Skip to content

psychohackers/RedRecon

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

4 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ”΄ RedRecon – Advanced Red Team Recon Toolkit v2.0

⚑ Professional Reconnaissance Framework for Authorized Security Testing Coded by Mr Psycho GitHub: https://github.com/psychohackers


πŸ“Œ Overview

RedRecon is a modular, multi-threaded reconnaissance toolkit built for red teamers, bug bounty hunters, and penetration testers.

It combines DNS enumeration, HTTP probing, port scanning, misconfiguration detection, takeover detection, and more β€” into a single powerful CLI + interactive framework.

This tool is designed strictly for:

  • Authorized security testing
  • Bug bounty programs
  • Lab environments
  • Educational cybersecurity research

πŸ”₯ Core Features

🌐 Subdomain Enumeration

  • Multi-threaded DNS brute-force
  • Randomized resolver selection
  • CNAME detection
  • Wordlist variation generator

πŸ” HTTP Probing

  • HTTPS + HTTP auto fallback
  • Status code detection
  • Content length detection
  • Redirect handling

πŸ”Œ Port Scanning

  • Scans 25+ common service ports
  • Concurrent TCP scanning
  • Detects open services

πŸ›‘ WAF Detection

  • Fingerprint-based detection

  • Active payload probing

  • Detects:

    • Cloudflare
    • AWS WAF
    • Akamai
    • Imperva
    • Sucuri
    • ModSecurity
    • F5 BIG-IP
    • Fortinet
    • Apache / Nginx

πŸ’€ Subdomain Takeover Detection

  • Detects dangling CNAMEs
  • Matches provider fingerprints
  • Identifies takeover-prone services

πŸ”’ SSL / TLS Analysis

  • Cipher detection
  • Protocol version check
  • Expiry analysis
  • Outdated TLS version detection

πŸ“‹ Security Header Audit

Checks missing:

  • HSTS
  • CSP
  • X-Frame-Options
  • X-Content-Type-Options
  • Referrer-Policy
  • Permissions-Policy

🚨 CORS Misconfiguration

  • Wildcard origin detection
  • Origin reflection detection
  • Credential exposure analysis

πŸͺ£ S3 Bucket Misconfiguration

  • Public bucket detection
  • Access denied bucket detection
  • Common naming brute-force

β†ͺ Open Redirect Detection

  • Tests common redirect parameters
  • Checks Location header reflection

πŸ“¦ HTTP Smuggling Hints

  • TE.CL mismatch detection
  • Transfer-Encoding + Content-Length behavior analysis

☣ HTTP Parameter Pollution

  • Duplicate parameter reflection testing

🧠 Architecture

RedRecon is built using:

  • requests for HTTP interactions
  • dnspython for DNS resolution
  • socket for raw TCP testing
  • ssl + cryptography for TLS parsing
  • rich for advanced UI
  • prompt_toolkit for interactive mode
  • concurrent.futures for multi-threading

Each module runs independently and can be selectively enabled.


βš™ Installation

1️⃣ Clone Repository

git clone https://github.com/psychohackers/redrecon.git
cd redrecon

2️⃣ Install Requirements

python -m venv venv
source venv/bin/activate
pip install -r requirements.txt

If installing manually:

pip install rich dnspython requests cryptography pyfiglet prompt_toolkit

πŸš€ Usage


πŸ”Ή Interactive Mode

Run without arguments:

python subdomain.py

Launches full interactive configuration UI:

  • Target input
  • Wordlist selection
  • Thread configuration
  • Module selection
  • Output format selection

πŸ”Ή CLI Mode

Basic usage:

python subdomain.py -d example.com -w wordlist.txt

Full Syntax

python subdomain.py -d DOMAIN -w WORDLIST [OPTIONS]

πŸ”§ Available Arguments

Argument Description
-d, --domain Target domain
-w, --wordlist Path to subdomain wordlist
-t, --threads Number of threads (default: 30)
--timeout Request timeout in seconds
-o, --output Save output file
--format txt, json, csv, html
--modules Select modules (comma-separated)
--variations Generate wordlist variations
--list-modules Show available modules

🎯 Module Selection

Run specific modules:

python subdomain.py -d example.com -w wordlist.txt --modules dns,http,ssl,headers

Available module keys:

dns
http
ports
waf
takeover
ssl
headers
cors
s3
redirect
smuggling
pollution

πŸ’Ύ Output Formats

RedRecon supports:

  • TXT
  • JSON
  • CSV
  • HTML (styled report)

Example:

python subdomain.py -d example.com -w wordlist.txt -o report.html --format html

πŸ“Š Example Scan

python subdomain.py -d example.com \
    -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt \
    -t 50 \
    --timeout 10 \
    --modules dns,http,ports,ssl,headers,cors,s3 \
    -o output.json

πŸ“ˆ Scan Flow

  1. Load wordlist
  2. Generate variations (optional)
  3. DNS brute-force
  4. HTTP probing
  5. Run selected modules
  6. Generate findings
  7. Output summary + report

πŸ” Security & Legal Disclaimer

This tool is intended for:

  • Authorized penetration testing
  • Bug bounty programs
  • Lab environments

⚠ Running against systems without permission is illegal.

The author is not responsible for misuse.


🧩 Why RedRecon?

Unlike basic recon scripts, RedRecon provides:

  • Modular architecture
  • Interactive UI
  • Professional reporting
  • Severity classification
  • Parallel scanning engine
  • Red-team focused checks
  • Clean findings model

It’s not just a script β€” it’s a recon framework.


πŸ›  Future Improvements (Optional Roadmap)

  • Shodan integration
  • WHOIS analysis
  • ASN enumeration
  • Screenshot capture
  • JavaScript endpoint extraction
  • Directory fuzzing module
  • Proxy support (Burp/ZAP)

πŸ‘¨β€πŸ’» Author

Mr Psycho Cybersecurity Researcher | Red Team Enthusiast Instagram: @the_psycho_of_hackers GitHub: https://github.com/psychohackers

About

No description, website, or topics provided.

Resources

License

Stars

3 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages