Open Source -- AI-Native -- 26 Scanners

Automated Web
Penetration Testing

ReconX is a comprehensive AI-powered penetration testing framework with 26 scanner modules, multi-LLM intelligence, and professional report generation. Built for security professionals.

Get Started Documentation
reconx 
$ reconx scan --target example.com --profile deep

[*] ReconX v1.0.0 - AI-Native Penetration Testing
[*] Target: example.com
[*] Profile: deep (26 modules)
[*] AI Engine: Claude claude-sonnet-4-20250514

[+] Running scanner: SQL Injection............ done
[+] Running scanner: XSS Detection............ done
[+] Running scanner: CSRF Analysis............ done
[!] Found: SQL Injection in /api/users?id=1
[!] Found: Reflected XSS in /search?q=
[!] Found: Missing CSRF token on /api/transfer

[*] AI Analysis: Validating 47 findings...
[+] False positives removed: 12
[+] Attack paths identified: 3
[+] Report generated: report_example_com.html
26 Scanner Modules
5 AI Features
4 LLM Providers
10 OWASP Top 10
5 Scan Profiles
3 Report Formats

Built for Security Professionals

Everything you need for comprehensive web application security testing, powered by AI.

AI

Multi-LLM AI Engine

Supports Claude, GPT-4, Gemini, and Ollama for intelligent vulnerability analysis.

26

26 Scanner Modules

Comprehensive coverage from SQL injection to subdomain takeover.

RP

Professional Reports

Generate HTML, PDF, and JSON reports with executive summaries.

OW

OWASP Top 10

Full coverage of every OWASP Top 10 (2021) vulnerability category.

SP

Scan Profiles

Quick, standard, deep, stealth, and API-focused scan modes.

FP

AI False Positive Validation

Machine learning reduces noise by validating findings automatically.

AP

Attack Path Analysis

AI maps how vulnerabilities chain together for maximum impact.

PL

Smart Payloads

Context-aware payload generation that adapts to the target.

OS

Open Source

MIT licensed, community-driven, and fully transparent.

26 Scanner Modules

From injection attacks to misconfigurations, ReconX covers the full spectrum of web vulnerabilities.

DB

SQL Injection

Union, blind, time-based SQLi detection

XS

XSS Scanner

Reflected, stored, and DOM-based XSS

CF

CSRF Detection

Missing tokens and SameSite issues

SR

SSRF Scanner

Server-side request forgery detection

FI

LFI/RFI

Local and remote file inclusion

CI

Command Injection

OS command injection vectors

XE

XXE Scanner

XML external entity injection

TI

SSTI Detection

Server-side template injection

AB

Auth Bypass

Authentication weakness detection

ID

IDOR Scanner

Insecure direct object references

OR

Open Redirect

URL redirect and forward flaws

CO

CORS Misconfig

Cross-origin policy analysis

HS

Header Security

Missing and misconfigured headers

TL

SSL/TLS Analysis

Certificate and cipher analysis

SD

Subdomain Enum

Subdomain discovery and takeover

DB

Directory Brute

Hidden path and file discovery

CM

CMS Detection

WordPress, Joomla, Drupal scanning

AP

API Security

REST and GraphQL endpoint testing

JW

JWT Analysis

Token weakness and key confusion

WS

WebSocket

WebSocket security testing

CR

CRLF Injection

HTTP response splitting attacks

CJ

Clickjacking

Frame-based UI redress attacks

DN

DNS Recon

DNS enumeration and zone analysis

WF

WAF Detection

Web application firewall fingerprint

TF

Tech Fingerprint

Technology stack identification

PS

Port Scanner

Service and port enumeration

AI-Native Intelligence

ReconX goes beyond automated summaries. AI is embedded into every stage of the penetration testing workflow.

01

Intelligent Analysis

AI analyzes raw scanner output to identify patterns humans might miss, correlating findings across modules to uncover complex vulnerability chains.

02

False Positive Validation

Machine learning models evaluate each finding against known patterns, reducing noise by up to 60% and letting you focus on real threats.

03

Attack Path Mapping

AI constructs exploitation chains showing how individual vulnerabilities combine for maximum impact, from initial access to data exfiltration.

04

Smart Payload Generation

Context-aware payload generation that adapts to the target application, bypassing WAFs and custom input validation.

05

Executive Reporting

AI-generated executive summaries translate technical findings into business impact language for stakeholder communication.

Scan Profiles

Choose the right level of depth for every engagement.

Quick Scan

Essential checks in under 5 minutes

8 modules

Standard

Balanced coverage for routine testing

18 modules

Deep Scan

Maximum depth with all scanner modules

26 modules

Stealth

Low-noise scanning for production systems

12 modules

API Only

Focused on REST and GraphQL endpoints

10 modules

Start Securing Your Applications

ReconX is free, open-source, and ready to use. Install it in under a minute.

pip install reconx
View on GitHub Read the Docs