NetRecon — Advanced Network Reconnaissance Tool

// Developed by R.Shasi Kiran · Network Security Tool · v1.0

 ███╗   ██╗███████╗████████╗██████╗ ███████╗ ██████╗ ██████╗ ███╗   ██╗
 ████╗  ██║██╔════╝╚══██╔══╝██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗  ██║
 ██╔██╗ ██║█████╗     ██║   ██████╔╝█████╗  ██║     ██║   ██║██╔██╗ ██║
 ██║╚██╗██║██╔══╝     ██║   ██╔══██╗██╔══╝  ██║     ██║   ██║██║╚██╗██║
 ██║ ╚████║███████╗   ██║   ██║  ██║███████╗╚██████╗╚██████╔╝██║ ╚████║
 ╚═╝  ╚═══╝╚══════╝   ╚═╝   ╚═╝  ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝  ╚═══╝

Advanced Network Reconnaissance & Visual Reporting Tool

Python 3.8+ Kali Linux Nmap Engine NVD CVE API MIT License 1417+ Lines 8 Modules

⬡ ONE COMMAND · COMPLETE PICTURE OF YOUR TARGET ⬡

⬡

count

Modules

〈/〉

1417

lines

Lines of Code

◈

total

Capabilities

📄

formats

Report Formats

⚡

100

max score

Risk Scale

🕓

∞

stored

Scan History

// the problem we solve

Before vs After NetRecon

✗ Without NetRecon

→ Run nmap manually, get wall of text

→ Separately run whois, dig, subfinder

→ Google CVEs one by one for each service

→ Check Shodan manually in browser

→ Write your own report from scratch

→ No risk scoring — guess what's critical

→ No history — re-scan and compare manually

✓ With NetRecon

→ One command handles everything

→ WHOIS, DNS, Shodan — all automatic

→ CVEs pulled from NVD API with CVSS scores

→ Shodan passive intel added automatically

→ Professional HTML/PDF report generated

→ Every host scored Critical → Low

→ SQLite tracks changes between scans

// how it works

Automated Recon Pipeline

Target Input

IP, domain, or CIDR subnet via CLI

Nmap Scan

Ports, services, OS, traceroute

WHOIS + DNS

Passive domain identity lookup

Shodan

Indexed passive intelligence

CVE Mapping

NVD API — real CVSS scores

Subdomains

Attack surface enumeration

Risk Score

Weighted 0–100 per host

Report

HTML + PDF analyst report

// capabilities

What NetRecon Can Do

🔎

Nmap Engine

Runs deep scans automatically — quick, normal, or aggressive mode. Detects open ports, service versions, OS fingerprint, and traceroute path.

📋

WHOIS + DNS

Fetches domain ownership, registrar, expiry date, and all DNS records. Checks SPF and DMARC — flags missing records as phishing risks.

🛡️

CVE Mapping

Queries the NVD API for every detected service version. Returns real CVE IDs, CVSS scores, severity ratings, and direct NVD links.

👁️

Shodan Intel

Passive enrichment — queries Shodan without touching the target. Returns ISP, geolocation, historical ports, and tagged vulnerabilities.

🌐

Subdomain Enum

Discovers all subdomains via subfinder and DNS brute-force. Resolves each to an IP — maps the full external attack surface.

📊

Risk Scoring

Weighted algorithm scores every host 0–100. Labels each Critical / High / Medium / Low based on open ports, CVEs, and Shodan tags.

🕓

Scan History

Every scan stored in SQLite. Re-scanning shows exactly what changed — new ports, closed ports, and risk score delta since last scan.

🕸️

Topology Graph

Maltego-style interactive vis.js node graph. Target at center — ports, services, and subdomains as color-coded draggable nodes.

📄

HTML + PDF Report

Single self-contained HTML file with sticky nav, scroll animations, and dark theme. One-click PDF export for clients or submissions.

// risk engine

Risk Scoring System

80+ CRITICAL

Telnet, RDP, SMB open. Active exploitable CVEs. Immediate action required.

55+ HIGH

High-risk ports open. High CVSS CVEs matched. Remediate soon.

30+ MEDIUM

Some exposure present. Medium severity vulnerabilities detected.

0+ LOW

Minimal exposure. Standard ports, no critical CVEs found.

// live demo

Terminal Output

kali@kali — NetRecon v1.0

┌──(kali㉿kali)-[~/Desktop/NetRecon] └─$ sudo python3 recon.py -t scanme.nmap.org -i normal ███╗ ██╗███████╗████████╗██████╗ ███████╗ ██████╗ ██████╗ ███╗ ██╗ NetRecon v1.0 — Advanced Network Reconnaissance Tool [!] For authorized use only. Always obtain proper permission. [*] Target: scanme.nmap.org [*] Intensity: normal | Format: html [*] Started at: 2024-11-15 14:32:11 [*] Running nmap scan... [+] Discovered 1 host(s), 6 open port(s) [*] Fetching WHOIS & DNS records... [+] WHOIS & DNS enrichment complete [*] Looking up CVEs via NVD API... [+] Found 5 CVE(s) — 2 CRITICAL, 1 HIGH, 2 MEDIUM [*] Enumerating subdomains... [+] Found 6 subdomain(s) [*] Calculating risk scores... [+] Overall risk: CRITICAL (Score: 95/100) [*] Saving to scan history... [+] Diff: 2 new port(s) since last scan (+30 risk delta) [*] Generating report... [+] HTML report: output/netrecon_report_20241115_143211.html [+] Scan complete! └─$

// output preview

Generated Report — Interactive Preview

Click each tab below to see what NetRecon shows in the actual report for scanme.nmap.org

📋 Summary

🕸 Topology

🖥 Hosts

🔓 Ports

🛡 CVEs

🌐 Subdomains

🔍 WHOIS/DNS

📡 Traceroute

Hosts

Open Ports

Critical CVEs

High CVEs

Subdomains

Risk Score

            Target scanme.nmap.org was scanned on 2024-11-15 14:32:11.
            The scan discovered 1 active host with
            6 open ports. CVE analysis identified
            5 vulnerabilities, of which
            2 are rated CRITICAL.
            Subdomain enumeration discovered 6 subdomains
            expanding the attack surface. Overall risk posture is rated
            CRITICAL (95/100).
            Immediate remediation recommended for Telnet (port 23) and RDP (port 3389).
          

Port	Protocol	Service	Version Detected	Risk
22	TCP	SSH	OpenSSH 6.6.1p1 Ubuntu 2ubuntu2.13	MEDIUM
80	TCP	HTTP	Apache httpd 2.4.7 (Ubuntu)	LOW
443	TCP	HTTPS	—	LOW
23	TCP	Telnet	Linux telnetd	CRITICAL
3389	TCP	RDP	Microsoft Terminal Services	CRITICAL
3306	TCP	MySQL	MySQL 5.5.62-0ubuntu0.14.04.1	HIGH

CVE ID	Affected Service	Severity	CVSS	Description
CVE-2023-38408	OpenSSH 6.6.1p1	CRITICAL	9.8	PKCS#11 feature in ssh-agent allows remote code execution via malicious agent forwarding
CVE-2021-41773	Apache httpd 2.4.7	CRITICAL	9.8	Path traversal attack allows mapping URLs to files outside configured directories (RCE possible)
CVE-2021-41617	OpenSSH 6.6.1p1	HIGH	7.0	Privilege escalation because supplemental groups are not initialized as expected in sshd
CVE-2022-22721	Apache httpd 2.4.7	MEDIUM	6.5	XSS attacks possible via crafted XML body when LimitXMLRequestBody set below 350 bytes
CVE-2020-14765	MySQL 5.5.62	MEDIUM	6.8	High privileged attacker can cause MySQL Server to hang or crash repeatedly

Subdomain	Resolved IP	Status
www.nmap.org	`45.33.32.156`	✓ Resolved
mail.nmap.org	`45.33.32.158`	✓ Resolved
svn.nmap.org	`45.33.32.159`	✓ Resolved
blog.nmap.org	`45.33.32.160`	✓ Resolved
api.nmap.org	`Unresolved`	✗ No DNS record
dev.nmap.org	`Unresolved`	✗ No DNS record

// project structure

File Structure

📁 NetRecon/

├── 🟢 recon.py ← START HERE

├── ⚙️ install.sh ← one-time Kali setup

├── 📋 requirements.txt ← Python packages

├── 📖 README.md ← documentation

├── ⚖️ LICENSE ← MIT license

├── 📦 modules/

│ ├── 🔎 scanner.py ← nmap engine + XML parser

│ ├── 🌐 whois_dns.py ← WHOIS + DNS enrichment

│ ├── 🛡️ cve_lookup.py ← NVD API CVE mapping

│ ├── 👁️ shodan_lookup.py ← Shodan passive intel

│ ├── 🌍 subdomain_enum.py ← subdomain discovery

│ ├── 📊 risk_scorer.py ← weighted risk scoring

│ ├── 🕓 history.py ← SQLite scan history

│ └── 📄 report_gen.py ← HTML/PDF report builder

└── 📂 output/

├── 🌟 demo_report.html ← sample report preview

└── 🗄️ netrecon_history.db ← auto-created SQLite DB