NetRecon

Features · Quick Start · How it works · Safety

Description

Netrecon Intel is a network reconnaissance and defensive intelligence toolkit designed for discovering, analyzing, and contextualizing network assets. It combines active and passive scanning techniques with offline enrichment and flexible export formats, making it suitable for both security assessments and continuous monitoring.

The tool provides asynchronous scanning, local vulnerability context, and a live web interface for real-time visibility into network activity.

---

Features

• Network discovery using ARP, ICMP, TCP, UDP, and passive sources

• Service enrichment including DNS resolution, banners, TLS, and HTTP fingerprints

• Optional SNMP data collection

• Asynchronous port scanning with safe defaults and configurable ranges

• Offline defensive intelligence using local rules and NVD JSON 2.0 ingestion

• Multiple export formats:

  • JSON
  • GraphML
  • GEXF
  • Cytoscape
  • Obsidian Canvas
  • Neo4j CSV
  • Sigma.js JSON
  • STIX bundle

• Live local web UI during scans

• Agent mode for periodic monitoring

---

Screens and Usage Modes

Main usage modes include:

• Scan (on-demand reconnaissance)
• Agent (continuous monitoring)
• Profiles (predefined scan configurations)
• Live UI (real-time visualization)

---

How it works

1. The scanner targets a network range (e.g., 192.168.1.0/24).
2. It performs host discovery using multiple techniques (ARP, ICMP, etc.).
3. Active services are probed via TCP/UDP scanning.
4. Detected services are enriched with metadata such as DNS, banners, TLS, and HTTP fingerprints.
5. Optional offline vulnerability context is applied using local datasets.
6. Results are stored and can be exported in multiple structured formats.
7. If enabled, a live web UI displays results in real time.

---

Install

Python 3.10 or newer is recommended.

python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt

---

Quick start

Run a basic scan:

python3 main.py scan 192.168.1.0/24 -o recon_out

---

Live UI during scan

python3 main.py scan 192.168.1.0/24 --serve --live-interval 1 -o recon_out

---

Deep scan (maximum detail)

python3 main.py scan 192.168.1.0/24 --serve --type deep -o recon_out

---

Profiles

List available profiles:

python3 main.py profiles list

Show details of a profile:

python3 main.py profiles show deep

---

Agent mode (continuous monitoring)

python3 main.py agent 192.168.1.0/24 --db netrecon.sqlite --type medium -o agent_out

---

Profiles

NetRecon Intel includes predefined scan profiles for different use cases:

• Light – Fast, minimal scanning
• Medium – Balanced scanning and enrichment
• Deep – Maximum discovery and enrichment

Profiles control scan intensity, enabled modules, and enrichment depth.

---

Data and privacy

All scan results and enrichment data are stored locally.

• No external services are required by default
• Offline vulnerability data ensures privacy
• Exported files remain fully under your control

Only scan networks you own or have explicit permission to assess.

---

Repository layout

• main.py Entry point and CLI interface
• docs/ Documentation and usage guides
• requirements.txt Python dependencies
• ToADD.md Backlog and planned features

---

Documentation

• CLI reference and examples: docs/USAGE.md
• Backlog / ideas: ToADD.md

---

Troubleshooting

Scan requires elevated privileges

Some scan modes (e.g., raw socket operations) may require root/admin privileges:

• Linux/macOS: run with sudo
• Windows: run terminal as Administrator

---

Slow scan performance

• Reduce scan type (--type light or medium)
• Limit port ranges
• Disable enrichment features if not needed

---

No hosts discovered

• Verify network connectivity
• Ensure ICMP/ARP is not blocked
• Try different discovery methods or profiles

---

Safety notes

• Use only on networks you own or have explicit permission to test
• Certain scan modes (--mode raw) may require elevated privileges
• Be mindful of network impact when running deep scans