Share
## https://sploitus.com/exploit?id=8FE48989-1F35-5982-B3DF-01C5A72B4CB4
# Reporttool
A versatile report and attack tool that can carry out brute force, exploit XSS vulnearbilities and do SQL injections using dictionaries. It also has the functionality of NMAP, Burpsuite and Wireshark and returns a detailed report to the user with explanations
# ReconGuard – Penetration Workflow Helper

ReconGuard stitches together three battle-tested workflows—Nmap scanning, Burp-style crawling, and Wireshark-style packet capture—into a single CLI you can run on Linux targets. All module outputs are aggregated into a `pen_result` report in the working directory, alongside the raw artifacts (`nmap_.xml`, `capture_.pcap`).

## Requirements

- Python 3.8+
- `nmap` binary installed and available in `PATH`
- Linux-compatible network interface for packet capture (root or sudo recommended)
- Python dependencies in `requirements.txt`
- (Optional) SecLists installed for large SQLi/XSS wordlists: `sudo apt install seclists`
- (Optional) SecLists password lists (e.g., `Passwords/Common-Credentials/common.txt`) for form bruteforce

Install the Python packages:

```bash
python3 -m pip install -r requirements.txt
```

## Usage

```bash
python3 "recon_guard (3).py" -t example.com
```

Optional flags:

- `--interface `: Interface for packet capture (`eth0` default)
- `--skip-nmap`: Skip the Nmap phase
- `--skip-spider`: Skip the web spider/vulnerability checks
- `--skip-sniff`: Skip the packet capture
- `--nmap-args ""`: Pass raw arguments directly to Nmap (enables any advanced scan profile)
- `--sqli-wordlist `: Override SQL injection payload list (default: `/usr/share/seclists/Fuzzing/SQL Injection/Generic-SQLi.txt`)
- `--xss-wordlist `: Override reflected XSS payload list (default: `/usr/share/seclists/Fuzzing/XSS/XSS-Common.txt`)
- `--bruteforce-wordlist `: Credentials dictionary for login cracking (default: `/usr/share/seclists/Passwords/Common-Credentials/common.txt`)

During runtime, ReconGuard first runs Nmap, then launches the crawler. If it discovers input fields or ID parameters it will interactively prompt you to:

1. Launch credential brute-force attempts (against the supplied `common.txt` or your custom list).
2. Spray XSS payloads from the configured XSS wordlist.
3. Fire SQL injection payloads when ID-looking parameters or query strings are observed.

All successful payloads/credentials are appended to the `BURP` section of `pen_result` for quick copy/paste into your final report.

## Output

- `pen_result`: Consolidated text report
- `nmap_.xml`: Raw Nmap XML
- `capture_.pcap`: Packet capture ready for Wireshark

Review these artifacts to continue deeper manual testing or documentation.