SecRecon is a comprehensive security reconnaissance framework that combines seven powerful security testing tools into one integrated platform. Whether you're conducting penetration tests, vulnerability assessments, or security audits, SecRecon provides the tools you need for thorough reconnaissance and security analysis.
- Unified Interface: Access all tools through an intuitive menu-driven interface
- Comprehensive Coverage: From credential scanning to port analysis
- Professional Reporting: Generate detailed Excel reports with actionable findings
- Flexible Deployment: Run individual tools or use the entire framework
- Cross-Platform: Works on Linux, macOS, and Windows
Scans websites for leaked credentials, API keys, and other sensitive information. Detects various types of exposed data:
- API keys (AWS, Google, Firebase, etc.)
- Tokens (JWT, OAuth, etc.)
- Passwords and private keys
- Credit card numbers and personal information
Dynamic Application Security Testing for web applications:
- SSL/TLS configuration analysis
- Security header checks
- Sensitive file exposure detection
- HTTP method testing
- Component vulnerability analysis
Comprehensive scanning for OWASP Top 10 vulnerabilities:
- Intelligent problem domain handling
- Batch processing for efficient scanning
- Advanced timeout controls
- Detailed vulnerability reports
Advanced URL credential scanner focused on API security:
- Detects exposed API credentials
- Validates authentication tokens
- Identifies cryptographic keys
- Comprehensive pattern matching
Analyzes HTTP and HTTPS implementation differences:
- Protocol accessibility analysis
- Endpoint response characteristics
- Redirect validation
- Certificate verification
Validates and enumerates subdomains:
- Parallel connection establishment
- Operational status analysis
- Response validation
- Detailed reporting
Nmap-based scanner with web technology detection:
- Service discovery
- Open port identification
- Web technology fingerprinting
- Comprehensive scan reports
- Python 3.7+
- OWASP ZAP (for OWASP Scanner)
- Various Python packages (specified in requirements.txt)
- Nmap (for Port Scanner)
-
Clone this repository:
git clone https://github.com/yourusername/SecRecon.git cd SecRecon -
Install the required dependencies:
pip install -r requirements.txt -
Set up tool-specific requirements:
python setup.py
Run the framework with the interactive menu:
python secrecon.py
Run a specific tool directly:
python secrecon.py --tool 1 # Run Credential Scanner
Tool numbers:
- Credential Scanner
- DAST Scanner
- OWASP Scanner
- Leaked API Scanner
- HTTP vs HTTPS Analyzer
- Subdomain Analyzer
- Port Scanner
Each tool generates detailed reports in various formats:
- Excel files with color-coded risk levels
- JSON data for integration with other tools
- Terminal output for immediate feedback
Reports are saved in the reports directory by default.
For detailed usage instructions for each tool, see:
- Credential Scanner Documentation
- DAST Scanner Documentation
- OWASP Scanner Documentation
- Leaked API Scanner Documentation
- HTTP vs HTTPS Analyzer Documentation
- Subdomain Analyzer Documentation
- Port Scanner Documentation
Contributions are welcome! Please feel free to submit a Pull Request.
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the MIT License - see the LICENSE file for details.
This framework is intended for security professionals and authorized testing only. Always ensure you have permission to scan the target systems. The authors are not responsible for misuse or damage caused by this tool.
- OWASP Foundation for security guidelines and ZAP
- Contributors to the original tools that have been integrated
- The security community for continuous feedback and improvements
If you have any questions or feedback, please open an issue or contact me @usualdork