Automated reconnaissance tool with AI report generation. Subdomain enumeration, endpoint crawling, and vulnerability pattern detection.
Project description
HB-Recon
Automated reconnaissance workflow with AI-ready report generation.
Perfect for bug bounty hunters, pentesters, and security researchers.
⚠️ Important Notice
HB-Recon is a workflow automation tool — it orchestrates external security tools and generates structured reports.
What it does:
- ✅ Automates reconnaissance workflows
- ✅ Chains multiple tools together
- ✅ Generates AI-ready JSON reports
- ✅ Organizes scan results
What it does NOT do:
- ❌ Include built-in scanning capabilities
- ❌ Auto-install required tools
- ❌ Work without dependencies
Features
✅ Subdomain Enumeration — subfinder integration
✅ Live Host Detection — httpx for alive checks
✅ Technology Stack Scan — WhatWeb detection
✅ Endpoint Crawling — Katana deep crawl (depth 3)
✅ Vulnerability Patterns — gf pattern matching (XSS, SQLi, IDOR)
✅ AI Report Generation — Structured JSON with risk scoring
Prerequisites
System Requirements
- OS: Linux / WSL (Windows Subsystem for Linux)
- Python: 3.8+
- Go: 1.19+ (for tool installation)
Required External Tools
You MUST install these tools before using hb-recon:
| Tool | Purpose | Installation |
|---|---|---|
| subfinder | Subdomain enumeration | go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest |
| httpx | HTTP probe | go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest |
| katana | Web crawler | go install -v github.com/projectdiscovery/katana/cmd/katana@latest |
| gf | Pattern matcher | go install github.com/tomnomnom/gf@latest |
| whatweb | Tech detection | sudo apt install whatweb (Debian/Ubuntu) |
Quick Install (All Tools)
# Install Go tools
go install -v github.com/projectdiscovery/subfinder/v2/cmd/subfinder@latest
go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest
go install -v github.com/projectdiscovery/katana/cmd/katana@latest
go install github.com/tomnomnom/gf@latest
# Install WhatWeb
sudo apt install whatweb
# Verify installations
subfinder -version
httpx -version
katana -version
gf -h
whatweb --version
Installation
Option 1: PyPI (Recommended)
On Kali/Debian/Ubuntu:
pip install --break-system-packages hb-recon
On other systems:
pip install hb-recon
Or use pipx (recommended for isolated environments):
pipx install hb-recon
Option 2: From Source
git clone https://github.com/infohlaingbwar/hb-recon.git
cd hb-recon
pip install -e .
Usage
Interactive Mode
python -m hb_recon
Example:
=======================================================
Auto Recon -> AI Ready
=======================================================
[>] Domain: example.com
[+] Subfinder + Httpx
[v] Done (5.2s)
[*] WhatWeb + Katana (parallel)...
[+] Katana (crawl)
[v] Done (12.4s)
[+] gf (XSS/SQLi/IDOR patterns)
[v] Done (1.8s)
[√] Total: 19.4s
Output Structure
recon_example.com/
├── subdomains.txt # All discovered subdomains
├── alive.txt # Live hosts (200, 301, 403)
├── urls.txt # Crawled endpoints (depth 3)
├── xss.txt # XSS-prone endpoints
├── sqli.txt # SQLi-prone endpoints
├── idor.txt # IDOR-prone endpoints
├── tech_stack.txt # Technology detection
└── ai_report.json # AI-ready structured report
AI Report Format
The tool generates ai_report.json with structured data perfect for AI analysis:
{
"target": "example.com",
"timestamp": "2026-06-20T13:45:00",
"summary": {
"subdomains": 15,
"alive_hosts": 8,
"endpoints": 324,
"technologies": 12,
"high_risk": 3,
"medium_risk": 7,
"low_risk": 15
},
"endpoints": [
{
"url": "https://admin.example.com/api/users?id=123",
"category": "idor",
"risk": "high",
"params": ["id"]
}
],
"tech_stack": {
"server": "nginx/1.18.0",
"frameworks": ["React", "Node.js"],
"cms": "WordPress 6.2"
}
}
Use with AI:
# After scan
cat recon_example.com/ai_report.json | pbcopy
# Paste into ChatGPT/Claude: "Analyze this recon data for vulnerabilities"
Workflow Logic
Input: Domain
↓
1. Subdomain Enumeration (subfinder)
→ hackertarget, waybackarchive sources
↓
2. Live Detection (httpx)
→ Filter 200, 301, 403 status codes
↓
3. Parallel Execution:
├─→ Tech Stack (WhatWeb)
└─→ Endpoint Crawl (Katana depth=3)
↓
4. Pattern Detection (gf)
├─→ XSS patterns
├─→ SQLi patterns
└─→ IDOR patterns
↓
5. AI Report Generation
→ Risk scoring
→ Category grouping
→ JSON export
Example Workflow
# 1. Install hb-recon
pip install hb-recon
# 2. Run scan
python -m hb_recon
# Enter: bugcrowd.com
# 3. Wait 30-60 seconds
# 4. Check results
cd recon_bugcrowd.com
cat ai_report.json
# 5. Analyze with AI
# Copy ai_report.json content to ChatGPT/Claude
Security Notice
⚠️ Only use on authorized targets.
This tool is for:
- Bug bounty programs (with scope)
- Authorized penetration testing
- Your own infrastructure
Unauthorized scanning is illegal and violates:
- Computer Fraud and Abuse Act (CFAA)
- Most countries' cybercrime laws
- Bug bounty program rules
You are responsible for your actions.
Troubleshooting
"Command not found" errors
Problem: Tool binaries not in PATH
Solution:
# Add Go bin to PATH (add to ~/.bashrc or ~/.zshrc)
export PATH="$HOME/go/bin:$PATH"
# Reload shell
source ~/.bashrc
"Platform Error" on Windows
Problem: hb-recon requires Linux/WSL
Solution:
# Use WSL (Windows Subsystem for Linux)
wsl -d kali-linux
pip install hb-recon
python -m hb_recon
Network timeouts
Problem: Slow/unstable connection
Solution:
# Increase timeout in cli.py
# Default: timeout=300 (5 minutes)
Contributing
Contributions welcome! Please:
- Fork the repository
- Create a feature branch
- Submit a pull request
License
MIT License - See LICENSE
Author
Hlaing Bwar
- GitHub: @infohlaingbwar
- Website: hlaingbwar.com
- PyPI: hb-recon
Made with ❤️ for the bug bounty community
Disclaimer: This tool is for educational and authorized testing only. Misuse may result in legal consequences.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file hb_recon-1.0.4.tar.gz.
File metadata
- Download URL: hb_recon-1.0.4.tar.gz
- Upload date:
- Size: 14.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
70e4a3528a431baeaff6b423dd830e0e3519ebcbb595ff3f6c653244a7fdf0bf
|
|
| MD5 |
474d6279acf799de012b93c26abaa726
|
|
| BLAKE2b-256 |
0569aabbe195042460ed7212c7a0a641840d66c066e22b0ec52d8271fae602aa
|
File details
Details for the file hb_recon-1.0.4-py3-none-any.whl.
File metadata
- Download URL: hb_recon-1.0.4-py3-none-any.whl
- Upload date:
- Size: 11.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
854aee54c37584d2062151ee6d1be172373a41c7344f42b751ee5160f205b2ed
|
|
| MD5 |
84be2cc8637eb678e1a8f2291ccf7ff1
|
|
| BLAKE2b-256 |
8af377d9d465a58028a872bd717f7a9480e914dd382ae62fdfd6fe52e54e876c
|
