Tools · Security
Find what single-session scanners can't see.
ReconX is an open-source, AI-native web penetration testing framework. Multi-identity access-control testing, AI-validated findings, and a report your team will actually read.
Why It's Different
Most scanners test one login. Real apps have many.
Single-session scanners can't see what happens when one user's token reaches another user's data. ReconX tests across identities, so broken access control, the top item on the OWASP Top 10, actually gets found instead of missed.
- 27 scanner modules
- Free & open source
- MIT licensed
- No signup, no trial
Scan Profiles
Six profiles, one tool.
Pick the depth that matches the engagement, from a five-minute pass to a full assessment.
Quick
A fast first pass to surface obvious issues before a deeper engagement.
Standard
Balanced coverage for a routine assessment. The default for most scans.
Deep
The full scanner set, including browser-based crawling for JavaScript-heavy applications.
API-Only
Focused entirely on REST and API endpoints, skipping the front-end surface.
OWASP Top 10
Full coverage of all ten 2021 OWASP Top 10 categories, mapped directly to the standard.
Passive
Reconnaissance only, no active exploitation attempts. Safe to point at production.
27 Scanner Modules
Full OWASP Top 10 coverage, and more.
Not just pattern matching, multiple detection techniques across every module, in-band and out-of-band.
- Access Control
- Multi-Identity (BOLA/BFLA)
- SQL Injection
- NoSQL Injection
- XSS
- SSRF
- Command Injection
- XXE
- SSTI
- IDOR
- JWT Analysis
- CSRF
- CORS
- Clickjacking
- File Upload
- Directory Traversal
- Open Redirect
- API Security
- Security Headers
- Cookie Security
- Session Security
- SSL/TLS Analysis
- Subdomain Takeover
- Sensitive Files
- HTTP Methods
- Information Disclosure
- Email Security
- Template Checks
AI Review
AI that reduces triage work, not adds to it.
AI review flags likely false positives to cut through the noise. Confirmed findings are never downgraded.
Intelligent analysis
Findings are reviewed in context, not just matched against a pattern.
False positive validation
Likely false positives get flagged so your team spends less time triaging noise.
Attack path mapping
Individual findings get connected into the realistic chains an attacker would use.
Smart payload generation
Test payloads are generated for the context, not pulled from a static wordlist.
Executive reporting
Raw findings turn into a report written for people who aren't security engineers.
Works with Claude, GPT-4/GPT-4o, or any OpenAI-compatible endpoint, including local and self-hosted models.
Quick Start
Installed and scanning in under 5 minutes.
Reports export as HTML, PDF, DOCX, or JSON. Free, MIT licensed, no signup, no trial period.
Open By Default
ReconX is one of six open-source tools we build.
Smurf, SyncerD, Naoru, Vanisec, and more, all born from real client work, then open-sourced.
Explore All ToolsWork With Us
Need a real penetration test, not just a scan?
ReconX is the tool. Our team runs it, and knows what to do with what it finds.
Talk to an Expert