xRecon is a Bash-based automated reconnaissance and vulnerability scanning tool designed for penetration testers, security researchers, and ethical hackers.
It automates the process of:
- Target discovery
- Service enumeration
- Basic vulnerability detection
- π Live host detection (IP & Domain)
- π WHOIS lookup for domain intelligence
- β‘ Nmap scanning:
- Service detection (-sV)
- Default scripts (-sC)
- OS detection (-O)
- π οΈ Detection of outdated software:
- Apache (< 2.4)
- OpenSSH (< 7.2)
- vsftpd 2.3.x
- MySQL (< 5.5)
- π Web vulnerability scanning with Nikto
- π¨ Automatic parsing of high/critical vulnerabilities
- βοΈ Parallel scanning support (GNU Parallel)
- π§Ύ Organized output per target
- π Logging system with timestamps
- π¦ Auto-install required dependencies
git clone https://github.com/x0ph3nt/xRecon.git
cd xRecon
chmod +x xRecon.sh./xRecon.sh example.com./xRecon.sh target1.com target2.com 192.168.1.1./xRecon.sh -f targets.txtoutput/
βββ logs.txt
βββ vulnerabilities.txt
βββ <target>/
βββ whois.txt
βββ nmap.txt
βββ nikto.txt
- Checks required tools and installs missing dependencies
- Verifies if target is alive:
- Ping (for IPs)
- Common ports (fallback)
- DNS resolution (for domains)
- Runs WHOIS lookup
- Performs Nmap scan
- Detects outdated services
- If web service detected:
- Runs Nikto scan
- Extracts critical findings
- Saves all results in structured output
- Linux (Kali, Ubuntu, Debian)
- Bash
- Root privileges (for installation & scanning)
This tool is intended for:
- β Ethical hacking
- β Penetration testing labs (TryHackMe, Hack The Box)
- β Educational purposes
Do NOT use against targets without permission. Unauthorized scanning is illegal.
π¨βπ» Abdulaziz Alsalahi (x0ph3nt)
MIT License