ReconScan provides a Python-based framework for automating network reconnaissance and vulnerability assessment, targeting penetration testers and security professionals. It aggregates results from various open-source tools to streamline the initial phases of a pentest, offering a consolidated view of potential attack vectors and known vulnerabilities.

How It Works

The project consists of two main scripts: recon.py and vulnscan.py. recon.py orchestrates a series of common reconnaissance tools (nmap, amap, nikto, dirb, hydra, enum4linux, etc.) to scan all TCP/UDP ports, identify services, and gather detailed information. vulnscan.py then analyzes identified software and versions, leveraging CPE names to query vulnerability databases and identify publicly available exploits, linking to resources like ExploitDB and SecurityFocus.

Quick Start & Requirements

• Install via pip or clone the repository.
• Requires a pentesting-oriented Linux distribution (e.g., Kali Linux) with pre-installed tools like nmap, nikto, dirb, hydra, enum4linux, etc.
• Example usage: ./recon.py -v <target_ip>
• See example runs in the README.

Highlighted Details

• Automates comprehensive port scanning, service enumeration, and vulnerability identification.
• vulnscan.py uses a CPE alias list for more accurate vulnerability matching.
• Vulnerabilities are color-coded based on exploit availability (gray: none, yellow: limited, red: public exploit).
• Provides direct links to ExploitDB, SecurityFocus, and Metasploit for identified vulnerabilities.

Maintenance & Community

• The project was initiated by RoliSoft.
• No specific community channels (Discord/Slack) or roadmap are mentioned in the README.

Licensing & Compatibility

• Licensed under the GNU Affero General Public License v3.0.
• This license is copyleft and may have implications for commercial use or integration into proprietary software.
• Notes that some invoked tools (e.g., nmap) may have their own restrictive licensing.

Limitations & Caveats

• The script is designed to complement, not replace, commercial vulnerability scanners.
• Success relies heavily on the correct installation and configuration of numerous external tools.
• The README mentions that curated lists for ExploitDB and SecurityFocus might be missing, potentially affecting the accuracy of exploit links.