Skip to content
/ exrecon Public

ExRecon – An advanced, TOR-routed Nmap automation framework for Kali Linux. Supports modular multi-scan recon, firewall evasion, Nikto web audits, and human-readable reporting with delta analysis. Built for stealth and operational security in red teaming, pen testing, and OSINT workflows.

www.linkedin.com/in/exrecon/

License

MIT license
17 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ExRecon/exrecon

BranchesTags

Repository files navigation

🛡️ ExRecon - Ultimate TOR Nmap Automation

ExRecon is a stealth-oriented reconnaissance and scanning utility designed for Kali Linux. It automates advanced Nmap scans over the TOR network, validates anonymity, logs results in clean summaries, and allows optional log viewing — all while supporting multiple recon modes.

⚙️ Features

Capability Description
TOR integration Routes all scans through TOR using proxychains4, and rotates exit nodes
Auto dependency check Detects and installs required tools like Nmap, Nikto, TOR, enscript, and more
Modular scans User selects multiple scan types simultaneously
Service detection Uses Nmap scripts and custom UA strings to detect services behind firewalls
Firewall evasion Spoofs MAC address, modifies TTL, and optionally uses decoys
Nikto web audit Launches Nikto after detecting HTTP/HTTPS ports
Live result viewer Lets the user preview results using bat, less, or xdg-open
Formatted reporting Generates .txt and .pdf scan summaries with deltas vs previous scan
Version-aware decoys Uses --decoy only if supported by the installed Nmap version

🛠️ Dependencies

ExRecon automatically checks and installs the following:

  • nmap
  • proxychains4
  • tor
  • curl
  • gpg
  • tmux
  • netcat-openbsd
  • openssl
  • enscript
  • ghostscript
  • pandoc
  • nikto

🔧 Installation

chmod +x exrecon.sh
./exrecon.sh

On first run, ExRecon will:

  • Ensure all required tools are installed
  • Patch /etc/tor/torrc to allow TOR control via ControlPort
  • Rotate TOR circuits before each scan
  • Create log storage directory ~/tor_scan_logs

🚀 Usage

./exrecon.sh
  • Enter target domain or IP when prompted
  • Select one or more scan modes (comma-separated)
  • Wait for scan to finish and optionally view results

📁 Output Directory

~/tor_scan_logs/
  • Raw scan logs: scan_<timestamp>.*
  • Summary Report: scan_summary_<timestamp>.txt
  • Printable PDF: scan_summary_<timestamp>.pdf
  • Anomaly comparison: scan_summary_<timestamp>.delta

🔐 Notes

  • 🔑 Run as root for full feature access (SYN scans, MAC spoofing)
  • 🚦 TOR is validated before every scan; circuit is rotated
  • 🌐 All traffic is routed via TOR using ProxyChains
  • 🧹 Self-destruct functionality has been disabled in this version for report preservation

⚠️ Legal Warning

ExRecon is intended strictly for educational and authorized penetration testing purposes.

⚠️ Do not use this tool against systems/networks you do not own or lack explicit written permission to test. Misuse can result in criminal charges.

📜 License

MIT License — see LICENSE file for details.

🧠 Author

ExRecon developed by ExRecon as part of Offensive Security tooling — for the Greater Good. ❤️‍🔥

"Master Kali Linux, Excel in Offensive Security"

About

ExRecon – An advanced, TOR-routed Nmap automation framework for Kali Linux. Supports modular multi-scan recon, firewall evasion, Nikto web audits, and human-readable reporting with delta analysis. Built for stealth and operational security in red teaming, pen testing, and OSINT workflows.

www.linkedin.com/in/exrecon/

Topics

cybersecurity reconnaissance reconnaissance-framework cybersecurity-tools

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity

Stars

17 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases 2

ExRecon v2.0 - Major Upgrade Latest
Jun 20, 2025
+ 1 release

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages