URLRecon
Async multi-module URL reconnaissance tool
v1.0.0
Linux
macOS
Windows
| File | SHA256 |
|---|---|
urlrecon-v1.0.0.tar.gz |
623074a9b6a9c44bd151b7b1d8532f451fbff2a0b6aa3f3fb418de48d7a2b854 |
urlrecon-v1.0.0.zip |
f2e746ca9dec878e1b5c8f4959b0ed79e41f795afb99979f9a6b40f239173892 |
Quick Start
Install
curl -fsSL https://cli.johlem.net/install.sh | bash -s -- urlreconUninstall
curl -fsSL https://cli.johlem.net/uninstall.sh | bash -s -- urlreconFeatures
- 18 async reconnaissance modules
- DNS, WHOIS, HTTP headers, TLS/SSL analysis
- Email security: SPF, DKIM, DMARC validation
- Security headers scoring (A–F grade)
- Cookie security analysis
- HTTP/2 and HTTP/3 protocol detection
- Common port scanning (22 ports)
- Wayback Machine history lookup
- Redirect chain tracing
- Screenshot capture via headless browser
- robots.txt & sitemap.xml parsing
- Geo-IP & ASN lookup
- Subdomain enumeration via crt.sh
- Technology stack detection (30+ signatures)
- Multi-target scanning (URLs or file input)
- JSON stdout pipe mode (--json)
- Scan diff comparison (--diff)
- Built-in browser UI dashboard
- JSON, CSV, and Markdown export
- Configurable via .urlreconrc
- Built-in update checker (--update)
- Configurable concurrency with progress indicator
Requirements
Runtime
Python 3.9+
Required
The installer checks for these and offers to install them automatically.
| Package | Purpose | Install |
|---|---|---|
aiohttp |
Async HTTP client for module requests | pip install aiohttp |
dnspython |
DNS record resolution | pip install dnspython |
python-whois |
WHOIS domain lookups | pip install python-whois |
pip install aiohttp dnspython python-whoisOptional
| Package | Purpose | Install |
|---|---|---|
playwright |
Headless browser for screenshot module | pip install playwright |
Usage & Flags
urlrecon [OPTIONS] <target> [target2] [target3] ...Targets can be URLs, domains, or a file containing one URL per line.
Modules
| Name | Description |
|---|---|
dns | A, AAAA, MX, NS, TXT, CNAME, SOA records |
whois | WHOIS domain registration data |
headers | HTTP response headers analysis |
tls | TLS version, cipher, certificate chain |
redirects | Redirect chain tracing |
screenshot | Headless browser page capture (requires playwright) |
robots | robots.txt parsing |
sitemap | sitemap.xml URL extraction |
geoip | Geo-IP location lookup |
asn | ASN lookup via Team Cymru DNS |
subdomains | Subdomain enumeration via crt.sh |
tech | Technology stack detection (30+ signatures) |
email | SPF, DKIM, DMARC record validation |
secheaders | Security headers scoring (A–F grade) |
cookies | Cookie security analysis (Secure, HttpOnly, SameSite) |
wayback | Wayback Machine snapshot history |
ports | Common port scan (22 ports) |
http2 | HTTP/2 and HTTP/3 protocol detection |
Flags
| Flag | Type | Default | Description |
|---|---|---|---|
--modules |
string | all |
Comma-separated list of modules to run |
--output |
string | ./output |
Output directory for results |
--format |
string | json |
Export format: json, csv, or markdown |
--concurrency |
int | 5 |
Maximum concurrent module executions |
--timeout |
int | 30 |
Timeout in seconds per module |
--json |
flag | false |
Print JSON results to stdout (pipe-friendly) |
--diff |
files | — | Compare two JSON scan results |
--ui |
flag | false |
Launch browser UI dashboard after scan |
--update |
flag | — | Check for newer version |
--verbose |
flag | false |
Enable verbose output logging |
--quiet |
flag | false |
Suppress all output except errors |
--help |
flag | — | Show help message and exit |
Examples
Full scan with all modules
$ python urlrecon.py https://example.com
[urlrecon] Starting scan on https://example.com
[dns] A: 93.184.216.34 | AAAA: 2606:2800:220:1:248:1893:25c8:1946
[whois] Registrar: ICANN | Created: 1995-08-14
[headers] Server: ECS (dcb/7F83) | X-Cache: HIT
[tls] TLS 1.3 | CN=www.example.org | Expires: 2027-03-01
[redirects] No redirects detected
[robots] 3 rules parsed
[sitemap] 12 URLs found
[geoip] US, California, Los Angeles | AS15133
[tech] Detected: ECS, Varnish
[urlrecon] Scan complete — results saved to ./output/example.com/Run specific modules only
$ python urlrecon.py --modules dns,whois,tls https://example.com
[urlrecon] Running modules: dns, whois, tls
[dns] A: 93.184.216.34
[whois] Registrar: ICANN | Created: 1995-08-14
[tls] TLS 1.3 | CN=www.example.org
[urlrecon] Done — 3 modules completedExport as CSV with high concurrency
$ python urlrecon.py --format csv --concurrency 10 https://example.com
[urlrecon] Output format: CSV
[urlrecon] Concurrency: 10 modules
[urlrecon] Scan complete — saved to ./output/example.com/report.csvLaunch browser UI after scan
$ python urlrecon.py --ui https://example.com
[urlrecon] Scan complete
[urlrecon] Launching browser UI at http://localhost:8484Verbose output with custom timeout
$ python urlrecon.py --verbose --timeout 60 https://example.com
[urlrecon] Verbose mode enabled
[urlrecon] Timeout per module: 60s
[dns] Resolving A records... 93.184.216.34 (42ms)
[dns] Resolving AAAA records... 2606:2800:220:1:248:1893:25c8:1946 (38ms)
[dns] Resolving MX records... none (35ms)
[whois] Querying whois.iana.org... OK (210ms)
...Install Layout
# Standard layout for all cli.johlem.net tools
~/.local/lib/urlrecon/ # Tool source files
~/.local/bin/urlrecon # Executable wrapperAfter install, run urlrecon --help (requires ~/.local/bin in your PATH).
Changelog
# Changelog ## v1.0.0 — 2026-04-05 ### Added - 18 async reconnaissance modules - Core modules: DNS, WHOIS, HTTP headers, TLS/SSL, redirects, screenshot, robots.txt, sitemap, geo-IP, ASN lookup, subdomain enumeration, tech stack detection - Email security module: SPF, DKIM, DMARC record validation - Security headers scoring module (A–F grade) - Cookie security analysis (Secure, HttpOnly, SameSite flags) - HTTP/2 and HTTP/3 protocol detection via ALPN and Alt-Svc - Common port scanning (22 ports) - Wayback Machine snapshot history via CDX API - Multi-target scanning: pass multiple URLs or a file (one per line) - JSON stdout mode (`--json`) for pipe-friendly output - Scan diff comparison (`--diff file_a.json file_b.json`) - Config file support (`.urlreconrc` in project or home directory) - Built-in update checker (`--update`) - Live progress indicator (modules done counter on stderr) - Browser-based UI dashboard for interactive exploration - JSON, CSV, and Markdown export formats - Configurable concurrency with progress indicator - Module selection via `--modules` flag - Timeout control per module with `--timeout` - Verbose and quiet output modes - Python 3.9+ support across Linux, macOS, and Windows - SHA256 checksum verification for all release artifacts
Integrity
Verify your download against these SHA256 checksums:
| File | SHA256 |
|---|---|
urlrecon-v1.0.0.tar.gz |
623074a9b6a9c44bd151b7b1d8532f451fbff2a0b6aa3f3fb418de48d7a2b854 |
urlrecon-v1.0.0.zip |
f2e746ca9dec878e1b5c8f4959b0ed79e41f795afb99979f9a6b40f239173892 |
This tool is provided as-is with no warranty. Use at your own risk. Always review scripts before running them. Not responsible for any damage or data loss. This tool is intended for authorized security testing, research, and educational purposes only. Always obtain explicit permission before scanning targets you do not own. Unauthorized use is illegal and unethical.