recon-cli 0.94.1

Versatile network reconnaissance CLI: HTTP/TLS/DNS, multi-protocol probes, and a Rhai script engine
Documentation

recon

GitHub License: MIT Rust edition 2021 Latest release crates.io Homebrew

A versatile network reconnaissance CLI written in Rust. Started as a curl clone and grew into a multi-protocol investigation tool covering HTTP(S), TLS certificate inspection, DNS, WHOIS, ping, traceroute, barcode encode/ decode, file compression and archiving, Markdown / HTML / PDF conversion, and a full Rhai script engine that exposes every protocol probe and helper for automation.

recon https://example.com/                  # curl-style HTTP request
recon example.com --cert                    # inspect server's TLS cert chain
recon example.com --dns A,MX,TXT            # DNS in one shot
recon --spf --dmarc --dkim example.com      # email-protection sweep
recon --script my-flow.rhai                  # Rhai scripts with full HTTP/probe access

Highlights

  • 40+ URL schemes: HTTP(S), FTP(S), SCP, SFTP, TFTP, Gopher, Telnet, SSH, IMAP(S), POP3(S), SMTP(S), MQTT(S), Redis, Memcached, LDAP(S), RTSP(S), DICT, NTP, IPFS/IPNS, WS(S), TCP, UDP, file, …
  • TLS at the protocol level: certificate inspection, CRL revocation checking, client cert mTLS, CA pinning, HSTS persistence.
  • Browser fingerprint impersonation (opt-in feature, 0.77.0): mimic Chrome, Firefox, Safari, Edge, mobile, or OkHttp at the JA3 / JA4 / H2 fingerprint level via BoringSSL. See Browser fingerprint impersonation below.
  • Email protection sweep: SPF, DMARC, DKIM, MTA-STS, TLS-RPT, BIMI in one command (recon --spf --dmarc --dkim --mta-sts --tls-rpt --bimi).
  • Document conversion: Markdown → HTML, Markdown → PDF, HTML → PDF with cover pages, ToC, page breaks, and PDF metadata.
  • Codecs and crypto: hash (10 algorithms), encode / decode (base64, base32, hex, URL, percent, …), encrypt / decrypt (age, PGP shellout), compress / decompress (gzip, brotli, zstd, lz4, snappy, deflate, xz, zlib), archive / extract (zip, tar, tar.gz, …), barcode encode / decode (QR, DataMatrix, Aztec, PDF417, MaxiCode, plus 1D codes).
  • Rhai script engine: every CLI feature is also a script binding — http(), dns(), ping(), tcp_connect(), mqtt_pub(), … with a sticky-session browser() for stateful flows.
  • Curl compatibility: most curl flags work as you'd expect (-X, -H, -d, -L, -o, -I, -K, -u, -x, --data-binary, --retry, --time-cond, --xattr, -E mTLS, -n netrc, …). See docs/curl-parity-matrix.md.

Install

Homebrew (macOS / Linuxbrew)

brew tap codedeviate/cli
brew install recon                # default rustls build
# or, with BoringSSL-based browser fingerprint impersonation:
brew install recon-impersonate

The two formulas install the same recon binary and conflict; pick one.

crates.io

The crate is published as recon-cli (the bare recon name has been parked since 2019). The installed binary is still recon:

cargo install recon-cli                                # default build
cargo install recon-cli --features impersonate         # with impersonation

From source

git clone https://github.com/codedeviate/recon.git
cd recon
make install                      # installs to ~/.cargo/bin

# or with the impersonate feature (BoringSSL, ~5–10 MB extra binary,
# slow first build):
make install-impersonate

Build only without installing:

make release                      # default build (rustls-only)
make release-impersonate          # release build + browser fingerprint
                                  # impersonation feature

make help lists every target.

Quick start

# Verbose request with header capture
recon https://api.example.com/v1/items -i

# POST JSON
recon -X POST https://api.example.com/items \
      -H 'Content-Type: application/json' \
      -d '{"name":"thing"}'

# Inspect a TLS cert chain (works on expired or self-signed certs)
recon https://example.com --cert

# Multiple DNS record types in one query
recon --dns A,AAAA,MX,TXT,DNSKEY example.com

# Email-protection aggregate report
recon --spf --dmarc --dkim --mta-sts --tls-rpt --bimi example.com

# WHOIS with two-hop registrar referral
recon --whois example.com

# Save a markdown document as PDF with ToC and cover page
recon --md-to-pdf README.md \
      --toc --gfm --doc-title 'recon README' \
      -o README.pdf

# Run a Rhai script
recon --script script/dns.rhai example.com A,MX

For more examples grouped by feature area:

recon --examples                  # ~60 sections of curated scenarios
recon --help <topic>              # long-form reference (e.g. tls, proxy, mqtt, jwt)
recon --flags                     # alphabetical curl-style flag index

Configuration

recon reads a layered TOML config: an optional system layer (/etc/recon/config.toml, or $HOMEBREW_PREFIX/etc/recon/config.toml on macOS) and an optional user layer (~/.recon/config.toml). The layers are deep-merged with user winning. Bootstrap your user layer with recon --init; see recon --help configuration or the Configuration files section of the manual for details.

Browser fingerprint impersonation

recon 0.77.0 added an opt-in Cargo feature impersonate that pulls in rquest (BoringSSL) plus rquest-util so recon can mimic a real browser's TLS+H2 fingerprint instead of its default reqwest+rustls signature. Useful when a server uses JA3 / JA4 fingerprinting or HTTP/2 SETTINGS-frame analysis to distinguish bots from real browsers.

make install-impersonate          # one-time, installs feature-on binary

recon --impersonate chrome_131 https://example.com/
recon --impersonate firefox_128 https://tls.peet.ws/api/all
recon --impersonate safari_ios_17.4.1 https://example.com/

--ja3 / --ja4 / --http2-fingerprint are reserved in the CLI for forward-compatibility but error at runtime in v1; named profiles cover the captcha-testing use case. See recon --help impersonate for the full profile list and v1 incompatibility rules.

Documentation

  • docs/MANUAL.md — the long-form user manual. Mirrored to docs/MANUAL.pdf (committed).
  • CHANGELOG.md — every release, keep-a-changelog format.
  • HISTORY.md — design rationale per feature: why the approach, what was rejected, what was deferred.
  • OUT-OF-SCOPE.md — what recon won't do, and why.
  • docs/curl-parity-matrix.md — recon ↔ curl --version feature mapping.
  • script/README.md — Rhai script gallery, one focused .rhai per binding module.
  • recon --help [topic] — built-in topic-organised help.
  • recon --examples — curated runnable scenarios.

Build matrix

make ci                # default-feature: fmt-check + clippy + test
make ci-impersonate    # ci + a parallel build/test pass with the
                       # impersonate feature (BoringSSL)

License

MIT. Repository at https://github.com/codedeviate/recon.