Cyber Recon Toolkit is a modular terminal-based cybersecurity and reconnaissance framework designed for network analysis, security assessment, forensic investigation, and automated reporting.
This toolkit combines multiple reconnaissance, scanning, forensic, and reporting utilities into a single integrated Python platform. It is designed for practical cybersecurity workflows, clean CLI interaction, modular expansion, and evidence-oriented reporting.
- WHOIS Lookup
- DNS Enumeration
- Ping Sweep
- TCP Port Scanner
- Log Analyzer
- Hash Generator
- Phishing URL Checker
- Combined Report Generator
- JSON report export
- CSV report export
- PDF report export
- Timestamped forensic reports
- PDF watermarking
- Consolidated evidence collection
- Cross-module report aggregation
Cyber-Recon-Toolkit/
├── README.md
├── requirements.txt
├── run.sh
├── toolkit.py
├── reports/
├── logs/
├── modules/
│ ├── dns_enum.py
│ ├── hash_generator.py
│ ├── log_analyzer.py
│ ├── phishing_checker.py
│ ├── ping_sweep.py
│ ├── port_scanner.py
│ ├── report_generator.py
│ └── whois_lookup.py
- Python 3.10 or higher
- Linux-based environment recommended
- Tested on Kali Linux
Clone the repository:
git clone https://github.com/kvr585/Cyber-Recon-Toolkit
cd Cyber-Recon-ToolkitLaunch the toolkit:
./run.shThe launcher automatically:
- Creates a virtual environment (
.venv) - Activates the environment
- Installs required dependencies
- Starts the toolkit
The toolkit uses the following Python packages:
richpython-whoisdnspythontldextractrequestsreportlab
All dependencies are already included in requirements.txt.
Start the toolkit using:
./run.shUsing the launcher ensures the virtual environment and dependencies are configured correctly before execution.
RECON
1. WHOIS Lookup
2. DNS Enumeration
3. Ping Sweep
SCANNING
4. Port Scanner
5. Log Analyzer
UTILITIES
6. Hash Generator
7. Phishing URL Checker
8. Generate Combined Report
SYSTEM
9. Exit
- Domain WHOIS lookup
- Registrar information
- Creation and expiration dates
- Domain status
- DNS nameservers
- JSON report generation
- A record lookup
- AAAA record lookup
- MX record lookup
- NS record lookup
- TXT record lookup
- CNAME discovery
- DNS summary output
- JSON report export
- /24 subnet discovery
- Multithreaded ICMP scanning
- Live host detection
- Scan timing
- JSON reporting
- Multithreaded TCP port scanning
- Custom port range support
- Service detection
- Basic banner grabbing
- Progress tracking
- Resolved target IP display
- JSON reporting
- Log file parsing
- Suspicious activity detection
- Error highlighting
- Security event inspection
- JSON export
- MD5 hashing
- SHA1 hashing
- SHA256 hashing
- SHA512 hashing
- Text hashing
- File hashing
- Hash verification
- File integrity checks
- JSON reporting
- URL structure analysis
- Suspicious keyword detection
- IP-based URL detection
- URL length analysis
- HTTPS validation
- Domain extraction checks
- Aggregates module outputs into combined JSON
- Generates combined CSV reports
- Produces formatted PDF reports
- Adds forensic timestamps
- Includes PDF watermarking
- Allows direct report opening from toolkit
Generated reports are automatically saved inside the reports/ directory.
Supported formats include:
- JSON
- CSV
Generated reports may include:
- Scan results
- DNS findings
- WHOIS information
- Security events
- Forensic summaries
- Timestamps
- Watermarked PDF exports
This project is intended strictly for educational, academic, and authorized security testing purposes only.
Do not use this toolkit against systems, networks, or services without proper authorization.
The developer is not responsible for misuse or unauthorized activities performed using this toolkit.
Developed for cybersecurity research, network reconnaissance, and forensic reporting.