Professional-grade security reconnaissance with AI-powered analysis and modern web interface
Created with β€οΈ by Muhammad Izaz Haider
π Quick Start β’ β¨ Features β’ πΈ Screenshots β’ π§ Installation β’ π€ About Me
X-Recon is an all-in-one cybersecurity reconnaissance toolkit designed for security professionals, penetration testers, and bug bounty hunters. It combines powerful scanning modules with an AI assistant and a sleek cyberpunk-themed web interface.
|
π All-in-One - No switching between tools |
# Clone the repository
git clone https://github.com/mizazhaider-ceh/X-Recon.git
cd X-Recon
# Install dependencies
pip install -r requirements.txt
# Set up AI (optional but recommended)
echo "CEREBRAS_API_KEY=your_api_key" > .env
# Launch X-Recon
python main.pyπ‘ Select Option 1 β Opens web dashboard at
http://127.0.0.1:8000
β‘ One-Liner for Windows
git clone https://github.com/mizazhaider-ceh/X-Recon.git && cd X-Recon && pip install -r requirements.txt && python main.pyX-Recon/
βββ main.py # Main entry point
βββ server/ # Backend server files
β βββ server.py # FastAPI web server
β βββ server_manager.py # Server lifecycle management
β βββ config.py # Configuration
βββ modules/ # Scan modules
β βββ port_scanner.py
β βββ subdomain_scanner.py
β βββ dir_bruteforcer.py
β βββ email_harvester.py
β βββ ai_assistant.py
β βββ ...
βββ web/ # Frontend files
β βββ index.html
β βββ css/
β βββ js/
β βββ components/
β βββ api.js
β βββ router.js
β βββ state.js
βββ results/ # Scan reports (HTML)
βββ wordlists/ # Fuzzing wordlists
|
β
Real-time Terminal - Live scan output via WebSocket |
β
Powered by Cerebras - Llama 3.3 70B model |
| Module | Description | Speed |
|---|---|---|
| π Port Scanner | Async TCP port scanning | β‘ 1000+ ports/sec |
| π Subdomain Scanner | DNS enumeration | β‘ 500 concurrent |
| π Directory Bruteforcer | Web path fuzzing | β‘ 200 concurrent |
| π§ Email Harvester | OSINT email collection | π Multi-source |
| π Service Detector | Banner grabbing | π― Smart detection |
| π‘οΈ CVE Lookup | Vulnerability search | π NVD database |
| 𧬠DNS Scanner | WHOIS & DNS intel | π Full records |
| π§ Nmap Integration | Advanced OS detection | π¬ Deep scan |
π» Main Menu - Command Center
Features:
- ASCII art banner with creator info
- Color-coded menu options
- Phase-based organization
- Clean, professional terminal UI
π Scanning in Action
Features:
- Real-time scan output
- Progress indicators
- Color-coded results
- Module execution logs
π Dashboard - Command Center
Features:
- Quick scan with module selection
- Real-time terminal output
- Interactive command input
- Live stats and status
π― Scanner - Multi-Module
Features:
- Target configuration
- Module selection with descriptions
- One-click scan launch
- Real-time progress tracking
π€ AI Assistant - X-AI
Features:
- Cybersecurity Q&A
- Code syntax highlighting
- Keyword emphasis (CVEs, tools)
- Export conversations
- Model selection (Llama 70B/8B)
π Reports - Professional Output
Features:
- HTML report viewer
- Download & delete options
- Sortable by date/type
- Interactive report content
- Python 3.8+
- pip package manager
- (Optional) Nmap for advanced scanning
# 1. Clone repository
git clone https://github.com/mizazhaider-ceh/X-Recon.git
cd X-Recon
# 2. Create virtual environment (recommended)
python -m venv venv
source venv/bin/activate # Linux/Mac
# or: venv\Scripts\activate # Windows
# 3. Install dependencies
pip install -r requirements.txt
# 4. Configure AI (optional but recommended)
cp .env.example .env
# Edit .env and add your Cerebras API key
# 5. Launch
python main.py- Go to https://cloud.cerebras.ai/
- Sign up for free account
- Generate API key
- Add to
.envfile
π‘ Why Cerebras? Llama 3.3 70B at lightning speed β perfect for security analysis!
- Run
python main.py - Select Option 1 - Launch Web Dashboard
- Navigate to
http://127.0.0.1:8000 - Go to Scanner tab
- Enter target and select modules
- Click INITIATE OFFENSIVE SCAN
- View real-time output in Dashboard terminal
- Check Reports tab for HTML results
python main.py
# Select Option 2 for CLI scan
# Select Option 3 for AI AssistantAll scan results are saved as HTML reports in the results/ directory:
- Interactive - Click to expand sections
- Professional - Clean, modern design
- Comprehensive - All findings with timestamps
- Shareable - Self-contained HTML files
Create a .env file:
CEREBRAS_API_KEY=your_api_key_hereGet your API key from: https://cloud.cerebras.ai/
Edit server/config.py:
SERVER_HOST = "127.0.0.1"
SERVER_PORT = 8000
RESULTS_DIR = "results"β
Legal Use Only - Only scan targets you own or have permission to test
β
Rate Limiting - Respect target servers
β
Stealth Mode - Use low-noise scanning when needed
β
Responsible Disclosure - Report vulnerabilities ethically
- Create
modules/your_module.py - Follow the template structure
- Add to Scanner component in
web/js/components/Scanner.js - Module will auto-integrate with web dashboard
- Backend: Python 3.8+, FastAPI, WebSockets
- Frontend: Vanilla JavaScript (ES6+), HTML5, CSS3
- AI: Cerebras Cloud SDK
- Architecture: SPA with hash routing
- β Complete web dashboard overhaul
- β Real-time terminal with WebSocket streaming
- β Scan start/stop controls
- β Terminal command input
- β AI assistant with syntax highlighting
- β Model selection (Llama 70B/8B)
- β Chat export functionality
- β Quick action buttons
- β Keyword highlighting (CVEs, tools, names)
- β CSS modular architecture (14 files)
- β Session persistence
- β Professional HTML reports
- β Fixed subdomain/directory scanner bugs
- CLI-based scanning
- Basic HTML reports
- AI integration
- Initial release
- Core scanning modules
Contributions welcome! Please:
- Fork the repository
- Create a feature branch
- Make your changes
- Submit a pull request
MIT License - See LICENSE file for details
"As a cybersecurity engineer, I thought: first build CLI tools, then add AI integration, then a web interface. CLI + AI + Web GUI. It took me a lot of time, but now it's done."
X-Recon started as a personal project to solve a real problem: too many scattered tools, no unified workflow. As a penetration tester, I was tired of switching between terminals, scripts, and tools. I wanted everything in one place.
| Phase | What I Built | Why |
|---|---|---|
| v1.0 | CLI scanning modules | Learn by building |
| v2.0 | Added AI assistant | Smart analysis needed |
| v3.0 | Full web dashboard | Professional workflow |
β
Building over collecting certificates
β
Practice over theory
β
Real tools over endless tutorials
β
If I fail, the failure is mine. If I succeed, the credit belongs to Allah.
Junior DevSecOps & AI Security Engineer @ Damno Solutions
Penetration Tester | Cybersecurity Student @ Howest University π§πͺ
AI Security Researcher | Founder @ The PenTrix
π΅π° β π§πͺ From a small Pakistani village to Belgium's cybersecurity field
Built on self-learning, persistence, and faith β Alhamdulillah π€²
Got ideas? Found a bug? Want to contribute?
I'm always open to collaboration! Whether you want to:
- π Report issues
- π‘ Suggest features
- π§ Submit pull requests
- π¬ Just chat about cybersecurity
Reach out on LinkedIn β Let's build the future of security together!





