Zero dependencies. Pure Python stdlib. Just clone and run.
Features β’ Install β’ Usage β’ Demo β’ How it works
| Flag | Module | What it does |
|---|---|---|
-u |
Username | Concurrent scan across 80+ sites: GitHub, GitLab, X/Twitter, Instagram, TikTok, Reddit, YouTube, Twitch, Medium, Stack Overflow, Steam, Roblox, SoundCloud, Spotify, Telegram, Keybase, Replit, NPM, PyPI, Dribbble, Behance, ArtStation, Patreon, Bluesky, Threads, Mastodon, HackerRank, LeetCode, TryHackMe, MyAnimeList, AniList, and many more |
-e |
Format validation β’ MX record check (via Google DoH) β’ SPF + DMARC sniff β’ Gravatar avatar + profile JSON β’ Disposable email detection (50+ domains) β’ Free vs business classification β’ Auto-scans local-part as username β’ Breach lookup links (HIBP, DeHashed, IntelX, LeakCheck) | |
-p |
Phone | Embedded ITU E.164 database for 200+ countries (zero deps!) β’ Country, region, ISO code, timezone, expected length β’ Indian carrier hints by prefix series β’ US area code β state mapping (350+ NPAs) β’ Truecaller / WhatsApp / Telegram / Sync.me / WhitePages lookup links |
-n |
Name | 18 pre-built Google / Bing / DuckDuckGo / Yandex dorks (LinkedIn, FB, X, GitHub, IG, Reddit, YouTube, PDFs, resumes, court records, images) β’ Auto-generates 10+ username permutations (firstlast, first.last, flast, lf, f.last, etc.) and runs the full username scan on each |
-d |
Domain π | WHOIS over raw socket (port 43, follows referrals) β’ Full DNS: A, AAAA, MX, NS, TXT, CNAME, SOA β’ SSL certificate info (issuer, validity, SANs) β’ HTTP headers + tech stack fingerprint (WordPress, React, Cloudflare, etc.) β’ robots.txt + sitemap.xml β’ Subdomain enumeration via crt.sh (Certificate Transparency) β’ Wayback Machine snapshot |
-i |
IP π | Reverse DNS β’ Full geolocation (country, region, city, ZIP, coordinates, timezone) β’ ISP / Organization / ASN β’ Mobile / proxy / VPN / hosting flags β’ IP WHOIS β’ Quick port scan of 12 common services |
-o |
JSON export | Save the entire structured report to JSON for piping into Maltego, Spiderfoot, or your own pipelines |
- 𧬠Zero pip installs β no
requests, nophonenumbers, nodnspython. Built entirely onurllib,socket,ssl,concurrent.futuresfrom the Python standard library. Runs on any fresh Linux/Kali install with justpython3. - β‘ Threaded β 25 worker threads scan 80+ sites in seconds
- π Embedded ITU phone DB β country codes, timezones, ISO codes for the whole world, all in-code
- π Two new modules β
-dand-imake this a full red-team recon kit, not just a username searcher - π― No API keys ever required β uses Google's free DoH for DNS, crt.sh for subdomains, ip-api.com for geo
# 1. Clone
git clone https://github.com/AswinMathew2004/recon.git
cd recon
# 2. Make executable (optional)
chmod +x recon.py
# 3. Run β that's it. No pip, no venv, no dependencies.
python3 recon.py -u octocatsudo ln -s "$(pwd)/recon.py" /usr/local/bin/recon
recon -u johndoe# Single-target lookups
python3 recon.py -u johndoe # 80+ social/dev/gaming sites
python3 recon.py -e john@example.com # email intelligence
python3 recon.py -p +14155552671 # US phone β state lookup
python3 recon.py -p +919876543210 # India phone β carrier hints
python3 recon.py -n "John Doe" # name dorks + permutation scan
python3 recon.py -d example.com # full domain intelligence
python3 recon.py -i 8.8.8.8 # IP geolocation + WHOIS + ports
# Combine everything for full target profile
python3 recon.py -u johndoe -e john@x.com -p +91... -n "John Doe" -d x.com -o report.json-u, --username Username (80+ sites)
-e, --email Email investigation
-p, --phone Phone with +country code
-n, --name Full name
-d, --domain Domain WHOIS/DNS/SSL/subdomains
-i, --ip IP geo/ASN/ports
-o, --output Save structured JSON report
-v, --version Show version
-h, --help Show help
$ python3 recon.py -p +14155552671
____
| _ \ ___ ___ ___ _ __
| |_) / _ \/ __/ _ \| '_ \
| _ < __/ (_| (_) | | | | v2.0.0
|_| \_\___|\___\___/|_| |_|
OSINT lookup β’ Pure stdlib β’ Kali Linux
by Aswin Mathew β’ https://github.com/AswinMathew2004
βββ PHONE β +14155552671 βββββββββββββββββββββββββββββββββββββββββ
[β] E.164 form β +14155552671
[β] Country β United States/Canada (US/CA) [+1]
[β] National no. β 4155552671
[β] Timezone β America/New_York
[β] Length valid β 10 digits (expected 10)
[β] US state β CA (area code 415)
[i] Manual lookups:
Truecaller β https://www.truecaller.com/search/us/ca/4155552671
WhatsApp β https://wa.me/14155552671
...
$ python3 recon.py -d github.com
βββ DOMAIN β github.com ββββββββββββββββββββββββββββββββββββββββββ
[i] Querying WHOIS over port 43β¦
Registrar MarkMonitor Inc.
Created 2007-10-09T18:20:50Z
Expires 2026-10-09T07:00:00Z
Name servers DNS1.P08.NSONE.NET, DNS2.P08.NSONE.NET, ...
DNSSEC unsigned
[i] DNS records (via Google DoH):
[β] A (1) 140.82.114.4
[β] MX (5) 1 aspmx.l.google.com. ...
[β] TXT (8) v=spf1 ip4:192.30.252.0/22 ...
[i] SSL certificate:
Subject CN github.com
Issuer Sectigo Limited / Sectigo ECC ...
Valid until Mar 14 23:59:59 2025 GMT
SAN (2) github.com, www.github.com
[β] Tech detected β Cloudflare, React, jQuery
[i] Subdomain enumeration via crt.sh:
[β] Found 4823 unique subdomain(s)
api.github.com
assets.github.com
...
| Task | Library used | What's avoided |
|---|---|---|
| HTTP / HTTPS requests | urllib.request + ssl |
requests, httpx |
| DNS queries (A, MX, TXT, NS) | urllib β Google DoH JSON API |
dnspython |
| WHOIS lookups | raw TCP socket on port 43 | python-whois |
| SSL certificate parsing | ssl.SSLContext.getpeercert() |
cryptography |
| Phone number parsing | embedded ITU dictionary | phonenumbers |
| Port scanning | socket.create_connection |
nmap, scapy |
| Subdomain enumeration | crt.sh JSON endpoint | brute force, paid APIs |
| IP geolocation | ip-api.com (free, no key) | MaxMind GeoIP DB |
| Threading | concurrent.futures.ThreadPoolExecutor |
β |
Result: the entire tool fits in one file, runs anywhere Python 3 runs, and never needs a pip install.
Adding a new platform takes one line. Edit the SITES dict in recon.py:
SITES = {
# ...
"MyPlatform": ("https://myplatform.com/{}", "code", 200),
# method "code" β HTTP status equals `expected` means exists
# method "neg" β 200 AND `expected` NOT in body
# method "pos" β 200 AND `expected` IS in body
}Adding a new country phone code? Edit COUNTRY_CODES:
COUNTRY_CODES = {
...
999:("Atlantis","AT","Atlantic/Mid",10),
}- HIBP API integration (with optional API key via env var)
- HTML report export with styled output
- Reverse image search on found profile pics
- Shodan integration for
-imode (with key) - Docker image for one-shot execution
- Web UI
PRs welcome!
sherlock β’ holehe β’ theHarvester β’ PhoneInfoga β’ Maigret β’ Spiderfoot β’ Amass
This tool is built for:
- β Self-research β see what's public about you
- β Authorized penetration testing β with written permission from the target
- β Journalism / academic research on public information
- β Cybersecurity learning (CTFs, labs, red team exercises)
It must NOT be used for:
- β Stalking, harassment, or doxxing private individuals
- β Unauthorized investigation
- β Anything that violates the laws of your jurisdiction
The port scan in -i mode is light and connection-only, but port scanning systems you don't own may still be illegal where you live. Know your local laws.
You are responsible for how you use this tool. The author assumes no liability for misuse.
MIT Β© 2026 Aswin Mathew
π aswinmathew.xyz β’ π» GitHub
β Star this repo if you found it useful!