Tools · Security

Find what single-session scanners can't see.

ReconX is an open-source, AI-native web penetration testing framework. Multi-identity access-control testing, AI-validated findings, and a report your team will actually read.

Why It's Different

Most scanners test one login. Real apps have many.

Single-session scanners can't see what happens when one user's token reaches another user's data. ReconX tests across identities, so broken access control, the top item on the OWASP Top 10, actually gets found instead of missed.

Scan Profiles

Six profiles, one tool.

Pick the depth that matches the engagement, from a five-minute pass to a full assessment.

Quick

A fast first pass to surface obvious issues before a deeper engagement.

Standard

Balanced coverage for a routine assessment. The default for most scans.

Deep

The full scanner set, including browser-based crawling for JavaScript-heavy applications.

API-Only

Focused entirely on REST and API endpoints, skipping the front-end surface.

OWASP Top 10

Full coverage of all ten 2021 OWASP Top 10 categories, mapped directly to the standard.

Passive

Reconnaissance only, no active exploitation attempts. Safe to point at production.

27 Scanner Modules

Full OWASP Top 10 coverage, and more.

Not just pattern matching, multiple detection techniques across every module, in-band and out-of-band.

AI Review

AI that reduces triage work, not adds to it.

AI review flags likely false positives to cut through the noise. Confirmed findings are never downgraded.

Works with Claude, GPT-4/GPT-4o, or any OpenAI-compatible endpoint, including local and self-hosted models.

Quick Start

Installed and scanning in under 5 minutes.

Reports export as HTML, PDF, DOCX, or JSON. Free, MIT licensed, no signup, no trial period.

Open By Default

ReconX is one of six open-source tools we build.

Smurf, SyncerD, Naoru, Vanisec, and more, all born from real client work, then open-sourced.

Explore All Tools

Work With Us

Need a real penetration test, not just a scan?

ReconX is the tool. Our team runs it, and knows what to do with what it finds.

Talk to an Expert