NetRecon is a modular reconnaissance framework for authorized security testing, combining guided learning workflows with high-speed automated scanning.
It supports interactive usage for learners and fast flag-based execution for automation and repeatable security assessments.
Author: voltsparx
Contact: voltsparx@gmail.com
Use this tool only on systems you own or have explicit written permission to assess.
Unauthorized scanning may violate law and policy. You are responsible for compliant use.
- NetRecon is for defensive security testing and learning in authorized environments only.
- Do not scan public or private infrastructure without explicit approval.
- Do not use findings for exploitation, disruption, or unauthorized access.
- Always operate within legal scope, written rules of engagement, and local law.
- Interactive mode with guided prompts and metadata banner
- Argparse mode with compact, industry-familiar scan output
- Single host, CIDR, and multi-target scanning
- Hybrid engine stack (threading + parallel + async) for faster execution
- Timing templates (
-T0to-T5) with adaptive RTT timeout tuning - Host grouping scheduler for large target sets
- Target/port exclusion controls
- Optional host timeout guardrails for unstable targets
- Periodic progress ticker for long scans
- Service probe engine with intensity levels and fallback logic
- TCP connect scanning with retry, timeout, and jitter controls
- Optional SYN scan mode (Scapy + elevated privileges)
- Service fingerprinting and OS inference
- Plugin-based intelligence and misconfiguration checks
- CVE hint correlation
- Report export: CLI, JSON, HTML
- π Security students learning reconnaissance workflows
- π‘οΈ Blue teams performing internal audits
- π§ͺ Researchers building scanning pipelines
- π§βπ« Educators running lab environments
- Python 3.8+
scapy(required for SYN scanning)
pip install -r requirements.txtpython netrecon.pyBehavior
- Clears terminal (Windows + Unix)
- Displays banner, version, author, and contact
- Prompts for profile, plugins, and report export
python netrecon.py <target> [options]Behavior
- Does not clear terminal
- Displays compact scan header and tabular output
- Ideal for scripts and automation
python netrecon.py --help
python netrecon.py --about
python netrecon.py --launch-modes
python netrecon.py --list-profilespython netrecon.py 192.168.1.10 -p quickpython netrecon.py 10.0.0.0/24 -p aggressive --plugins --json --htmlpython netrecon.py example.com -p web --plugins --htmlpython netrecon.py 192.168.1.10 -p stealth --syn -spython netrecon.py 10.0.0.0/24 -p root --sudo --json --htmlpython netrecon.py 192.168.1.10 -p quickpython netrecon.py 192.168.1.0/24 -p aggressive --pluginspython netrecon.py example.com --ports 22,80,443,8443 --pluginspython netrecon.py 10.10.10.0/24 -p vuln --plugins --json --htmlpython netrecon.py 10.0.0.0/24 -p aggressive --exclude 10.0.0.1,10.0.0.2 --exclude-ports 23,445python netrecon.py 192.168.1.10 -p quick --json --html --save-prefix office_audit| Option | Description |
|---|---|
target |
IP, hostname, CIDR, or comma-separated hosts |
-p, --profile |
quick Β· stealth Β· aggressive Β· web Β· vuln Β· root |
-o, --ports |
Port expression (22,80,443 or 1-1024) |
-t, --threads |
Scanner thread count |
-w, --host-workers |
Concurrent host workers |
-g, --host-group-size |
Hosts per execution group |
-k, --plugin-workers |
Plugin worker threads per host |
-a, --async-limit |
Async enrichment concurrency |
-T, --timing-template |
Timing template (0β5) |
-i, --service-intensity |
Probe intensity (0β9) |
-z, --host-timeout |
Host timeout (seconds) |
-A, --stats-every |
Progress interval |
-O, --timeout |
Socket timeout |
-m, --min-rtt-timeout |
Minimum RTT timeout |
-M, --max-rtt-timeout |
Maximum RTT timeout |
-r, --retries |
Retries per probe |
-R, --rate-limit |
Delay between probes |
-q, --exclude-ports |
Exclude ports |
-E, --exclude |
Exclude targets |
-e, --exclude-file |
Exclude targets from file |
-P, --plugins |
Enable plugins |
-j, --json |
Save JSON report |
-H, --html |
Save HTML report |
-f, --save-prefix |
Custom report prefix |
-n, --no-discovery |
Skip ping discovery |
-y, --syn |
Force SYN mode |
-x, --root-scan |
Require privileged scan |
-u, --sudo |
Relaunch with sudo |
-s, --stealth |
Enable stealth timing |
-V, --services |
Service fingerprinting |
-b, --about |
Show banner |
-L, --launch-modes |
Mode guide |
-l, --list-profiles |
List profiles |
-h, --help |
Show help |
| Profile | Purpose |
|---|---|
quick |
Fast top-ports visibility |
stealth |
Lower-noise randomized scan |
aggressive |
Deep recon with plugins and CVE hints |
web |
HTTP/TLS-focused analysis |
vuln |
Vulnerability-oriented recon |
root |
Privileged raw scan requiring admin |
Root Profile Notes
- Linux/macOS: use
--sudo - Windows: run terminal as Administrator
banner_grabberβ banners, TLS metadata, outdated version hintsdefault_credsβ default credential exposure risksdir_listingβ directory listing detectiondns_enumβ DNS enrichment & classificationopen_proxyβ proxy exposure checksssl_infoβ certificate expiry & cipher warningsvuln_headersβ missing security headersweak_sshβ legacy SSH detectionwhois_lookupβ registrar & ownership enrichment
Reports are saved in:
output/cli/output/json/output/html/
Each report includes:
- target metadata
- open ports/services
- risk classification
- plugin findings
- CVE hints
- timing metrics
Use --save-prefix <name> for deterministic filenames.
Targets β Scheduler β Scan Engine β Fingerprinting β Plugins β Risk Engine β Reports
python -B -c "import netrecon; print('import_ok')"
python -B netrecon.py --help
python -B netrecon.py --about
python -B netrecon.py --list-profiles
python -B netrecon.py 127.0.0.1 -p quick -o 80,443 -q 443 -n -A 0.5 -z 2
python -B netrecon.py 127.0.0.1 -p quick --ports 80,443,445 --plugins --json --htmlSee SECURITY.md for responsible disclosure policy.
See CODE_OF_CONDUCT.md.
MIT License. See LICENSE.