tugarecon
TugaRecon
TugaRecon is an advanced reconnaissance and intelligence framework that goes beyond enumeration.
It observes, interprets, remembers, and reacts β transforming subdomains into architectural intelligence.
π§ Philosophy
TugaRecon is inspired by Portuguese explorers.
During the 15th and 16th centuries, navigators did more than discover land β
they mapped patterns, learned from each voyage, and refined future expeditions.
TugaRecon follows the same principle:
Explore β Map β Learn β Remember β React
β skynet0x01
Reconnaissance is not about collecting data.
It is about understanding systems.
πΈ Preview
π Core Capabilities
- π Passive & active subdomain enumeration (multi-source OSINT)
- π‘ High-performance brute-force with adaptive wordlists
- π DNS resolution with fallback DNS servers
- π§ Semantic analysis & architectural impact scoring
- π― Asset prioritization by real security relevance
- π Temporal intelligence & asset memory
- βοΈ Automated reactions to risk changes
- 𧩠Infrastructure & role inference (IAM, DB, CI/CD, SCADA, etc.)
- πΊοΈ Optional ASN / infrastructure network mapping
- π Clean outputs:
.txt,.json,.csv,.png,.svg,.md,.pdf - π No API keys required for most modules
π§ Semantic & Architectural Intelligence
TugaRecon does not treat subdomains as strings.
It interprets them as signals of infrastructure design.
From naming conventions alone, it can infer:
- Identity & access layers (
auth,sso,iam) - Secrets & key management (
vault,kms,secrets) - Databases & data planes (
db,rds,postgres) - Network control (
gateway,proxy,waf) - Orchestration layers (
k8s,eks,cluster) - CI/CD infrastructure (
jenkins,gitlab,pipeline) - Monitoring & operations (
grafana,prometheus) - ICS / SCADA & industrial systems
This works even without open ports or HTTP access.
π― Impact Scoring & Prioritization
Each asset receives a numeric impact score (0β100) and a priority level.
Priority Levels
| Level | Meaning |
|---|---|
| CRITICAL | Control-plane, secrets, or production exposure |
| HIGH | Auth, database, or sensitive infrastructure |
| MEDIUM | Internal or supporting systems |
| LOW | Non-actionable or static assets |
π Temporal Intelligence & Asset Memory
TugaRecon is stateful.
Every scan is compared against historical snapshots, allowing it to reason about change over time.
βοΈ Automated Reactions
Temporal events can trigger automatic deep-dive analysis.
Only relevant assets consume resources.
π¦ Installation
git clone https://github.com/skynet0x01/tugarecon.git
cd tugarecon
pip3 install -r requirements.txt
π€ Author
skynet0x01
Cybersecurity Researcher & Tool Developer
π΅πΉ Portugal
π License
GNU GPLv3
Patent Restriction Notice:
No patents may be claimed or enforced on this software or any derivative.
Any patent claims result in automatic termination of license rights.
TugaRecon is not just a scanner.
It is a reconnaissance system that learns, remembers, and reacts.
π Donate with your favorite cryptocurrency:
- Bitcoin (BTC):
18Zg2qiypXRj7QnGWCpcXrKywmcfKkcUSs - Ethereum (ETH):
0x177c81746009cd7ab02adf85d28fbf27aca7a240 - Litecoin (LTC):
Le1jfoWqVoEJtm4BYbQRJbggiauMQNqjWy - Dogecoin (DOGE):
DSnRY69q1k6xhFkKULSTcSCQdJpVuGeB7k - Harmony (ONE):
one1cv90mednznu629p3jr7gqgmqd6qcm368stalwp - Solana (SOL):
5yRzoxDp17B5XEHSzmgTHWY4NYTWnk7s4qT48t941wyP
Every contribution, no matter how small, makes a big difference. Thank you!
Final note
This README has been updated to match the current behavior of tugarecon.py (flags/usage) and to resolve the license inconsistency. If you prefer the MIT license instead of GPLv3, tell me and I can update the source file headers or switch the README to reflect MIT licensing.