reconPoint is your ultimate web application reconnaissance suite, designed to supercharge the recon process for security pros, pentesters, and bug bounty hunters. It is a go-to tool that simplifies and streamlines reconnaissance, featuring configurable engines, data correlation, continuous monitoring, database-backed reconnaissance data, and an intuitive user interface. reconPoint redefines how you gather critical information about target web applications.
Traditional reconnaissance tools often fall short in configurability and efficiency. reconPoint addresses these shortcomings and emerges as an excellent alternative to existing commercial tools.
Watch reconPoint 2.0-jasper release trailer here!
Detailed documentation available at https://recon.khulnasoft.com
- Recon Point
- What is reconPoint?
- Documentation
- Table of Contents
- About reconPoint
- Workflow
- Features
- Quick Installation
- Updating
- Community-Curated Videos
- Screenshots
- Contributing
- Submitting issues
- First-time Open Source contributors
- reconPoint Support
- Support and Sponsoring
- Reporting Security Vulnerabilities
- License
reconPoint is a game-changing reconnaissance suite. It has turbocharged features for security professionals, penetration testers, and bug bounty hunters. It includes:
- Advanced scan engines
- Data correlation
- Continuous monitoring
- GPT-powered Vulnerability Reports
- Project management with role-based access control
๐ฆพ reconPoint performs end-to-end reconnaissance, from subdomain discovery to vulnerability scanning. It supports WHOIS identification, WAF detection, and more, making it a go-to tool for efficient reconnaissance.
๐๏ธ reconPoint integrates with a database, providing seamless data correlation and organization, allowing you to filter reconnaissance data effortlessly.
๐ง Highly configurable, reconPoint uses a YAML-based configuration system, offering customizable scan engines for all types of recon.
๐ย ย Subscans: Subscan is a game-changing feature in reconPoint, setting it apart as the only open-source tool of its kind to offer this capability. With Subscan, waiting for the entire pipeline to complete is a thing of the past. Now, users can swiftly respond to newfound discoveries during reconnaissance. Whether you've stumbled upon an intriguing subdomain and wish to conduct a focused port scan or want to delve deeper with a vulnerability assessment, reconPoint has you covered.
๐ย ย PDF Reports: In addition to its robust reconnaissance capabilities, reconPoint goes the extra mile by simplifying the report generation process, recognizing the crucial role that PDF reports play in the realm of end-to-end reconnaissance. Users can effortlessly generate and customize PDF reports to suit their exact needs. Whether it's a Full Scan Report, Vulnerability Report, or a concise reconnaissance report, reconPoint provides the flexibility to choose the report type that best communicates your findings. Moreover, the level of customization is unparalleled, allowing users to select report colors, fine-tune executive summaries, and even add personalized touches like company names and footers. With GPT integration, your reports aren't just a report, with remediation steps, and impacts, you get 360-degree view of the vulnerabilities you've uncovered.
๐ย ย Say Hello to Projects! reconPoint 2.0 introduces a powerful addition that enables you to efficiently organize your web application reconnaissance efforts. With this feature, you can create distinct project spaces, each tailored to a specific purpose, such as personal bug bounty hunting, client engagements, or any other specialized recon task. Each projects will have separate dashboard and all the scan results will be separated from each project, while scan engines and configuration will be shared across all the projects.
โ๏ธย ย Roles and Permissions! In reconPoint 2.0, we've taken your web application reconnaissance to a whole new level of control and security. Now, you can assign distinct roles to your team membersโSys Admin, Penetration Tester, and Auditorโeach with precisely defined permissions to tailor their access and actions within the reconPoint ecosystem.
- ๐ Sys Admin: Sys Admin is a superuser that has permission to modify system and scan related configurations, scan engines, create new users, add new tools etc. Superuser can initiate scans and subscans effortlessly.
- ๐ Penetration Tester: Penetration Tester will be allowed to modify and initiate scans and subscans, add or update targets, etc. A penetration tester will not be allowed to modify system configurations.
- ๐ Auditor: Auditor can only view and download the report. An auditor can not change any system or scan related configurations nor can initiate any scans or subscans.
๐ย ย GPT Vulnerability Report Generation: Get ready for the future of penetration testing reports with reconPoint's groundbreaking feature: "GPT-Powered Report Generation"! With the power of OpenAI's GPT, reconPoint now provides you with detailed vulnerability descriptions, remediation strategies, and impact assessments that read like they were written by a human security expert! But that's not all! Our GPT-driven reports go the extra mile by scouring the web for related news articles, blogs, and references, so you have a 360-degree view of the vulnerabilities you've uncovered. With reconPoint 2.0 revolutionize your penetration testing game and impress your clients with reports that are not just informative but engaging and comprehensive with detailed analysis on impact assessment and remediation strategies.
๐ฅทย ย GPT-Powered Attack Surface Generation: With reconPoint 2.0, reconPoint seamlessly integrates with GPT to identify the attacks that you can likely perform on a subdomain. By making use of reconnaissance data such as page title, open ports, subdomain name etc. reconPoint can advise you the attacks you could perform on a target. reconPoint will also provide you the rationale on why the specific attack is likely to be successful.
๐งญย ย Continuous monitoring: Continuous monitoring is at the core of reconPoint's mission, and it's robust continuous monitoring feature ensures that their targets are under constant scrutiny. With the flexibility to schedule scans at regular intervals, penetration testers can effortlessly stay informed about their targets. What sets reconPoint apart is its seamless integration with popular notification channels such as Discord, Slack, and Telegram, delivering real-time alerts for newly discovered subdomains, vulnerabilities, or any changes in reconnaissance data.
- Reconnaissance:
- Subdomain Discovery
- IP and Open Ports Identification
- Endpoints Discovery
- Directory/Files fuzzing
- Screenshot Gathering
- Vulnerability Scan
- Nuclei
- Dalfox XSS Scanner
- CRLFuzzer
- Misconfigured S3 Scanner
- WHOIS Identification
- WAF Detection
- OSINT Capabilities
- Meta info Gathering
- Employees Gathering
- Email Address gathering
- Google Dorking for sensitive info and urls
- Projects, create distinct project spaces, each tailored to a specific purpose, such as personal bug bounty hunting, client engagements, or any other specialized recon task.
- Perform Advanced Query lookup using natural language alike and, or, not operations
- Highly configurable YAML-based Scan Engines
- Support for Parallel Scans
- Support for Subscans
- Recon Data visualization
- GPT Vulnerability Description, Impact and Remediation generation
- GPT Attack Surface Generator
- Multiple Roles and Permissions to cater a team's need
- Customizable Alerts/Notifications on Slack, Discord, and Telegram
- Automatically report Vulnerabilities to HackerOne
- Recon Notes and Todos
- Clocked Scans (Run reconnaissance exactly at X Hours and Y minutes) and Periodic Scans (Runs reconnaissance every X minutes/- hours/days/week)
- Proxy Support
- Screenshot Gallery with Filters
- Powerful recon data filtering with autosuggestions
- Recon Data changes, find new/removed subdomains/endpoints
- Tag targets into the Organization
- Smart Duplicate endpoint removal based on page title and content length to cleanup the reconnaissance data
- Identify Interesting Subdomains
- Custom GF patterns and custom Nuclei Templates
- Edit tool-related configuration files (Nuclei, Subfinder, Naabu, amass)
- Add external tools from GitHub/Go
- Interoperable with other tools, Import/Export Subdomains/Endpoints
- Import Targets via IP and/or CIDRs
- Report Generation
- Toolbox: Comes bundled with most commonly used tools during penetration testing such as whois lookup, CMS detector, CVE lookup, etc.
- Identification of related domains and related TLDs for targets
- Find actionable insights such as Most Common Vulnerability, Most Common CVE ID, Most Vulnerable Target/Subdomain, etc.
- You can now use local LLMs for Attack surface identification and vulnerability description (NEW: reconPoint 2.1.0)
-
Clone the repository
git clone https://github.com/khulnasoft/reconpoint && cd reconpoint
-
Configure the environment
nano .env
Ensure you change the
POSTGRES_PASSWORDfor security. -
(Optional) For non-interactive install, set admin credentials in
.envDJANGO_SUPERUSER_USERNAME=yourUsername [email protected] DJANGO_SUPERUSER_PASSWORD=yourStrongPassword
If you need to carry out a non-interactive installation, you can setup the login, email and password of the web interface admin directly from the .env file (instead of manually setting them from prompts during the installation process). This option can be interesting for automated installation (via ansible, vagrant, etc.).
-
DJANGO_SUPERUSER_USERNAME: web interface admin username (used to login to the web interface). -
DJANGO_SUPERUSER_EMAIL: web interface admin email. -
DJANGO_SUPERUSER_PASSWORD: web interface admin password (used to login to the web interface).
-
-
Adjust Celery worker scaling in
.envMAX_CONCURRENCY=80 MIN_CONCURRENCY=10
MAX_CONCURRENCY: This parameter specifies the maximum number of reconPoint's concurrent Celery worker processes that can be spawned. In this case, it's set to 80, meaning that the application can utilize up to 80 concurrent worker processes to execute tasks concurrently. This is useful for handling a high volume of scans or when you want to scale up processing power during periods of high demand. If you have more CPU cores, you will need to increase this for maximised performance.MIN_CONCURRENCY: On the other hand, MIN_CONCURRENCY specifies the minimum number of concurrent worker processes that should be maintained, even during periods of lower demand. In this example, it's set to 10, which means that even when there are fewer tasks to process, at least 10 worker processes will be kept running. This helps ensure that the application can respond promptly to incoming tasks without the overhead of repeatedly starting and stopping worker processes.These settings allow for dynamic scaling of Celery workers, ensuring that the application efficiently manages its workload by adjusting the number of concurrent workers based on the workload's size and complexity.
Here is the ideal value for
MIN_CONCURRENCYandMAX_CONCURRENCYdepending on the number of RAM your machine has:- 4GB:
MAX_CONCURRENCY=10 - 8GB:
MAX_CONCURRENCY=30 - 16GB:
MAX_CONCURRENCY=50
This is just an ideal value which developers have tested and tried out and works! But feel free to play around with the values. Maximum number of scans is determined by various factors, your network bandwidth, RAM, number of CPUs available. etc
- 4GB:
-
Run the installation script:
sudo ./install.sh
For non-interactive install:
sudo ./install.sh -nNote: If needed, run
chmod +x install.shto grant execution permissions.
reconPoint can now be accessed from https://127.0.0.1 or if you're on the VPS https://your_vps_ip_address
Unless you are on development branch, please do not access reconPoint via any ports
For Mac, Windows, or other systems, refer to our detailed installation guide https://recon.khulnasoft.com/install/detailed/
If you encounter any issues during installation or prefer a visual guide, one of our community members has created an excellent installation video for Kali Linux installation. You can find it here: https://www.youtube.com/watch?v=7OFfrU6VrWw
Please note: This is community-curated content and is not owned by reconPoint. The installation process may change, so please refer to the official documentation for the most up-to-date instructions.
-
To update reconPoint, run:
cd reconpoint && sudo ./update.sh
If
update.shlacks execution permissions, use:sudo chmod +x update.sh
reconPoint has a vibrant community that often creates helpful content about installation, features, and usage. Below is a collection of community-curated videos that you might find useful. Please note that these videos are not official reconPoint content, and the information they contain may become outdated as reconPoint evolves.
Always refer to the official documentation for the most up-to-date and accurate information. If you've created a video about reconPoint and would like it featured here, please send a pull request updating this table.
| Video Title | Language | Uploader | Date | Link |
|---|---|---|---|---|
| reconPoint Installation on Kali Linux | English | Secure the Cyber World | 2024-02-29 | Watch |
| Resultados do ReconPoint - Automaรงรฃo para Recon | Portuguese | Guia Anรดnima | 2023-04-18 | Watch |
| reconPoint Introduction | Moroccan Arabic | Th3 Hacker News Bdarija | 2021-07-27 | Watch |
We appreciate the community's contributions in creating these resources.
We welcome contributions of all sizes! The open-source community thrives on collaboration, and your input is invaluable. Whether you're fixing a typo, improving UI, or adding new features, every contribution matters.
How you can contribute:
- Code improvements
- Documentation updates
- Bug reports and fixes
- New feature suggestions and implementations
- UI/UX enhancements
To get started:
- Check our Contributing Guide
- Pick an open issue or propose a new one
- Fork the repository and create your branch
- Make your changes and submit a pull request
Remember, no contribution is too small. Your efforts help make reconPoint better for everyone!
When submitting issues, provide as much valuable information as possible to help developers resolve the problem quickly. Follow these steps to gather detailed debug information:
-
Enable Debug Mode:
-
Edit
web/entrypoint.shin the project root -
Add
export DEBUG=1at the top of the file:#!/bin/bash export DEBUG=1 python3 manage.py migrate python3 manage.py runserver 0.0.0.0:8000 exec "$@"
-
Restart the web container:
docker-compose restart web
-
-
View Debug Output:
- Run
make logsto see the full stack trace - Check the browser's developer console for XHR requests with 500 errors
- Run
-
Example Debug Output:
web_1 | File "/usr/local/lib/python3.10/dist-packages/celery/app/task.py", line 411, in __call__ web_1 | return self.run(*args, **kwargs) web_1 | TypeError: run_command() got an unexpected keyword argument 'echo' -
Submit Your Issue:
- Include the full stack trace in your GitHub issue
- Describe the steps to reproduce the problem
- Mention any relevant system information
-
Disable Debug Mode:
- Set
DEBUG=0inweb/entrypoint.sh - Restart the web container
- Set
By providing this detailed information, you significantly help developers identify and fix issues more efficiently.
reconPoint is an open-source project that welcomes contributors of all experience levels, including beginners. If you've never contributed to open source before, we encourage you to start here!
- We're proud to support your first Pull Request (PR)
- Check our open issues for starter-friendly tasks
- Don't hesitate to ask questions in our community channels
Your contribution, no matter how small, is valuable to us.
Before seeking support:
- Please carefully read the README and documentation at recon.khulnasoft.com.
- Most common questions and issues are addressed there.
If you still need assistance:
- Do not use GitHub issues for support requests.
- Join our community-maintained Discord channel.
Please note:
- The Discord channel is maintained by the community.
- While we strive to help, there's no guarantee of support or response time.
- For confirmed bugs or feature requests, consider opening a GitHub issue.
reconPoint is a passion project developed in my free time, alongside my day job. Your support helps keep this project alive and growing. Here's how you can contribute:
- Add a GitHub Star to the project.
- Share about reconPoint on social media or in blog posts
- Nominate me for GitHub Stars?
- Use my DigitalOcean referral link to get $100 credit (I receive $25)
Your support, whether through donations or simply giving a star, tells me that reconPoint is valuable to you. It motivates me to continue improving and adding features to make reconPoint the go-to tool for reconnaissance.
Thank you for your support!
We appreciate your efforts to responsibly disclose your findings and will make every effort to acknowledge your contributions.
To report a security vulnerability, please follow these steps:
-
Do Not disclose the vulnerability publicly on GitHub issues or any other public forum.
-
Go to the Security tab of the reconPoint repository.
-
Click on "Report a vulnerability" to open GitHub's private vulnerability reporting form.
-
Provide a detailed description of the vulnerability, including:
- Steps to reproduce
- Potential impact
- Any suggested fixes or mitigations (if you have them)
-
I will review your report and respond as quickly as possible, usually within 48-72 hours.
-
Please allow some time to investigate and address the vulnerability before disclosing it to others.
We are committed to working with security researchers to verify and address any potential vulnerabilities reported to us. After fixing the issue, we will publicly acknowledge your responsible disclosure, unless you prefer to remain anonymous.
Thank you for helping to keep reconPoint and its users safe!
Distributed under the GNU GPL v3 License. See LICENSE for more information.
Note: Parts of this README were written or refined using AI language models.
