ReconPlus

From surface scan to attack story.

ReconPlus is a cyber assessment platform that blends web reconnaissance, host inspection, CVE enrichment, risk scoring, attack-path reasoning, and report generation into one workflow. Instead of dumping raw scanner output, it tries to turn technical noise into a readable security narrative with evidence, priority, and next steps.

It is built for teams who want more than a port list and less than a week of manual stitching.

Why It Exists

Most security tooling answers one narrow question well. ReconPlus is meant to connect the dots:

• What is exposed?
• What is running?
• What is vulnerable?
• What can be chained together?
• What should be fixed first?

Core Capabilities

• Subdomain and live-host discovery
• Web technology fingerprinting
• Directory and endpoint enumeration
• Web vulnerability scanning
• Device and service exposure analysis
• Privilege-escalation checks
• CVE enrichment and weighted risk scoring
• Attack-chain construction
• JSON, HTML, PDF, and executive-style reporting
• React frontend plus Flask API for running scans and viewing results

Repo Layout

• app.py: Flask API and backend web entrypoint
• main.py: scan orchestration and report pipeline
• core/: scoring, risk analysis, reporting, remediation, attack-chain logic
• modules/: wrappers for recon and vulnerability tooling
• frontend/: React dashboard and user-facing interface
• templates/: fallback HTML templates
• docs/: deeper system documentation

Outputs

Generated at runtime:

• output/recon.json
• output/report.html
• output/report.pdf

Quick Start

Backend:

python -m venv .venv
.venv\Scripts\activate
pip install -r requirements.txt
python app.py

Linux or WSL:

python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
python3 app.py

Frontend:

cd frontend
npm install
npm run build

CLI examples:

python main.py --test
python main.py --demo
python main.py example.com

External Tooling

ReconPlus supports graceful fallback when tools are missing, but full capability depends on installed tooling such as:

• subfinder
• amass
• httpx
• nuclei
• whatweb
• naabu
• nikto
• EyeWitness
• nmap
• rkhunter
• auditd / ausearch
• john

Use /api/health and scan warnings in generated reports to confirm availability.

Disclaimer

ReconPlus is intended for authorized security testing, research, lab work, and defensive assessment only.

• Run it only against systems, domains, networks, and devices you own or are explicitly permitted to test.
• The project may invoke aggressive recon or scanning tools that can generate traffic, logs, alerts, or operational impact.
• The maintainers and contributors are not responsible for misuse, unauthorized testing, damage, downtime, or legal consequences resulting from its use.

License

This repository is licensed under the MIT License.

That is fine for this Git repository as long as you have the right to license all original code and assets included here under MIT. Third-party dependencies and bundled tools still keep their own licenses.

More Docs

• SETUP.md
• docs/RECONPLUS_SYSTEM_DOCUMENTATION.md

Notes

• Do not commit local virtual environments, generated reports, or __pycache__ directories.
• If you are on Windows and need full local-service support, WSL is the safest path.