Share
## https://sploitus.com/exploit?id=99C68B4E-5C83-5493-B21F-3414AAEB0B01
# ๐ reconx - Modular Penetration Testing Framework
[](https://www.python.org/downloads/)
[](https://opensource.org/licenses/MIT)
[](https://docs.python.org/3/library/asyncio.html)
> **reconx** is a comprehensive, CLI-driven penetration testing framework that automates the full reconnaissance-to-exploitation pipeline with intelligent false-positive filtering.
## ๐ Key Features
- **6-Phase Pipeline**: Complete workflow from subdomain discovery to targeted exploitation
- **Intelligent FP Filter**: Confidence-based scoring engine reduces noise by 60-80%
- **Async Architecture**: High-performance concurrent execution with rate limiting
- **Modular Design**: Run individual phases or full pipeline
- **Resume Support**: Re-run skips completed phases (unless `--force`)
- **Manual Review TUI**: Interactive terminal UI for uncertain findings
- **Multi-Format Reports**: JSON, HTML, and Markdown output
## ๐๏ธ Architecture
```
Phase 1: Discovery โ subfinder, amass, assetfinder, crt.sh
โ
Phase 2: Probing โ httpx, masscan, nmap, wafw00f
โ
Phase 3: Crawling โ katana, gospider, waybackurls, linkfinder
โ
Phase 4: Enumeration โ ffuf, feroxbuster, paramspider, arjun, gf
โ
Phase 5: Scanning โ nuclei, secretfinder, trufflehog, nikto
โ
FP Filter โ Scoring engine routes findings
โ
Phase 6: Exploitation โ sqlmap, dalfox, ssrfire, jwt-tool
```
## ๐ Quick Start
### Installation
```bash
# Clone the repository
git clone https://github.com/yourusername/reconx.git
cd reconx
# Install Python dependencies
pip3 install -r requirements.txt
# Install external security tools
sudo bash setup_tools.sh
```
### Initialize & Run
```bash
# Create configuration template
python3 main.py init
# Edit config.yaml with your target settings
vim config.yaml
# Run full pipeline
python3 main.py run --target example.com --config config.yaml
```
## ๐ Usage Examples
### Run Specific Phase
```bash
python3 main.py run --target example.com --phase 1 # Discovery only
```
### Resume from Phase
```bash
python3 main.py run --target example.com --from-phase 3
```
### Manual Review
```bash
python3 main.py review --target example.com
```
### Generate Report
```bash
python3 main.py report --target example.com --format html --output report.html
```
## ๐ง Configuration
Minimal `config.yaml`:
```yaml
target: example.com
scope: [] # Accept all (or specify ["*.example.com"])
exclude: []
rate_limit: 50
threads: 20
timeout: 10
tools: {}
```
## ๐ Output Structure
```
workspaces/
โโโ example.com/
โโโ phase1_output.json # Discovered subdomains
โโโ phase2_output.json # HTTP probes with tech stack
โโโ phase3_output.json # Crawled URLs
โโโ phase4_output.json # Discovered parameters
โโโ phase5_output.json # Raw findings
โโโ confirmed_findings.json # High-confidence findings
โโโ review_queue.json # Medium-confidence (manual review)
โโโ dropped_findings.json # Low-confidence (filtered)
โโโ exploit_results.json # Exploitation results
โโโ raw/ # Tool raw outputs
โโโ logs/ # Execution logs
โโโ exploits/ # Exploitation artifacts
```
## ๐ง False Positive Filter
Intelligent scoring system:
- **Positive signals**: Response diff (+30), nuclei matcher (+25), CVE match (+20)
- **Negative signals**: WAF detected (-15), timing-only (-20), generic template (-10)
- **Routing**: โฅ50=auto-confirm, 20-49=manual review,
Made with โค๏ธ for the security community
Automate the boring, focus on the critical