A Lightweight, Threaded Reconnaissance CLI for Web Security Assessment
SecRecon is a Python-based command-line reconnaissance tool designed to perform quick, lightweight web security assessments.
It automates the process of gathering publicly available information about a target website using a multi-threaded approach. Unlike heavy vulnerability scanners, SecRecon focuses on passive and lightweight active reconnaissance to give you a security snapshot in seconds.
This tool is ideal for security learners, developers, and researchers who need a fast alternative to heavy recon tools.
Checks for presence and configuration of modern security headers, including:
- HSTS (Strict-Transport-Security)
- CSP (Content-Security-Policy)
- Anti-Clickjacking (X-Frame-Options)
- permissions-policy, COOP, COEP, CORP (New!)
- User-Agent spoofing to bypass basic bot detection.
- Uses
ThreadPoolExecutorfor fast, parallel DNS resolution. - Includes a built-in wordlist of common subdomains (e.g.,
www,api,dev,jenkins,vpn). - Supports custom wordlists.
- Scans top 20+ common ports (HTTP, HTTPS, SSH, FTP, RDP, SMB, MySQL, etc.).
- Identifies open ports and service names quickly.
Automatically fetches key DNS records:
- A (IPv4 Addresses)
- MX (Mail Servers)
- TXT (SPF, Verification tokens)
- NS (Name Servers)
- Parses robots.txt to discover hidden or disallowed paths.
- Checks for sitemap.xml existence.
- Pretty Console Output: Colorized (if supported) and easy to read.
- JSON Export: Full machine-readable output for pipeline integration.
- Security Score: precise 0-100 scoring algorithm.
-
Clone the repository
git clone https://github.com/<your-username>/SecRecon.git cd SecRecon
-
Set up a Virtual Environment (Recommended)
# MacOS/Linux python3 -m venv venv source venv/bin/activate # Windows python -m venv venv venv\Scripts\activate
-
Install Dependencies
pip install -r requirements.txt
Run the tool simply by pointing it at a target URL.
python -m secrecon.cli https://example.com# Export results to JSON
python -m secrecon.cli https://example.com --json > report.json
# Skip subdomain scan (faster)
python -m secrecon.cli https://example.com --no-subdomains
# Use a custom subdomain wordlist
python -m secrecon.cli https://example.com --wordlist my_wordlist.txt============================================================
Target: https://example.com (HTTP 200)
------------------------------------------------------------
Security Score: 75/100
[+] Security Headers:
[MISSING / WEAK]:
- Content-Security-Policy
- Permissions-Policy
[FOUND]:
- Strict-Transport-Security
- X-Frame-Options
[+] Technologies: Nginx, Docker
[+] SSL/TLS Certificate:
CN: example.com
Issuer: DigiCert Inc
Valid from: 2024-01-01 to 2024-12-31
[+] Open Ports (Top 20):
- 80 (HTTP)
- 443 (HTTPS)
- 22 (SSH)
[+] DNS Records:
NS: a.iana-servers.net
MX: 10 mail.example.com
[+] Crawl Info:
robots.txt Disallow entries:
- /admin/
- /private/
[+] Subdomains (2 found):
- www.example.com -> 93.184.216.34
- api.example.com -> 93.184.216.35
============================================================
Avanthika Anand
X: av4nth1ka