β‘ Professional Reconnaissance Framework for Authorized Security Testing Coded by Mr Psycho GitHub: https://github.com/psychohackers
RedRecon is a modular, multi-threaded reconnaissance toolkit built for red teamers, bug bounty hunters, and penetration testers.
It combines DNS enumeration, HTTP probing, port scanning, misconfiguration detection, takeover detection, and more β into a single powerful CLI + interactive framework.
This tool is designed strictly for:
- Authorized security testing
- Bug bounty programs
- Lab environments
- Educational cybersecurity research
- Multi-threaded DNS brute-force
- Randomized resolver selection
- CNAME detection
- Wordlist variation generator
- HTTPS + HTTP auto fallback
- Status code detection
- Content length detection
- Redirect handling
- Scans 25+ common service ports
- Concurrent TCP scanning
- Detects open services
-
Fingerprint-based detection
-
Active payload probing
-
Detects:
- Cloudflare
- AWS WAF
- Akamai
- Imperva
- Sucuri
- ModSecurity
- F5 BIG-IP
- Fortinet
- Apache / Nginx
- Detects dangling CNAMEs
- Matches provider fingerprints
- Identifies takeover-prone services
- Cipher detection
- Protocol version check
- Expiry analysis
- Outdated TLS version detection
Checks missing:
- HSTS
- CSP
- X-Frame-Options
- X-Content-Type-Options
- Referrer-Policy
- Permissions-Policy
- Wildcard origin detection
- Origin reflection detection
- Credential exposure analysis
- Public bucket detection
- Access denied bucket detection
- Common naming brute-force
- Tests common redirect parameters
- Checks Location header reflection
- TE.CL mismatch detection
- Transfer-Encoding + Content-Length behavior analysis
- Duplicate parameter reflection testing
RedRecon is built using:
requestsfor HTTP interactionsdnspythonfor DNS resolutionsocketfor raw TCP testingssl + cryptographyfor TLS parsingrichfor advanced UIprompt_toolkitfor interactive modeconcurrent.futuresfor multi-threading
Each module runs independently and can be selectively enabled.
git clone https://github.com/psychohackers/redrecon.git
cd redreconpython -m venv venv
source venv/bin/activate
pip install -r requirements.txtIf installing manually:
pip install rich dnspython requests cryptography pyfiglet prompt_toolkitRun without arguments:
python subdomain.pyLaunches full interactive configuration UI:
- Target input
- Wordlist selection
- Thread configuration
- Module selection
- Output format selection
Basic usage:
python subdomain.py -d example.com -w wordlist.txtpython subdomain.py -d DOMAIN -w WORDLIST [OPTIONS]| Argument | Description |
|---|---|
-d, --domain |
Target domain |
-w, --wordlist |
Path to subdomain wordlist |
-t, --threads |
Number of threads (default: 30) |
--timeout |
Request timeout in seconds |
-o, --output |
Save output file |
--format |
txt, json, csv, html |
--modules |
Select modules (comma-separated) |
--variations |
Generate wordlist variations |
--list-modules |
Show available modules |
Run specific modules:
python subdomain.py -d example.com -w wordlist.txt --modules dns,http,ssl,headersAvailable module keys:
dns
http
ports
waf
takeover
ssl
headers
cors
s3
redirect
smuggling
pollution
RedRecon supports:
- TXT
- JSON
- CSV
- HTML (styled report)
Example:
python subdomain.py -d example.com -w wordlist.txt -o report.html --format htmlpython subdomain.py -d example.com \
-w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt \
-t 50 \
--timeout 10 \
--modules dns,http,ports,ssl,headers,cors,s3 \
-o output.json- Load wordlist
- Generate variations (optional)
- DNS brute-force
- HTTP probing
- Run selected modules
- Generate findings
- Output summary + report
This tool is intended for:
- Authorized penetration testing
- Bug bounty programs
- Lab environments
β Running against systems without permission is illegal.
The author is not responsible for misuse.
Unlike basic recon scripts, RedRecon provides:
- Modular architecture
- Interactive UI
- Professional reporting
- Severity classification
- Parallel scanning engine
- Red-team focused checks
- Clean findings model
Itβs not just a script β itβs a recon framework.
- Shodan integration
- WHOIS analysis
- ASN enumeration
- Screenshot capture
- JavaScript endpoint extraction
- Directory fuzzing module
- Proxy support (Burp/ZAP)
Mr Psycho Cybersecurity Researcher | Red Team Enthusiast Instagram: @the_psycho_of_hackers GitHub: https://github.com/psychohackers