Share
## https://sploitus.com/exploit?id=99C68B4E-5C83-5493-B21F-3414AAEB0B01
# ๐Ÿ” reconx - Modular Penetration Testing Framework

[![Python 3.11+](https://img.shields.io/badge/python-3.11+-blue.svg)](https://www.python.org/downloads/)
[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
[![Asyncio](https://img.shields.io/badge/asyncio-supported-green.svg)](https://docs.python.org/3/library/asyncio.html)

> **reconx** is a comprehensive, CLI-driven penetration testing framework that automates the full reconnaissance-to-exploitation pipeline with intelligent false-positive filtering.

## ๐ŸŒŸ Key Features

- **6-Phase Pipeline**: Complete workflow from subdomain discovery to targeted exploitation
- **Intelligent FP Filter**: Confidence-based scoring engine reduces noise by 60-80%
- **Async Architecture**: High-performance concurrent execution with rate limiting
- **Modular Design**: Run individual phases or full pipeline
- **Resume Support**: Re-run skips completed phases (unless `--force`)
- **Manual Review TUI**: Interactive terminal UI for uncertain findings
- **Multi-Format Reports**: JSON, HTML, and Markdown output

## ๐Ÿ—๏ธ Architecture

```
Phase 1: Discovery     โ†’ subfinder, amass, assetfinder, crt.sh
    โ†“
Phase 2: Probing       โ†’ httpx, masscan, nmap, wafw00f
    โ†“
Phase 3: Crawling      โ†’ katana, gospider, waybackurls, linkfinder
    โ†“
Phase 4: Enumeration   โ†’ ffuf, feroxbuster, paramspider, arjun, gf
    โ†“
Phase 5: Scanning      โ†’ nuclei, secretfinder, trufflehog, nikto
    โ†“
FP Filter              โ†’ Scoring engine routes findings
    โ†“
Phase 6: Exploitation  โ†’ sqlmap, dalfox, ssrfire, jwt-tool
```

## ๐Ÿš€ Quick Start

### Installation

```bash
# Clone the repository
git clone https://github.com/yourusername/reconx.git
cd reconx

# Install Python dependencies
pip3 install -r requirements.txt

# Install external security tools
sudo bash setup_tools.sh
```

### Initialize & Run

```bash
# Create configuration template
python3 main.py init

# Edit config.yaml with your target settings
vim config.yaml

# Run full pipeline
python3 main.py run --target example.com --config config.yaml
```

## ๐Ÿ“‹ Usage Examples

### Run Specific Phase
```bash
python3 main.py run --target example.com --phase 1  # Discovery only
```

### Resume from Phase
```bash
python3 main.py run --target example.com --from-phase 3
```

### Manual Review
```bash
python3 main.py review --target example.com
```

### Generate Report
```bash
python3 main.py report --target example.com --format html --output report.html
```

## ๐Ÿ”ง Configuration

Minimal `config.yaml`:
```yaml
target: example.com
scope: []                  # Accept all (or specify ["*.example.com"])
exclude: []
rate_limit: 50
threads: 20
timeout: 10
tools: {}
```

## ๐Ÿ“Š Output Structure

```
workspaces/
โ””โ”€โ”€ example.com/
    โ”œโ”€โ”€ phase1_output.json          # Discovered subdomains
    โ”œโ”€โ”€ phase2_output.json          # HTTP probes with tech stack
    โ”œโ”€โ”€ phase3_output.json          # Crawled URLs
    โ”œโ”€โ”€ phase4_output.json          # Discovered parameters
    โ”œโ”€โ”€ phase5_output.json          # Raw findings
    โ”œโ”€โ”€ confirmed_findings.json     # High-confidence findings
    โ”œโ”€โ”€ review_queue.json           # Medium-confidence (manual review)
    โ”œโ”€โ”€ dropped_findings.json       # Low-confidence (filtered)
    โ”œโ”€โ”€ exploit_results.json        # Exploitation results
    โ”œโ”€โ”€ raw/                        # Tool raw outputs
    โ”œโ”€โ”€ logs/                       # Execution logs
    โ””โ”€โ”€ exploits/                   # Exploitation artifacts
```

## ๐Ÿง  False Positive Filter

Intelligent scoring system:
- **Positive signals**: Response diff (+30), nuclei matcher (+25), CVE match (+20)
- **Negative signals**: WAF detected (-15), timing-only (-20), generic template (-10)
- **Routing**: โ‰ฅ50=auto-confirm, 20-49=manual review, 
  Made with โค๏ธ for the security community
  Automate the boring, focus on the critical