Recox: Web Application Vulnerability Finder

Recox: Web Application Vulnerability Finder

Recox combines numerous methods to form the ultimate web application reconnaissance tool. The main aim of the script is to find and then classify vulnerabilities within web applications. With its in-depth mechanism, it can help the user find unexpected vulnerabilities which are normally overlooked by other web application scanners.

Recox: Web Application Vulnerability Finder 

Recox automated numerous functions required in a manual penetration test to help the user save time and focus on the real issues instead. Some of these functions include: 

Deep – Dom Scanner

– Subdomain takeover
– Passive Scan
– Active Scan
– CORS Misconfiguration
– Zone Transfer Test
– Web Content Discovery
Deep JS Analysis

Involves the extraction of source link and parameters inside the webpage.

– Static Analysis (SAST)
– Dynamic Analysis (DAST)
Web – Info

Comprises of three check-ups (not as technical as previous 2):

– DNS Record Extraction
– Subdomain
– Web of Trust (WOT)

The information is gathered recursively from each subdomain and IP address. After the web application is scanned, the various vulnerabilities are then presented to the user through the command line interface.


  • Instead of performing a manual penetration test, the user can run this tool instead to find the vulnerabilities within the web application. 
  • This tool is easy to install and use. 
  • Finds uncommon vulnerabilities which are outside the OWASP top ten list of most common vulnerabilities. 
  • Saves significant amount of time for the user. 

Supported Platforms:

  • Linux


  • None


Clone the GitHub repo: 

$ git clone 

Recox Usage

Enter the following commands: 

$ chmod +x  
$ ./ 

Welcome Screen

██████╗ ███████╗ ██████╗ ██████╗ ██╗  ██╗
██████╔╝█████╗  ██║     ██║ //██║ ╚███╔╝ 
██╔══██╗██╔══╝  ██║     ██║// ██║ ██╔██╗ 
██║  ██║███████╗╚██████╗╚██████╔╝██╔╝ ██╗
╚═╝  ╚═╝╚══════╝ ╚═════╝ ╚═════╝ ╚═╝  ╚═╝                                         

Twitter: @sulemanmalik_3                V1.0
DONE           [######################### 100%]

[!] VirusTotal API OK
[!] Shodan API OK

[1] Deep-Dom Scanner
[2] Deep-JS
[3] Web-Info
[0] Exit

To run the Recox from anywhere in the terminal, use the following command:

$ mv /usr/local/bin/recox
Documentation Box
Download Box