-100%
-100%
Click to enlarge

    HX-Recon-lite

    HX-Recon-Lite is a lightweight, project-based reconnaissance tool designed for penetration testers and security researchers. It automates subdomain enumeration, DNS resolution, and HTTP probing using proven open-source tools, then organizes the results into clean, actionable outputs. Built with a focus on usability and real-world workflows, it helps you quickly identify live assets and prioritize targets without unnecessary complexity.

    Download from Git

    Original price was: 10,00 $.Current price is: 0,00 $.

    Technical Snapshot

    Core specifications and runtime requirements

    Version
    1.1
    Built With
    Python
    Deployment
    Local CLI

    Introduction

    HX-Recon-Lite is a practical reconnaissance framework built for real-world penetration testing workflows. Instead of acting like a simple script, it operates as a structured tool that organizes your recon activities into projects, allowing you to run, store, and revisit scans efficiently.

    It combines multiple industry-standard tools for subdomain discovery, DNS resolution, and HTTP probing, then transforms raw data into structured outputs that are immediately useful for further analysis and exploitation.

    What It Does

    HX-Recon-Lite automates the early stages of reconnaissance:

    • Subdomain enumeration from multiple sources
    • DNS resolution to filter valid assets
    • HTTP probing to identify live targets
    • Response analysis (status codes, titles)
    • Categorization of targets (200 / 403 / 500 / redirects)

    Instead of giving you raw noise, it produces clean, filtered data that you can actually use.

    Key Features

    🔹 Project-Based Workflow

    Organize your targets into separate projects. Each project stores its own results, making recon repeatable and structured.

    🔹 Multi-Source Enumeration

    Uses multiple tools to maximize subdomain discovery and reduce blind spots.

    🔹 Intelligent Filtering

    Filters out dead domains using DNS resolution before HTTP probing to improve accuracy.

    🔹 HTTP Intelligence

    Collects status codes and response titles, helping you quickly identify interesting targets like admin panels, restricted endpoints, and misconfigured services.

    🔹 Categorized Output

    Automatically separates results into meaningful groups:

    • 200 (valid pages)
    • 403 (restricted access)
    • 500 (potential vulnerabilities)
    • redirects and others

    🔹 Clean Output Files

    All results are stored in structured formats:

    • JSON for automation
    • TXT for quick usage

    Why HX-Recon-Lite

    Most recon scripts either:

    • produce too much noise
    • or are too minimal to be useful

    HX-Recon-Lite sits in between:

    Minimal in design, but powerful in execution.

    It’s built for people who want:

    • speed
    • clarity
    • and control over their recon data

    Use Cases

    • Bug bounty reconnaissance
    • Penetration testing asset discovery
    • Red team initial access mapping
    • Continuous recon tracking (manual workflows)

    Output Example

    • subdomains.txt
    • alive.txt
    • alive_200.txt
    • alive_403.txt
    • alive_500.txt
    • result.json

    Deployment Options

    Multiple deployment methods for various infrastructure setups

    Python Package 

    sudo apt install nmap
sudo apt install tor
sudo apt install torsocks
pip install stem

///
insert to /etc/tor/torrc :
ControlPort 9051
CookieAuthentication 0
HashedControlPassword <HASHED_PASSWORD>
///

    Technical FAQ

    Frequently asked questions from security engineers

    What is HX-Recon-Lite?

    HX-Recon-Lite is a lightweight, project-based reconnaissance tool designed to automate subdomain discovery, DNS resolution, and HTTP probing. It helps security researchers and penetration testers quickly identify live assets and organize their findings in a structured way.

    Who is this tool for?

    This tool is built for:

    • penetration testers
    • bug bounty hunters
    • red teamers
    • security researchers

    If you perform reconnaissance regularly, HX-Recon-Lite is designed for your workflow.

    How is HX-Recon-Lite different from other recon tools?

    Most tools either:

    • focus on a single task (like subdomain enumeration)
    • or produce unstructured, noisy output

    HX-Recon-Lite combines multiple steps into a clean pipeline and organizes results into projects with categorized outputs, making it easier to use in real engagements.

    Why am I seeing many subdomains but few alive results?

    This is normal. Many discovered subdomains:

    • no longer resolve
    • are misconfigured
    • or do not run HTTP services

    HX-Recon-Lite filters these using DNS resolution and HTTP probing to give you only usable targets.

    What output formats does it provide?

    HX-Recon-Lite generates:

    • JSON (structured data)
    • TXT files (quick usage)
    • categorized lists (200, 403, 500, etc.)

    This allows both automation and manual analysis.