0720ba2a867dd23a3e760a4541031
BLAKE2b-256 f5495d0d181fd79b6fdb687ed105f3541891a9bc1e493af9c3565eb989a45808

See more details on using hashes here.

Provenance

The following attestation bundles were made for reconninja-8.0.0.tar.gz:

Publisher: release.yml on ExploitCraft/ReconNinja

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file reconninja-8.0.0-py3-none-any.whl.

File metadata

  • Download URL: reconninja-8.0.0-py3-none-any.whl
  • Upload date:
  • Size: 186.3 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for reconninja-8.0.0-py3-none-any.whl
Algorithm Hash digest
SHA256 e6e8a48a3bfec8eaed1c7422de6209fd9705acbb7bbe5050aaa4565a4440610a
MD5 812229f137660bdf0730b2dc0d31d6eb
BLAKE2b-256 4cbb7c5d9c7aa4bddf3de55bdb8d985c5e8361354619071aa7f91d38492dc42b

See more details on using hashes here.

Provenance

The following attestation bundles were made for reconninja-8.0.0-py3-none-any.whl:

Publisher: release.yml on ExploitCraft/ReconNinja

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page