Authorized-use secret-intelligence suite: find -> verify -> capability ladder -> PROVEN/VALID/DENIED impact tiering -> court-ready evidence bundle. Built on top of TruffleHog.
Project description
██╗ ██╗████████╗██╗ ██╗ ██████╗ ███████╗ ██████╗ ██████╗ ███╗ ██╗
██║ ██║╚══██╔══╝╚██╗██╔╝ ██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗ ██║
██║ ██║ ██║ ╚███╔╝█████╗██████╔╝█████╗ ██║ ██║ ██║██╔██╗ ██║
╚██╗ ██╔╝ ██║ ██╔██╗╚════╝██╔══██╗██╔══╝ ██║ ██║ ██║██║╚██╗██║
╚████╔╝ ██║ ██╔╝ ██╗ ██║ ██║███████╗╚██████╗╚██████╔╝██║ ╚████║
╚═══╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝
vtx-recon (Python)
Secret intelligence for authorized engagements — find a key, then prove what it can actually do.
⚠️ Authorized use only. vtx-recon is for security testing of systems you are explicitly authorized to test (an in-scope bug-bounty program or signed engagement). Unauthorized use may violate the US CFAA, the UK Computer Misuse Act, and equivalent laws. Provided "as is", no warranty, no liability.
TruffleHog finds secrets and verifies they're live; vtx-recon picks up from there — it runs ordered, read-only capability ladders to prove depth of access, tiers each key as PROVEN / VALID / DENIED, and emits a redacted, timestamped evidence bundle.
Safe, read-only probes run by default. Probes that cost money, read PII, or
change state are gated and unreachable unless you pass both --prove
and --i-am-authorized "<scope>" — enforced in code, fail-closed.
Install
pipx install vtx-recon # requires the trufflehog binary on PATH
Quick start
vtx-recon find . --i-am-authorized "bugbounty:acme"
echo "AIza..." | vtx-recon ladder --i-am-authorized "bugbounty:acme" --json
Full documentation, the provider/ladder table, and the safety model are in the project README.
Built by VTX Labs · MIT License · see TERMS.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file vtx_recon-0.1.0.tar.gz.
File metadata
- Download URL: vtx_recon-0.1.0.tar.gz
- Upload date:
- Size: 49.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
8b95da73d353a54ccafa78e8a0a518aff1b520f36f887057a30b08a45ef530cd
|
|
| MD5 |
823688861ca06f38e50331037efc26df
|
|
| BLAKE2b-256 |
d564122f65e9ca38d1ab93492a723a7e463f0901a1cc50993ff3ce42bf10c905
|
Provenance
The following attestation bundles were made for vtx_recon-0.1.0.tar.gz:
Publisher:
publish-pypi.yml on VTX-Labs/recon
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
vtx_recon-0.1.0.tar.gz -
Subject digest:
8b95da73d353a54ccafa78e8a0a518aff1b520f36f887057a30b08a45ef530cd - Sigstore transparency entry: 1705122361
- Sigstore integration time:
-
Permalink:
VTX-Labs/recon@53b0a9256800842b015ccf1b93e181ce58a53746 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/VTX-Labs
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@53b0a9256800842b015ccf1b93e181ce58a53746 -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file vtx_recon-0.1.0-py3-none-any.whl.
File metadata
- Download URL: vtx_recon-0.1.0-py3-none-any.whl
- Upload date:
- Size: 45.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.13
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9705ad07b91e7fd1514d8da60a54e2acf6880fced7a0e1044ecd88abbbf7ce14
|
|
| MD5 |
f6a488055c7eda611047ab708507f92b
|
|
| BLAKE2b-256 |
41d97b58a299a55d1195ed2ef279ae1227b52519994dc7fb98888b6a8424e23d
|
Provenance
The following attestation bundles were made for vtx_recon-0.1.0-py3-none-any.whl:
Publisher:
publish-pypi.yml on VTX-Labs/recon
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
vtx_recon-0.1.0-py3-none-any.whl -
Subject digest:
9705ad07b91e7fd1514d8da60a54e2acf6880fced7a0e1044ecd88abbbf7ce14 - Sigstore transparency entry: 1705122410
- Sigstore integration time:
-
Permalink:
VTX-Labs/recon@53b0a9256800842b015ccf1b93e181ce58a53746 -
Branch / Tag:
refs/heads/main - Owner: https://github.com/VTX-Labs
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@53b0a9256800842b015ccf1b93e181ce58a53746 -
Trigger Event:
workflow_dispatch
-
Statement type: