hoxtxnDev/HXRECON

``` ██╗ ██╗██╗ ██╗██████╗ ███████╗ ██████╗ ██████╗ ███╗ ██╗ ╚██╗██╔╝╚██╗██╔╝██╔══██╗██╔════╝██╔════╝██╔═══██╗████╗ ██║ ╚███╔╝ ╚███╔╝ ██████╔╝█████╗ ██║ ██║ ██║██╔██╗ ██║ ██╔██╗ ██╔██╗ ██╔══██╗██╔══╝ ██║ ██║ ██║██║╚██╗██║ ██╔╝ ██╗██╔╝ ██╗██║ ██║███████╗╚██████╗╚██████╔╝██║ ╚████║ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝ HXRECON v1.0.0 — Professional Network Reconnaissance Suite ``` ## 📋 目录 - [描述](#-descripción--description) - [架构](#-arquitectura--architecture) - [安装](#-instalación--installation) - [用法](#-uso--usage) - [快速入门](#-tutorial-rápido--quick-start-tutorial) - [Ghost Protocol](#-ghost-protocol--protocolo-fantasma) - [MITRE ATT&CK 映射](#-mitre-attck-mapping) - [免责声明](#-disclaimer--aviso-legal) - [许可证](#-licencia--license) ## 🎯 描述 **HXRECON** 是一套专业级的网络侦察套件，专为红队行动和进攻性安全评估而设计。其每字节的网络逻辑均完全使用 Python 标准库实现 —— 不依赖 nmap、masscan、dig 或任何外部二进制文件。 ### 功能 | 模块 | 描述 | |:--|:--| | `scanner` | 带信号量控制的异步 TCP 连接扫描 | | `dns_recon` | DNS 记录枚举 + 子域名暴力破解 + AXFR | | `banner` | Banner 抓取及基于正则表达式的服务指纹识别 | | `cve` | 通过 NIST NVD API v2 进行 CVE 关联 | | `opsec` | Ghost Protocol OPSEC 规避层 | ## 🏗️ 架构 ``` hxrecon/ ├── __init__.py ├── modules/ # Módulos de reconocimiento / Recon modules │ ├── scanner.py # TCP scan (asyncio + semáforo/semaphore) │ ├── dns_recon.py # DNS enum (paquetes raw UDP / raw UDP packets) │ ├── banner.py # Banner grab (regex fingerprinting) │ ├── cve.py # CVE lookup (NVD API v2 + rate limiting) │ └── opsec.py # Ghost Protocol (jitter, pacing, decoy) ├── core/ # Núcleo del sistema / Core system │ ├── config.py # Dataclasses de configuración / Config dataclasses │ ├── engine.py # Orquestación / Orchestration engine │ └── output.py # Exportación JSON/MD + helpers Rich ├── cli/ │ └── entrypoint.py # TUI Rich con Live Display ├── pyproject.toml # PEP 518 ├── README.md # Este archivo / This file ├── ARCHITECTURAL_CRITIQUE.md # 3 debilidades arquitectónicas / Architectural weaknesses └── PEER_REVIEW.md # Simulación de revisión / Peer review simulation ``` ### 技术决策 | 决策 | 描述 | |:--|:--| | **Stdlib-first** | 仅将 `rich` 作为第三方依赖 | | **并发** | 使用 `asyncio` 处理 I/O + `ThreadPoolExecutor` 处理 DNS/API | | **无二进制文件** | 0 次对 nmap/masscan/dig 的 subprocess 调用 | | **强类型配置** | 全面采用强类型 Dataclasses | ## 💻 安装 ``` # 要求 / Requirement: Python ≥ 3.10 # 从源码安装 / Install from source git clone https://github.com/hoxtxnDev/hxrecon.git cd hxrecon pip install -e . # 或仅安装依赖 / Or just the deps pip install rich ``` ### 🔧 Windows 注意事项 ## 🚀 用法 ### scan — TCP 端口扫描 ``` hxrecon scan -t 10.0.0.1 -p 1-1000 --opsec --json --md ``` **实时输出：** ``` ╔════════════════════════════════════════════════════════════╗ ║ ◆ HXRECON Status — Estado ║ ╠════════════════════════════════════════════════════════════╣ ║ Target / Objetivo: 10.0.0.1 ║ ║ Ports / Puertos: 500/1000 (50.0%) ║ ║ Open / Abiertos: 3 ║ ║ Throughput / Rend.: 142.3 ports/s ║ ║ Elapsed / Trans.: 3.5s ║ ║ ETA / TME: 3.5s ║ ║ Ghost Protocol: ACTIVE ║ ║ Concurrency / Con.: 500 ║ ╚════════════════════════════════════════════════════════════╝ ╔════════════════════════════════════════════════════════════╗ ║ ◆ Live Feed — Resultados en Vivo ║ ╠════════════════════════════════════════════════════════════╣ ║ 14:32:01 Port 22/tcp OPEN (ssh) ║ ║ 14:32:03 Port 80/tcp OPEN (http) ║ ║ 14:32:05 Port 443/tcp OPEN (https) ║ ╚════════════════════════════════════════════════════════════╝ ``` ### dns — DNS 侦察 ``` hxrecon dns -t example.com --axfr --wordlist subdominios.txt ``` ### banner — Banner 抓取 ``` hxrecon banner -t 10.0.0.1 -p 22,80,443,3306 ``` ### cve — 漏洞查询 ``` hxrecon cve --service openssh --version 8.9p1 ``` ### full — 完整侦察套件 ``` hxrecon full -t 10.0.0.1 -p 1-10000 --opsec --json --md ``` 按顺序执行：`scan ➜ banner ➜ dns ➜ cve` 并自动导出 JSON + Markdown。 ## 🧪 快速入门教程 ### 只需 3 步即可扫描目标 ``` # 1. 常见端口快速扫描 hxrecon scan -t 10.0.0.1 -p 22,80,443,8080 # 2. OPSEC 规避全扫描 + 导出 hxrecon scan -t 10.0.0.1 -p 1-5000 --opsec --json --md # 3. 全面识别 (scan + banner + dns + cve) hxrecon full -t ejemplo.com -p 1-1000 --opsec --json ``` **典型的渗透测试流程：** ``` 1. hxrecon scan -t -p 1-10000 → Puertos abiertos 2. hxrecon banner -t -p 22,80,... → Servicios + versiones 3. hxrecon cve -s -ver → CVEs críticos ``` ### 3 步扫描目标 ``` # 1. 常见端口快速扫描 hxrecon scan -t 10.0.0.1 -p 22,80,443,8080 # 2. OPSEC 规避全扫描 + 导出 hxrecon scan -t 10.0.0.1 -p 1-5000 --opsec --json --md # 3. 全面识别套件 (scan + banner + dns + cve) hxrecon full -t example.com -p 1-1000 --opsec --json ``` **典型的渗透测试流程：** ``` 1. hxrecon scan -t -p 1-10000 → Open ports 2. hxrecon banner -t -p 22,80,... → Services + versions 3. hxrecon cve -s -ver → Critical CVEs ``` ## 👻 Ghost Protocol 用于在侦察过程中降低被检测率的 OPSEC 规避层。 | 功能 | 描述 | Flag | |:--|:--|:--| | **高斯抖动 (Gaussian Jitter)** | 非确定性高斯延迟 | `--jitter-mean` / `--jitter-std` | | **目标限速 (Target Pacing)** | 速率限制吞吐量 (targets/s) | `--target-rate` | | **诱饵噪声 (Decoy Noise)** | 交错的诱饵 DNS 查询 | `--decoy-noise` | | **源端口随机化 (Source Port Rand.)** | 随机化源端口 | 默认开启 | ## 🛡️ MITRE ATT&CK 映射 | 技术 | 名称 | 模块 | |:--|:--|:--| | **T1046** | 网络服务扫描 (Network Service Scanning) | `scanner.py` | | **T1018** | 远程系统发现 (Remote System Discovery) | `scanner.py`, `dns_recon.py` | | **T1590** | 收集受害者网络信息 (Gather Victim Network Information) | `dns_recon.py` | | **T1596** | 搜索开放技术数据库 (Search Open Technical Databases) | `cve.py` | | **T1040** | 网络嗅探 (Network Sniffing) | `banner.py` | | **T1595** | 主动扫描 (Active Scanning) | 所有模块 | ## ✅ 验证 所有模块均已通过语法验证、导入验证和 CLI 解析验证。 | 检查项 | 状态 | |:--|:--:| | 语法验证 (13 个 Python 文件) | ✅ 全部通过 | | 模块导入 (8 个模块) | ✅ 全部通过 | | CLI 参数解析 (5 个子命令) | ✅ 全部通过 | | Rich TUI 导入 (11 个组件) | ✅ 全部通过 | ## ⚠️ 免责声明 ## 📄 许可证 **MIT License** — © 2026 **@hoxtxnDev** ``` Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ```

_{由 @hoxtxnDev 用 🔥 打造
ES/EN · 专业红队工具 · 纯 Python 编写}

标签：asyncio, ATT&CK 框架, osquery, Python, 实时处理, 密码管理, 插件系统, 数据统计, 无后门, 端口扫描, 计算机取证, 运维安全, 逆向工具