Skip to content

icynetx/RconKIT

Repository files navigation

ReconKit

ReconKit ⚡

A clean recon command center that installs itself, pulls in its scanner tools, and turns raw security output into readable results.

Website Telegram

Python Platform AI Safety

nmapdigwhatwebhttpxsslscansubfindernucleiOpenRouter AI


🌍 Docs + Video Demo

🇬🇧 English Documentation  •  🇮🇷 مستندات فارسی

Watch ReconKit demo on YouTube

Watch on YouTube

Pick the guide you prefer, then watch the hands-on video where we introduce ReconKit, run a real scan, and show what the dashboard/report workflow feels like in a terminal.


💜 Support The Project

ReconKit is built by Team CynetX as a practical tool for cleaner recon, better reports, and easier security workflows. If the project gets real support — stars, feedback, issues, shares, testing on different systems, and useful ideas — we will keep improving it with new versions, cleaner modules, better presets, stronger reports, and more polished AI analysis.

If ReconKit helps your workflow, the best support is simple:

  • ⭐ Star the GitHub repository
  • 🧪 Test it on your lab/VPS and report bugs
  • 💡 Suggest features that would actually help operators
  • 📣 Share it with people who still read raw tool output by hand

More support means more updates, better releases, and a stronger ReconKit for everyone.


✨ What Is ReconKit?

ReconKit is a practical recon workspace for people who want useful answers without juggling ten terminals. Give it a domain or IP, and it brings together tools like nmap, dig, whatweb, httpx, sslscan, nuclei, and more — then turns the output into clean tables, notes, reports, and optional AI analysis.

It is built to feel simple on a fresh machine: run the one-command installer, let ReconKit install itself and its scanner toolchain automatically, then start with reconkit. Beginners get a guided console; experienced operators still get fast one-shot commands and exportable evidence.

Safety note: ReconKit is for assets you own or have explicit permission to test. It does not run brute force, exploit payloads, malware, persistence, evasion, or destructive actions.


🚀 Highlights

  • 🕹️ Console-first workflow: run reconkit and work with simple commands like set target, show options, run, and mission.
  • 🛰️ Real recon tools, cleaner experience: DNS, nmap, WHOIS, web fingerprinting, TLS checks, passive discovery, screenshots, and template checks.
  • 🧠 AI analyst mode: send normalized scan evidence to OpenRouter and get a clear defensive analysis in English.
  • 📊 Reports without the mess: export console output, JSON, Markdown, HTML, raw artifacts, and scan diffs.
  • 🧩 Zero-to-ready installer: installs ReconKit and automatically attempts to install its scanner tools with native package managers, Go, Python, and PATH setup.
  • 🧼 Human-readable output: aligned tables, wrapped columns, quick-take notes, and practical next steps.

📸 Preview

ReconKit terminal preview

ReconKit keeps the terminal clean and readable: target summary, DNS intelligence, ports, web/TLS notes, extra tooling, reports, and AI analysis stay organized in one place.

⚡ Quick Start

1) Install ReconKit + scanner tools automatically

Linux / macOS:

curl -fsSL https://raw.githubusercontent.com/icynetx/RconKIT/main/scripts/install.sh | sh

The installer downloads ReconKit, installs the reconkit command, tries to install the scan tools it uses, updates PATH where possible, and continues with clear notes if an optional tool is unavailable on your OS.

For the smoothest first test, use a fresh VPS or clean Linux VM so the automatic installer can prove the full setup from zero.

2) Open your recon console

reconkit

From there, work naturally:

reconkit(no-target)> help
reconkit(no-target)> set target example.com
reconkit(example.com)> set mode balanced
reconkit(example.com)> set modules mission
reconkit(example.com)> enable no_whois
reconkit(example.com)> run
reconkit(example.com)> exit

3) Prefer direct commands? Use one-shot mode

reconkit example.com
reconkit example.com --deep --ai --ai-out ai-report.md -o scan.json -t 120
reconkit example.com --mission --raw-dir artifacts -o scan.json --markdown report.md --html report.html

# Pick a clear scan preset instead of memorizing tool flags
reconkit example.com --mission --scan-preset full

# Build your own guided preset once, then reuse it
reconkit --preset-create
reconkit example.com --scan-preset mypreset --cmd

# Open the local web panel
reconkit --web

🧭 Interactive Console Guide

Run reconkit with no arguments and you get a guided console instead of a wall of flags. Set your target once, adjust the scan style, and run whenever you are ready.

Command What it does
help or ? Shows console commands.
show options Shows current target, profile, modules, report paths, and flags.
show modules Shows module presets.
show deps Prints dependency status.
show ai Shows AI endpoint, model, prompt, and safe config values.
set target example.com Sets the target domain, IP, or URL.
set mode fast Sets scan mode: fast, balanced, or deep.
set modules mission Sets module preset or comma-separated modules.
set ports 80,443,8080 Uses custom ports.
unset ports Clears custom ports and returns to defaults.
set timeout 120 Sets per-tool timeout in seconds.
set raw_dir artifacts Sets raw artifact output directory.
set json scan.json Sets JSON output path.
set markdown report.md Sets Markdown output path.
set html report.html Sets HTML output path.
set extra --scan-preset mypreset --cmd Adds advanced CLI options to the next console run.
enable ai / disable ai Enables/disables AI analysis.
enable aggressive Enables heavier safe checks when tools exist.
enable no_whois Skips WHOIS.
enable show_commands Shows exact tool commands in output.
disable aggressive Turns off an enabled boolean option.
run or scan Runs the scan using current options.
quick example.com Runs a fast safe scan immediately.
mission example.com Runs the full mission workflow.
install Installs required + optional tools best-effort.
web Starts the local web panel on 127.0.0.1:8080.
web 0.0.0.0 8080 Starts the web panel on a custom host/port.
uninstall Removes the installed reconkit command launcher.
uninstall purge Removes command plus local ReconKit config/install directory when safe.
dryrun Shows dependency install plan without installing.
test ai Tests OpenRouter endpoint/model/API key.
ai init Creates/updates recon_config.json with default AI settings.
ai set model openrouter/free Saves an AI config value from the console.
ai set endpoint_url https://openrouter.ai/api/v1/chat/completions Saves the AI endpoint URL.
ai set-file system_prompt prompt.txt Loads a long system prompt from a text file.
shell <command> Runs a local shell command.
clear Clears the screen and redraws the console banner.
exit, quit, q Leaves the console.

🛠️ Installation

The one-command installer is the recommended path. It downloads ReconKit, installs the reconkit command, installs required and optional scanner tools where possible, refreshes PATH, and falls back to ZIP download if GitHub clone is slow or blocked.

Linux / macOS — one command

curl -fsSL https://raw.githubusercontent.com/icynetx/RconKIT/main/scripts/install.sh | sh

If GitHub git clone is slow on your network, shorten the clone timeout so the installer quickly falls back to ZIP:

curl -fsSL https://raw.githubusercontent.com/icynetx/RconKIT/main/scripts/install.sh | RECONKIT_GIT_TIMEOUT=10 sh

If you only want the ReconKit command and do not want external tools installed automatically:

curl -fsSL https://raw.githubusercontent.com/icynetx/RconKIT/main/scripts/install.sh | RECONKIT_SKIP_TOOLS=1 sh

If you want required tools only, without optional tools:

curl -fsSL https://raw.githubusercontent.com/icynetx/RconKIT/main/scripts/install.sh | RECONKIT_INSTALL_OPTIONAL=0 sh

After installation, open a new terminal if needed:

reconkit
reconkit --check-deps
reconkit scanme.nmap.org -M safe --no-whois -t 90

Recommended first test: run it on a fresh VPS/VM so the automatic installer can prove the full setup from zero.

Manual install from source

Use this if you already downloaded/cloned the repository or your network blocks the one-command installer:

cd RconKIT
python3 recon.py --self-install --user
reconkit --install-deps --with-optional
reconkit --check-deps

For development or local testing without installing the command:

python3 recon.py --help
python3 recon.py example.com -M safe --no-whois

Supported systems

System Recommended install
Kali / Ubuntu / Debian curl -fsSL .../scripts/install.sh | sh
Fedora / RHEL-like curl -fsSL .../scripts/install.sh | sh
Arch Linux curl -fsSL .../scripts/install.sh | sh
Alpine Linux curl -fsSL .../scripts/install.sh | sh
macOS curl -fsSL .../scripts/install.sh | sh

Uninstall

Remove only the installed reconkit command launcher and ReconKit PATH block:

reconkit --uninstall

Preview uninstall without changing anything:

reconkit --uninstall --dry-run

Remove the command plus local ReconKit config/presets and the ~/.reconkit install directory when ReconKit is installed there:

reconkit --uninstall --purge

Inside the interactive console you can also run:

reconkit(no-target)> uninstall
reconkit(no-target)> uninstall purge

Uninstall does not remove shared system tools such as nmap, curl, go, or python, because those may be used by other software.

📦 Automatic Tool Installer

ReconKit is meant to be beginner-friendly on a new system. It checks what is already installed, detects the package manager, installs its scan tools automatically where possible, adds Go/ReconKit bin directories to PATH, and keeps the scan usable even if an optional tool is not available for that OS.

Platform Providers
Debian/Ubuntu/Kali apt
Fedora/RHEL-like dnf
Arch pacman
Alpine apk
macOS brew
Cross-platform fallback go install, pipx, python -m pip --user

Preview install commands:

reconkit --install-deps --with-optional --dry-run

Install required tools only:

reconkit --install-deps

Install required + optional tools:

reconkit --install-deps --with-optional

Check status:

reconkit --check-deps

Tools ReconKit Can Use

Category Tools
Core nmap, dig, host, nslookup, whois
Web fingerprinting whatweb, httpx / httpx-toolkit, curl
WAF/TLS wafw00f, sslscan, testssl.sh
Passive discovery subfinder, amass
HTTP crawling/screenshots katana, gowitness
Template checks nuclei
Reporting helper jq

Optional tools improve coverage, but ReconKit does not break just because one package is unavailable on a specific OS. It reports what happened and keeps the workflow moving.


🔍 Scan Modes

Mode Command Use when
fast reconkit example.com You want quick DNS + common-port nmap results.
balanced reconkit example.com -m balanced You want broader common service coverage.
deep reconkit example.com -m deep or --deep You want nmap service/version/default-script detection with fallback discovery.

🧩 Modules

Use -M / --modules to decide how much ReconKit should do beyond the core DNS + nmap workflow.

Module What it runs
none Core DNS + nmap only.
dns / dns-tools host, nslookup summaries.
dns-deep Safe DNS AXFR validation with dig axfr.
passive / subdomains Passive discovery with subfinder and amass when installed.
web Web fingerprinting with whatweb, httpx, and WAF check with wafw00f.
http web + HTTP header checks and shallow crawl.
http-detail curl headers and katana shallow crawl when installed.
tls / ssl TLS checks with sslscan or testssl.sh.
screenshots / shots Web screenshot with gowitness.
templates / nuclei Safe nuclei template checks when installed.
safe dns-tools, web, tls. Default.
all safe, passive, dns-deep, http-detail.
full all, screenshots, templates.
mission Same as full; designed for full workflow scans.

Examples:

reconkit example.com -M none
reconkit example.com -M web,tls,http-detail
reconkit example.com -M passive,dns-deep
reconkit example.com --mission

🎛️ Scan Presets

ReconKit keeps the CLI simple. Instead of exposing dozens of low-level flags, use one clear preset and let ReconKit tune nmap, httpx, nuclei, and katana for that workflow.

Preset Best for What it changes
quick Fast first look Faster nmap/http probing, shallow web checks.
standard Default recon Balanced settings for normal external assessment.
full Longer assessment More patient retries/timeouts, deeper web crawl.
web Web-focused checks Web tooling gets more time and crawl depth.
vuln Template checks Nuclei/http checks use conservative concurrency and retries.

Examples:

reconkit example.com --scan-preset quick
reconkit example.com --mission --scan-preset full
reconkit example.com -M web,http-detail --scan-preset web
reconkit example.com --templates --scan-preset vuln

Custom Presets

Custom presets are for operators who want one clean command instead of retyping tool flags. Create a preset once, save tool-specific arguments, then run it later with only a target and --scan-preset. Presets are stored in recon_presets.json.

Interactive wizard

Run this and ReconKit asks for everything step by step: preset name, base preset, mode, then custom args for each tool. Leave a tool blank to skip it.

reconkit --preset-create

You can also provide the name first and let the wizard ask the rest:

reconkit --preset-create corpfull

Preset modes

Mode Behavior Best use
append Keeps ReconKit defaults and adds your args. Small additions like headers, tags, or --reason.
replace For configured tools, uses your args instead of ReconKit defaults. Other tools still use normal behavior. You want custom nmap/httpx/nuclei style but keep the full workflow.
only Runs only tools configured inside the preset; unconfigured tools are skipped. You want a preset to fully control what runs.

Non-interactive builder

reconkit --preset-create corpfull --preset-base full --preset-strategy append --preset-desc "Corp full scan" \
  --preset-add 'nmap=--reason' \
  --preset-add 'httpx=-H "X-ROE-ID: ACME-2026"' \
  --preset-add 'nuclei=-tags cves'

Preset-only workflow

Use only when you want ReconKit to run just the tools you configured. Placeholders are replaced at runtime.

reconkit --preset-create myweb --preset-strategy only \
  --preset-add 'nmap=-sV -Pn -p 80,443 -oN - {target}' \
  --preset-add 'httpx=-silent -title -status-code -u {url}' \
  --preset-add 'nuclei=-silent -tags cves -u {url}'

reconkit example.com --scan-preset myweb --cmd

Useful placeholders:

Placeholder Replaced with
{target} Normalized target domain/IP.
{domain} Same domain-style target value.
{url} First detected web URL for web tools.
{out_dir} Artifact directory for tools like gowitness.

Manage presets:

reconkit --preset-list
reconkit --preset-show corpfull
reconkit --preset-delete corpfull

Supported custom-argument tools:

nmap, dig, host, nslookup, whois, whatweb, httpx, wafw00f, nikto, sslscan, testssl.sh, subfinder, amass, curl, katana, gowitness, nuclei


🧾 All CLI Switches

Switch Example Explanation
target reconkit example.com Domain, IP, or URL to scan.
-h, --help reconkit --help Show help and examples.
-m, --mode, --profile -m balanced Scan mode: fast, balanced, deep.
-p, --ports -p 80,443,8080 Custom nmap ports/ranges.
-M, --modules -M web,tls Extra modules or presets.
-A, --aggressive -A Enables heavier safe checks when tools exist, such as nikto/testssl.sh.
-t, --timeout -t 120 Per-tool command timeout in seconds.
-o, --json -o scan.json Save normalized JSON report.
--markdown, --md --markdown report.md Save Markdown report.
--html --html report.html Save standalone HTML report.
--raw-dir --raw-dir artifacts Save raw tool outputs/artifacts.
--diff --diff old.json Compare current scan with previous JSON.
--deep --deep Alias for -m deep.
--mission --mission Enables the full mission module set.
--passive --passive Adds passive subdomain discovery modules.
--http-detail --http-detail Adds HTTP headers and shallow crawl.
--screenshots --screenshots Captures screenshot with gowitness when installed.
--templates, --nuclei --templates Runs nuclei templates when installed and authorized.
--scan-preset --scan-preset corpfull Built-in or saved custom scan preset.
--preset-list --preset-list List built-in and saved presets.
--preset-show --preset-show corpfull Show a saved preset.
--preset-create --preset-create or --preset-create corpfull Create a custom preset interactively.
--preset-base --preset-base full Base preset for a custom preset.
--preset-strategy --preset-strategy only Custom preset behavior: append, replace, or only.
--preset-add --preset-add 'nmap=--reason' Add tool-specific args non-interactively. Repeatable.
--preset-desc --preset-desc "Corp scan" Description for a custom preset.
--preset-delete --preset-delete corpfull Delete a saved custom preset.
--cmd, --show-commands --cmd Shows exact commands ReconKit executed.
--explain --explain Shows a switch guide in the scan output.
--no-color --no-color Disables ANSI colors. Useful for CI/log files.
--color --color Forces ANSI colors even when auto-detection would disable them.
--no-whois --no-whois Skips WHOIS lookup.
--install-deps --install-deps Installs required tools best-effort.
--self-install, --setup --self-install --user Installs the reconkit command.
--user --self-install --user Prefer user bin directory such as ~/.local/bin .
--with-optional --install-deps --with-optional Also install optional recon/web/TLS tools.
--dry-run --install-deps --dry-run Print install plan without installing.
--check-deps --check-deps Print dependency status and exit.
--web, --serve --web Start the local ReconKit web panel.
--host --web --host 0.0.0.0 Host/interface for the web panel. Default: 127.0.0.1.
--port --web --port 8080 TCP port for the web panel. Default: 8080.
--uninstall --uninstall Remove the installed reconkit command launcher.
--purge --uninstall --purge Also remove local config/presets and ~/.reconkit install directory when safe.
--ai --ai Analyze scan results using recon_config.json.
--ai-timeout --ai-timeout 90 AI request timeout in seconds.
--ai-out --ai-out ai-report.md Save AI analysis to a file.
--ai-init --ai-init Create/update recon_config.json with default AI settings.
--ai-show --ai-show Show loaded AI config safely, with API keys masked.
--ai-set --ai-set model=openrouter/free Set and save an AI config value. Can be repeated.
--ai-set-file --ai-set-file system_prompt=prompt.txt Load and save an AI config value from a file. Useful for long prompts.
--ai-prompt --ai-prompt Print configured AI system prompt and exit.
--show-config --show-config Alias for --ai-show.
--test-ai --test-ai Test AI endpoint/model/API key without scanning.
--version --version Show ReconKit version and Team CynetX links.

🧠 AI Analysis With OpenRouter

ReconKit can manage its AI settings from the CLI, so you do not need to manually edit JSON for normal setup. Settings are saved in recon_config.json.

Create the config file:

reconkit --ai-init

Show the current config safely:

reconkit --ai-show

Set OpenRouter endpoint and model:

reconkit --ai-set endpoint_url=https://openrouter.ai/api/v1/chat/completions
reconkit --ai-set model=openrouter/free

Set API key using an environment variable name. Direct local config is also supported, but do not commit real keys to GitHub:

reconkit --ai-set api_key_env=OPENROUTER_API_KEY
export OPENROUTER_API_KEY="YOUR_OPENROUTER_API_KEY"

# optional direct-key style
reconkit --ai-set api_key=YOUR_OPENROUTER_API_KEY

Set a long system prompt from a text file:

reconkit --ai-set-file system_prompt=prompt.txt

Tune generation values:

reconkit --ai-set temperature=0.15 --ai-set max_tokens=5000
reconkit --ai-set continuation_rounds=5 --ai-set empty_response_retries=5

Test the endpoint/model/key before scanning:

reconkit --test-ai

Run an AI-assisted scan:

reconkit example.com --deep --ai --ai-out ai-report.md -o scan.json

Useful AI config keys:

Key Meaning Example
endpoint_url OpenRouter-compatible chat completions endpoint. https://openrouter.ai/api/v1/chat/completions
model Model/router name. openrouter/free
api_key_env Environment variable that stores the API key. OPENROUTER_API_KEY
api_key Direct API key stored in local config. sk-or-...
system_prompt Main AI behavior and report instructions. Use --ai-set-file system_prompt=prompt.txt
temperature Creativity/variance. Lower is more consistent. 0.15
max_tokens Maximum output size per response. 5000
continuation_rounds Continuation attempts when output is cut. 5
empty_response_retries Retries for empty/free-model responses. 5
http_referer OpenRouter referer header. https://local.reconkit
x_title OpenRouter title header. ReconKit AI Analysis

AI output structure:

  1. Executive Summary
  2. Attack Surface Table
  3. Risk Assessment
  4. How an Attacker Might Abuse This (Defensive View)
  5. Recommended Next Authorized Tests
  6. Defensive Hardening Plan
  7. Top 5 Priorities
  8. Data Quality Notes

The AI mode is designed for defensive analysis: it explains exposure, likely risk, safe validation ideas, and hardening steps — without exploit payloads, brute-force instructions, malware, persistence, or evasion.


🖥️ Local Web Panel

ReconKit also includes a built-in local web panel. It uses Python's standard library web server, so no Flask/FastAPI dependency is required.

Start it locally:

reconkit --web

Open:

http://127.0.0.1:8080

Run on a server or custom interface/port:

reconkit --web --host 0.0.0.0 --port 8080

Inside the interactive console:

reconkit(no-target)> web
reconkit(no-target)> web 0.0.0.0 8080

The web panel supports:

  • Starting scans with target, mode, modules, ports, preset, timeout, AI, raw artifacts, and command display options.
  • Viewing scan history and opening previous reports.
  • Downloading JSON, Markdown, and HTML reports.
  • Creating, listing, and deleting custom presets.
  • Checking dependencies and starting dependency installation.
  • Viewing/editing AI config and testing the AI endpoint.

Security note: keep the panel bound to 127.0.0.1 unless you intentionally run it on a trusted server/network. It is an operator panel, not a public web app.


📊 Reports And Artifacts

Output Command Result
Console reconkit example.com Pretty terminal dashboard.
JSON -o scan.json Machine-readable normalized data.
Markdown --markdown report.md GitHub/client-friendly report.
HTML --html report.html Standalone HTML report.
Raw evidence --raw-dir artifacts Tool outputs and artifacts.
Diff --diff old.json Highlights changes from a previous scan.
AI report --ai-out ai-report.md Saved AI analysis.

A complete report workflow can look like this:

reconkit example.com --mission --raw-dir artifacts -o scan.json --markdown report.md --html report.html --ai --ai-out ai-report.md -t 120

🧯 Troubleshooting

Problem Fix
reconkit: command not found Open a new terminal, then run echo $PATH. User installs usually place the command in ~/.local/bin.
GitHub clone is very slow Use RECONKIT_GIT_TIMEOUT=10 with the install command so it falls back to ZIP faster.
Optional tools are missing Run reconkit --install-deps --with-optional, then reconkit --check-deps. Some optional tools depend on OS package availability.
AI test returns empty/free-model issues Try reconkit --test-ai, increase retries with --ai-set empty_response_retries=5, or choose a more stable OpenRouter model.
Output has ANSI codes in logs Add --no-color.
Need exact executed commands Add --cmd / --show-commands.

🛡️ Scope And Ethics

ReconKit is built to help defenders and authorized operators understand exposure clearly. Keep it professional: scan only assets you own, manage, or have written permission to test.

By design, ReconKit avoids:

  • Brute force and password spraying.
  • Exploit payloads and weaponized PoCs.
  • Malware, persistence, evasion, or destructive actions.
  • Unauthorized access attempts.

👥 Team CynetX

Built with ❤️ by Team CynetX for operators who care about clean recon, readable reports, and practical security work.

© 2026 Team CynetX. All rights reserved.

If ReconKit makes your workflow cleaner, give the repository a star and share it with someone who still reads raw tool output by hand.

About

ReconKit turns messy recon output into a clean security picture: DNS, ports, web fingerprints, TLS checks, reports, and AI-guided analysis for authorized assessments.

Topics

Resources

License

Stars

2 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors