██████╗ ███████╗ ██████╗ ██████╗ ███╗ ██╗██╗ ██╗
██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗ ██║╚██╗██╔╝
██████╔╝█████╗ ██║ ██║ ██║██╔██╗ ██║ ╚███╔╝
██╔══██╗██╔══╝ ██║ ██║ ██║██║╚██╗██║ ██╔██╗
██║ ██║███████╗╚██████╗╚██████╔╝██║ ╚████║██╔╝ ██╗
╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝╚═╝ ╚═╝
Advanced Network Recon Tool v1.0
A full-featured network reconnaissance tool written in Bash. Built and tested on Kali Linux.
| Module | Description |
|---|---|
| 🔍 Port Scanning | Nmap SYN scan with service/version detection, fallback to pure bash /dev/tcp |
| 🏴 Banner Grabbing | Grabs service banners from FTP, SSH, HTTP, SMTP, IMAP, and more |
| 💻 OS Fingerprinting | TTL-based OS guessing + Nmap -O detection |
Banner matching against known CVEs + Nmap --script vuln + SMB null session |
|
| 🌐 Subdomain Enumeration | Wordlist brute force + crt.sh certificate transparency queries |
| 📋 WHOIS / DNS Recon | A/MX/NS/TXT/SOA records, reverse PTR, AXFR zone transfer attempt, WHOIS |
| 📄 Auto Report | Saves timestamped .txt report with all findings |
# 1. Install dependencies
sudo apt update && sudo apt install -y \
nmap netcat-traditional dnsutils whois \
curl wget smbclient openssl iputils-ping net-tools
# 2. Clone the repo
git clone https://github.com/Naimf/reconx.git
cd reconx
# 3. Make executable
chmod +x reconx.sh
# 4. (Optional) Install globally
sudo ln -s $(pwd)/reconx.sh /usr/local/bin/reconx./reconx.sh <target> [options]192.168.1.1 Single host
192.168.1.0/24 CIDR subnet
example.com Domain name
https://example.com Full URLs are auto-stripped
-p Port scan only
-b Banner grabbing only
-o OS fingerprint only
-v Vulnerability checks only
-s Subdomain enumeration only (domain targets)
-w WHOIS / DNS recon only
-r Save report to file
-a Run ALL modules (default)
-h Show help
# Full scan on a host + save report
sudo ./reconx.sh 192.168.1.10 -a -r
# Domain recon + subdomain enumeration
./reconx.sh example.com -s -w
# Subnet discovery
sudo ./reconx.sh 192.168.1.0/24 -p
# Port scan + vuln check only
sudo ./reconx.sh 10.0.0.5 -p -v[+] 21/tcp open ftp ProFTPD 1.3.5
[+] 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu
[+] 80/tcp open http Apache httpd 2.4.7
[+] 445/tcp open netbios-ssn Samba smbd 4.3.11-Ubuntu
[+] 3306/tcp open mysql MySQL (unauthorized)
[-] VULNERABLE: ProFTPD 1.3.3 detected on port 21
[-] CVE-2007-6750: LIKELY VULNERABLE
[-] SMB null session ALLOWED — information disclosure risk
[+] Likely OS: Linux/Unix (TTL ~64)
[+] 22/tcp open ssh OpenSSH 6.6.1p1 Ubuntu
[+] 80/tcp open http Apache httpd 2.4.7
[+] 9929/tcp open nping-echo Nping echo
[+] 31337/tcp open tcpwrapped
[+] A records: 45.33.32.156
[+] AAAA records: 2600:3c01::f03c:91ff:fe18:bb2f
[+] Zone transfer refused (expected)
- Bash 4.0+
- Kali Linux (recommended) or any Debian-based distro
nmap,netcat,dig,whois,curl,smbclient,openssl- Root/sudo recommended for OS detection and SYN scanning
This tool is intended for authorized security testing and educational purposes only.
Only use RECONX against systems you own or have explicit written permission to test.
Unauthorized scanning may violate local laws including the Computer Misuse Act and Bangladesh Digital Security Act.
The author is not responsible for any misuse or damage caused by this tool.
Naim — Undergraduate CS/Engineering Student
Built as a network security portfolio project.