tugarecon
TugaRecon
TugaRecon is an advanced subdomain reconnaissance and intelligence framework built for security researchers, penetration testers, and OSINT professionals.
It combines OSINT enumeration, semantic analysis, temporal intelligence, and automated reactions to continuously improve asset discovery and prioritization.
π§ Philosophy
TugaRecon is inspired by Portuguese explorers.
During the 15th and 16th centuries, navigators mapped the unknown, learned from each voyage, and refined future expeditions.
TugaRecon follows the same principle:
Explore β Map β Learn β Remember β React
β skynet0x01
πΈ Preview
π Core Features
- π Passive & active subdomain enumeration (multiple OSINT sources)
- π‘ Built-in brute-force engine with adaptive wordlists
- π DNS resolution with fallback DNS servers
- π§ Semantic analysis & impact scoring
- π― Asset prioritization by security relevance
- π Temporal Intelligence & asset memory
- βοΈ Automated reactions to temporal events
- πΊοΈ Optional ASN / infrastructure network mapping
- π Clean outputs:
.txt,.json,.csv,.png,.svg,.pdf - π No API keys required for most modules
π§ Adaptive Intelligence & Wordlist Enrichment
TugaRecon learns from every scan.
Instead of relying solely on static wordlists, it analyzes discovered subdomains and automatically extracts meaningful tokens and naming patterns, enriching its internal dictionaries.
Workflow
# Initial scan (learning phase)
python3 tugarecon.py -d example.com
# Brute-force using enriched intelligence
python3 tugarecon.py -d example.com -b
Key Properties
- Wordlists are extended, never overwritten
- Duplicate-safe and transparent
- Improves brute-force efficiency over time
- Domain-agnostic and reusable
π― Impact Scoring & Asset Prioritization
Each subdomain is evaluated using semantic indicators extracted from its name and context.
Signals Considered
- Administrative exposure (
admin,panel,manage) - Authentication services (
auth,login,sso) - Critical environments (
prod,core,primary) - Sensitive roles (
api,gateway,billing)
Impact Levels
| Level | Meaning |
|---|---|
| CRITICAL | Admin or production exposure |
| HIGH | Auth or security-sensitive service |
| MEDIUM | Internal or semi-exposed |
| LOW | Non-actionable |
Example
[CRITICAL] impact=100 admin.prod.example.com
[HIGH ] impact=75 auth.example.com
[LOW ] impact=0 static.example.com
This allows analysts to focus immediately on what matters.
π Temporal Intelligence & Asset Memory
TugaRecon is stateful.
Each run creates a snapshot and compares it with previous scans, classifying assets by temporal state.
Temporal States
- NEW β First time seen
- STABLE β Unchanged across scans
- ESCALATED β Impact increased
- FLAPPING β Appears / disappears intermittently
- DORMANT β Previously seen, now missing (β₯ 2 days)
Example Output
[π§ ] Temporal Risk View β Top Targets
ESCALATED admin.api.example.com
NEW auth.prod.example.com
DORMANT old-panel.dev.example.com
Snapshots are stored per target and date, creating long-term reconnaissance memory.
βοΈ Automated Reactions (Reaction Engine)
Temporal intelligence can trigger automatic reactions.
When a subdomain becomes relevant (e.g. ESCALATED), TugaRecon can automatically execute deeper analysis modules.
Supported Reactions
- HTTP probing (httpx)
- TLS inspection
- Security headers analysis
Example Logic
ESCALATED β HTTPX + TLS + HEADERS
NEW + high impact β HEADERS
FLAPPING β WATCH
Output Structure
results/<target>/<date>/reactions/
βββ sub.example.com/
βββ metadata.json
βββ tls.json
βββ httpx.txt
βββ headers.json
Only relevant subdomains generate reactions.
π¦ Installation
git clone https://github.com/skynet0x01/tugarecon.git
cd tugarecon
pip3 install -r requirements.txt
Recommended:
python3 -m venv venv
source venv/bin/activate
βοΈ Basic Usage
python3 tugarecon.py -d example.com
Main Options
| Option | Description |
|---|---|
-d, --domain |
Target domain (required) |
-b, --bruteforce |
Enable brute-force |
-e, --enum |
Run specific OSINT modules |
-t, --threads |
Concurrent threads (default: 250) |
-m, --map |
Generate ASN / network map |
π Project Structure (Simplified)
modules/
βββ OSINT/ # Enumeration engines
βββ Intelligence/ # Temporal memory & reactions
β βββ snapshot.py
β βββ decision_engine.py
β βββ reaction_engine.py
β βββ reactions/
βββ Brute_Force/ # High-performance brute-force
βββ Map/ # Network / ASN visualization
utils/
βββ temporal_analysis.py
βββ temporal_score.py
βββ temporal_view.py
β οΈ Legal Notice
Use only on targets you own or have explicit authorization to test.
The author assumes no responsibility for misuse.
π€ Author
skynet0x01
Cybersecurity Researcher & Tool Developer
π΅πΉ Portugal
π License
GNU GPLv3
Patent Restriction Notice: No patents may be claimed or enforced on this software or any derivative. Any patent claims result in automatic termination of license rights.
TugaRecon is not just a scanner.
It is a reconnaissance system that learns, remembers, and reacts.
π Donate with your favorite cryptocurrency:
- Bitcoin (BTC):
18Zg2qiypXRj7QnGWCpcXrKywmcfKkcUSs - Ethereum (ETH):
0x177c81746009cd7ab02adf85d28fbf27aca7a240 - Litecoin (LTC):
Le1jfoWqVoEJtm4BYbQRJbggiauMQNqjWy - Dogecoin (DOGE):
DSnRY69q1k6xhFkKULSTcSCQdJpVuGeB7k - Harmony (ONE):
one1cv90mednznu629p3jr7gqgmqd6qcm368stalwp - Solana (SOL):
5yRzoxDp17B5XEHSzmgTHWY4NYTWnk7s4qT48t941wyP
Every contribution, no matter how small, makes a big difference. Thank you!
Final note
This README has been updated to match the current behavior of tugarecon.py (flags/usage) and to resolve the license inconsistency. If you prefer the MIT license instead of GPLv3, tell me and I can update the source file headers or switch the README to reflect MIT licensing.