Skip to content
/ totalrecon Public

A lightweight Python tool for passive reconnaissance, including subdomain, email, and S3 bucket extraction, with AI-powered scanner for sensitive infrastructure mentions.

pypi.org/project/totalrecon/

License

MIT license
6 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

josh1643/totalrecon

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
totalrecon
totalrecon
 
 
.gitattributes
.gitattributes
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cli.py
cli.py
 
 
pyproject.toml
pyproject.toml
 
 
setup.py
setup.py
 
 

Repository files navigation

totalrecon

PyPI version

totalrecon is a lightweight Python library for passive reconnaissance. It extracts subdomains, emails, and S3 buckets from text and PDF files, and uses a fine-tuned AI model to summarize sensitive infrastructure mentions.

Built for red teamers, bug bounty hunters, CTF players, and cyber analysts.

Warnings and Best Practices

Important:

This tool utilizes AI to assist with reconnaissance and summarization. While AI can provide valuable insights, always double-check the output. AI-generated results may not be 100% accurate and should be reviewed carefully before taking any action. The AI model used here is designed to assist, not replace, human judgment.

Features

  • Extract intelligence from plaintext and PDF files
  • Detect subdomains, emails, and AWS S3 buckets
  • Summarize recon info with a fine-tuned flan-t5-small model
  • Offline and lightweight — no OpenAI key required
  • Trained on synthetic recon examples tailored for real-world use

Installation

pip install totalrecon

Or from source:

git clone https://github.com/josh1643/totalrecon.git
cd totalrecon
pip install .

Quick Start

Python Example

from totalrecon.extract import extract_from_text

text = '''
Found subdomain: api.dev.example.com
Email: admin@example.com
S3 bucket: s3://backup-prod-private
'''

results = extract_from_text(text)

print(results["domains"])          # ['api.dev.example.com']
print(results["emails"])           # ['admin@example.com']
print(results["s3_buckets"])       # ['s3://backup-prod-private']
print(results["recon_summaries"])  # ['Possible backup S3 bucket exposed via dev subdomain.']

About the Model

This project uses a fine-tuned FLAN-t5-small model hosted on the Hugging Face Hub:

🔗 https://huggingface.co/wassermanrjoshua/totalrecon-flan-t5

  • Summarizes cyber recon and passive intel
  • Runs entirely offline after first load
  • No setup required — model is automatically downloaded on first use

This means:

  • You don’t need to clone or manually download any model files
  • Just pip install totalrecon and run it — the model loads when needed

Contributing

Contributions welcome!

  1. Fork the repo
  2. Create a feature branch
  3. Open a pull request

License

MIT License — see LICENSE for full terms.

Author

Created by Joshua Wasserman for real-world recon workflows and open-source tooling.

About

A lightweight Python tool for passive reconnaissance, including subdomain, email, and S3 bucket extraction, with AI-powered scanner for sensitive infrastructure mentions.

pypi.org/project/totalrecon/

Topics

python open-source machine-learning text-mining ai cybersecurity bug-bounty ctf recon bugbounty cyber-security reconnaissance redteam subdomain-enumeration osnit cybersecurity-tools passive-recon osnit-framework passive-reconnaissance ai-recon

Resources

Readme

License

MIT license
Activity

Stars

6 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages