Package Metadata

Author: —
Email: ExploitCraft <[email protected]>
PyPI: ReconNinja
Python: >=3.10
Versions: 14 releases
First release: 07 Mar 2026, 12:57 UTC
Analysed: 05 Jun 2026, 20:01 UTC
Source files: 62 .py files scanned

Project Links

Classifiers

Development Status :: 5 - Production/StableEnvironment :: ConsoleIntended Audience :: Information TechnologyLicense :: OSI Approved :: MIT LicenseOperating System :: POSIX :: LinuxProgramming Language :: Python :: 3Programming Language :: Python :: 3.10Programming Language :: Python :: 3.11Programming Language :: Python :: 3.12Topic :: Security

🤖 AI Analysis

Final verdict: SUSPICIOUS

The package exhibits significant credential risk and shell execution capabilities, which could be leveraged for malicious purposes. The network and metadata risks, though lower, add to the overall suspicion.

High credential risk
Capabilities for executing arbitrary shell commands

Per-check LLM notes

Network: Network calls suggest DNS queries which could be part of legitimate domain reconnaissance activities.
Shell: Shell executions include commands that might be used for reconnaissance purposes but also indicate the potential execution of arbitrary git commands and pip installations, which could pose risks if misused.
Obfuscation: No signs of actual obfuscation techniques being used.
Credentials: Multiple patterns observed that could be used for unauthorized access attempts to sensitive files, indicating potential malicious intent.
Metadata: Suspicious non-HTTPS link and incomplete maintainer information suggest potential issues, but not conclusive evidence of malice.

🔬 Heuristic Checks

⚠ Outbound Network Calls score 9.0

Found 6 network call pattern(s)

ol).""" try: with socket.create_connection((host, port), timeout=timeout) as sock: # Send P
col.""" try: with socket.create_connection((host, port), timeout=timeout) as sock: # Send m
col.""" try: with socket.create_connection((host, port), timeout=timeout) as sock: sock.sen
length + query with socket.create_connection((ns_ip, 53), timeout=timeout) as sock: sock.send
pen.""" try: with socket.create_connection((host, port), timeout=timeout): return True
RT_NONE try: with socket.create_connection((host, port), timeout=timeout) as sock: with ctx

✓ Code Obfuscation

No obfuscation patterns detected

⚠ Shell / Subprocess Execution score 10.0

Found 6 shell execution pattern(s)

ess try: result = subprocess.run( ["dig", "+short", "NS", domain], ca
ass try: result = subprocess.run( ["nslookup", "-type=NS", domain], c
""" try: result = subprocess.run( ["git", *args], cwd=str(cwd),
dencies...") try: subprocess.run( [sys.executable, "-m", "pip", "install", "-r",
ystems don't need it) subprocess.run( [sys.executable, "-m", "pip", "install", "-r",
stdin_fh: proc = subprocess.run( ["aquatone", "-out", str(aq_dir), "-quiet"]

⚠ Credential Harvesting score 10.0

Found 4 credential access pattern(s)

ed", "../", "../../etc/passwd", "%00", "admin", "true"] # Auth bypass headers AUTH_BYPAS
FI_PROBES = [ "../../../../etc/passwd", "../../../../etc/passwd%00", "....//....//....//e
/etc/passwd", "../../../../etc/passwd%00", "....//....//....//etc/passwd", "%2e%2e%2f%2e%
wd%00", "....//....//....//etc/passwd", "%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd", "..%25

✓ Typosquatting

No typosquatting candidates detected

✓ Registered Email Domain

Email domain looks legitimate: gmail.com>

⚠ Suspicious Page Links score 2.0

Found 1 suspicious link(s) on the package page

Non-HTTPS external link: http://127.0.0.1:7117

✓ Git Repository History

Repository ExploitCraft/ReconNinja appears legitimate

⚠ Maintainer History score 4.0

2 maintainer concern(s) found

Author name is missing or very short
Author "" appears to have only 1 package on PyPI (new or inactive account)

✓ Known CVE Vulnerabilities

No known vulnerabilities found in OSV database.

💡 AI App Starter Prompt

Use this prompt to build a project with ReconNinja

Create a comprehensive network reconnaissance tool using the ReconNinja package. Your goal is to develop a user-friendly application that allows security researchers to perform a series of automated reconnaissance tasks on a target network. This tool should be capable of discovering open ports, identifying running services, enumerating hosts within a subnet, and gathering additional information such as DNS records, WHOIS data, and more. Here are the steps and features you should include in your application:

1. **Setup**: Ensure the application initializes properly, allowing users to input target IP addresses or domain names.
2. **Scanning Phase**: Implement a scanning phase where the application uses ReconNinja to scan the target for open ports and services. It should display a summary of the findings, including port numbers and service versions.
3. **Enumeration Phase**: Develop an enumeration phase that leverages ReconNinja’s capabilities to enumerate hosts within the target subnet, gather DNS records, and extract WHOIS data. Display these details in a structured format for easy analysis.
4. **Reporting**: Integrate a reporting feature that compiles all gathered information into a detailed report. This report should be easily exportable in PDF or HTML formats.
5. **User Interface**: Design a simple yet effective command-line interface (CLI) or a basic web-based UI using Flask or Django. Ensure the interface guides users through each phase of the reconnaissance process.
6. **Logging**: Implement logging functionality to record all actions performed during the reconnaissance process, which can be useful for auditing purposes.
7. **Security Measures**: Include basic security measures such as input validation to prevent injection attacks and ensure the application handles sensitive data securely.

By following these guidelines, you will create a powerful and versatile network reconnaissance tool that leverages the full potential of the ReconNinja package.