Metadata-Version: 2.4
Name: openrecon
Version: 0.1.5
Summary: A lightweight, modular cybersecurity scanner
Home-page: https://github.com/R0salman/OpenRecon
Author: R0salman
Author-email: salmanalmtyry522@gmail.com
Project-URL: Bug Reports, https://github.com/R0salman/OpenRecon/issues
Project-URL: Source, https://github.com/R0salman/OpenRecon
Project-URL: Documentation, https://r0salman.github.io/OpenRecon/
Keywords: security,vulnerability scanner,xss,sql injection,cms detection,web security,penetration testing,reconnaissance,subdomain enumeration,port scanning
Platform: any
Classifier: Development Status :: 3 - Alpha
Classifier: Intended Audience :: Information Technology
Classifier: Intended Audience :: System Administrators
Classifier: Topic :: Security
Classifier: Topic :: System :: Networking :: Monitoring
Classifier: Topic :: System :: Systems Administration
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Operating System :: OS Independent
Classifier: Environment :: Console
Requires-Python: >=3.8
Description-Content-Type: text/markdown
License-File: LICENSE
Requires-Dist: validators<1.0.0,>=0.20.0
Requires-Dist: requests<3.0.0,>=2.28.0
Requires-Dist: beautifulsoup4<5.0.0,>=4.11.0
Requires-Dist: lxml<5.0.0,>=4.9.0
Requires-Dist: urllib3<3.0.0,>=1.26.0
Requires-Dist: cryptography<43.0.0,>=20.0.0
Requires-Dist: python-dotenv<2.0.0,>=0.19.0
Requires-Dist: gunicorn<22.0.0,>=20.1.0
Requires-Dist: redis<6.0.0,>=4.0.0
Requires-Dist: rq<2.0.0,>=1.10.0
Requires-Dist: Werkzeug<4.0.0,>=2.2.0
Requires-Dist: itsdangerous<3.0.0,>=2.0.0
Requires-Dist: Jinja2<4.0.0,>=3.0.0
Requires-Dist: MarkupSafe<3.0.0,>=2.1.0
Requires-Dist: click<9.0.0,>=8.0.0
Requires-Dist: certifi>=2021.10.8
Requires-Dist: charset-normalizer<4.0.0,>=2.0.0
Requires-Dist: idna<4.0.0,>=3.0
Requires-Dist: pyOpenSSL<25.0.0,>=21.0.0
Requires-Dist: six<2.0.0,>=1.15.0
Requires-Dist: cffi<2.0.0,>=1.15.0
Requires-Dist: pycparser<3.0.0,>=2.20
Requires-Dist: rich<14.0.0,>=12.0.0
Requires-Dist: python-nmap<1.0.0,>=0.7.1
Requires-Dist: aiohttp<4.0.0,>=3.8.0
Requires-Dist: dnspython<3.0.0,>=2.2.0
Requires-Dist: scapy<3.0.0,>=2.5.0
Requires-Dist: httpx<1.0.0,>=0.24.0
Requires-Dist: regex>=2022.1.1
Dynamic: author
Dynamic: author-email
Dynamic: classifier
Dynamic: description
Dynamic: description-content-type
Dynamic: home-page
Dynamic: keywords
Dynamic: license-file
Dynamic: platform
Dynamic: project-url
Dynamic: requires-dist
Dynamic: requires-python
Dynamic: summary

<h1>OpenRecon</h1>
<p>
  <em>Extensible CLI Reconnaissance & Vulnerability Assessment Tool</em>
</p>

> **Note:** This tool is currently in active development. While functional, it may contain bugs as we continue to improve it,Your feedback helps make OpenRecon better! Please report any issues.

## Overview

**OpenRecon** is an extensible, CLI-based reconnaissance and vulnerability assessment tool designed for:
- Security researchers
- Bug bounty hunters
- Penetration testers
- IT security students

This project consolidates multiple scanning techniques into a unified interface to efficiently identify vulnerabilities and surface-level threats.

**Project Background**: This is my final college project and also my first large-scale security tool — built from scratch with passion, learning, and extensive trial and error. Feedback and contributions are highly appreciated!

## Key Features

### Reconnaissance
- **Port Scanning**: Comprehensive `nmap` integration for service detection
- **Host Discovery**:
  - ARP-based scanning for local networks
  - ICMP ping sweep for wide-range detection
- **Subdomain Enumeration**: Uses `crt.sh`, DNS resolution with local caching

### Vulnerability Detection
- **XSS Scanner**: Detects reflected, stored, and DOM-based XSS
- **SQL Injection**: Identifies potential SQLi vulnerabilities
- **CSRF Scanner**: Checks for Cross-Site Request Forgery issues
- **GraphQL Scanner**: Finds exposed GraphQL endpoints
- **CMS Detection**: Fingerprints WordPress, Joomla, and other CMS platforms

## Installation

### Option 1: PyPI Installation
```bash
pip install openrecon
```
#### Troubleshooting PATH Issues
If you get a "command not found" error after installation, it may be because the executable isn’t in your system PATH (especially if using Microsoft Store Python or pip install --user). You may see a warning like:
```bash
WARNING: The script openrecon.exe is installed in 'C:\Users\...\Scripts' which is not on PATH.
```

Quick Fix (works immediately):
```bash
python -m openrecon --help
```

**Permanent Fix — Add to PATH:**
- Copy the Scripts directory path shown in the warning message
- Press Win + R, type sysdm.cpl, and press Enter
- Go to the Advanced tab, and click Environment Variables
- Under User variables, select Path and click Edit
- Click New and paste the Scripts directory path
- Click OK on all dialogs and restart your terminal

### Option 2: Manual Installation
**Linux**
```bash
git clone https://github.com/R0salman/OpenRecon
cd openrecon
chmod +x setup.sh
./setup.sh
```
**Windows**
```bash
git clone https://github.com/R0salman/OpenRecon
cd OpenRecon
setup.bat
```

## Basic Usage
```bash
openrecon --help
openrecon scan --target example.com --flags "-T4 -F"
```

#### For full documentation, usage examples, module configurations, and troubleshooting, please visit:

**[OpenRecon Documentation](https://r0salman.github.io/OpenRecon/)**  

## Available Modules

| Module | Description |
|--------|-------------|
| portscan | Nmap-based port scanning and service detection |
| livediscovery | ARP-based active host detection for local networks |
| pingsweep | ICMP ping sweep to identify online hosts |
| subenum | Subdomain enumeration with crt.sh and DNS resolution (caches in ~/.openrecon) |
| xss | Comprehensive XSS vulnerability scanning |
| sql | SQL Injection detection |
| cms | CMS fingerprinting (WordPress, Joomla, etc.) |
| csrf | CSRF vulnerability scanning |
| graphql | GraphQL endpoint detection |

## Requirements
- Python 3.7+
- Nmap (must be in system PATH) - [Download Nmap](https://nmap.org/download.html)
- playwright

## Contributing

We welcome contributions! Here's how to help:

1. Fork the repository
2. Create your feature branch
3. Commit your changes
4. Push to the branch
5. Submit a pull request

## License

This project is licensed under the MIT License.

## Disclaimer

**Important**: This tool is intended for:
- Authorized security testing
- Educational purposes
- Research and development

Unauthorized use against systems without explicit permission is illegal and unethical. The developers assume no liability and are not responsible for any misuse or damage caused by this tool.
