Skip to content

ahirankush771/WebRecon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
modules
modules
 
 
wordlists
wordlists
 
 
README.md
README.md
 
 
requirements.txt
requirements.txt
 
 
webrecon.py
webrecon.py
 
 

Repository files navigation

🌐 WebRecon — Web Application Fingerprinter

🖥️This tool is developed by Ankush Cybersecurity Learner and security tool developer

WebRecon is a modular web application fingerprinting tool that detects tech stacks, analyzes security headers, checks SSL certificates, and performs directory brute-forcing — all in one clean CLI interface.

📸 Features

Module Description
🔍 Tech Fingerprinting Detects CMS, frameworks, web servers, JS libraries
🛡️ Header Analysis Checks for missing/misconfigured security headers
🔐 SSL Checker Certificate info, expiry, SANs, issuer details
📂 Dir Scanner Multi-threaded hidden directory brute force
📊 Report Generator Export results as TXT / JSON / HTML

⚙️ Installation

# Clone the repo
git clone https://github.com/ahirankush771/WebRecon.git
cd WebRecon

# Install dependencies
pip install -r requirements.txt

🚀 Usage

# Basic scan (fingerprint + headers)
python webrecon.py https://example.com

# Full scan with SSL + directory brute force
python webrecon.py https://example.com -d -s

# Save output as JSON
python webrecon.py https://example.com -o json

# Custom wordlist + threads
python webrecon.py https://example.com -d -w wordlists/custom.txt -t 20

# Verbose mode
python webrecon.py https://example.com -v

All Flags

positional:
  target              Target URL (e.g. https://example.com)

optional:
  -d, --dirscan       Enable directory brute force
  -s, --ssl           Check SSL certificate info
  -w, --wordlist      Custom wordlist path
  -o, --output        Output format: txt | json | html
  -t, --threads       Number of threads (default: 10)
  --timeout           Request timeout in seconds
  -v, --verbose       Verbose output

📂 Project Structure

WebRecon/
├── webrecon.py          # Main entry point
├── requirements.txt
├── wordlists/
│   └── common.txt       # Default wordlist
├── modules/
│   ├── fingerprint.py   # Tech stack detection
│   ├── headers.py       # Security header analysis
│   ├── sslinfo.py       # SSL certificate checker
│   ├── dirscan.py       # Directory brute forcer
│   └── reporter.py      # Report generator
└── output/              # Scan results saved here

🔍 What Gets Detected

CMS: WordPress, Joomla, Drupal, Magento, Shopify

Frameworks: Laravel, Django, Ruby on Rails, Express.js, ASP.NET

Web Servers: Apache, Nginx, IIS, LiteSpeed, Caddy

JS Libraries: jQuery, React, Vue.js, Angular, Bootstrap

Security Headers: HSTS, CSP, X-Frame-Options, X-Content-Type-Options, and more

⚠️ Disclaimer

This tool is intended for educational purposes and authorized penetration testing only. Always obtain proper written permission before scanning any target. The author is not responsible for any misuse of this tool.

👨‍💻 Author

Ankush | Cybersecurity Researcher & Tool Builder

GitHub Instagram

Made with ❤️ for the cybersecurity community

About

modular web application fingerprinting tool that detects tech stacks, analyzes security headers, checks SSL certificates, and performs directory brute-forcing — all in one clean CLI interface.

Topics

headless fingerprint-authentication threads hacking-tool

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages