reconmap
Reconmap is a vulnerability assessment and penetration testing (VAPT) platform. It helps software engineers and infosec pros collaborate on security projects, from planning to implementation and documentation. The tool’s aim is to go from recon to report in the least possible time.
Features
- A simple dashboard with analytics
- Search across all your data (projects, vulnerabilities, tasks, …)
- Users and roles (including client access to projects)
- Two-factor authentication (2FA/MFA, TOPT)
- Security commands database and automation
- Vulnerability database
- Tasks manager
- Project and templates
- Client management
- Export/import data
- Notes with markdown support
- Attachments (docs, screenshots) to projects, vulnerabilities, and tasks
- Rest API: to easily integrate Reconmap with external tools and scripts.
- Custom (Whitelabel) report generation (HTML, PDF)
- Audit log
- Extensible via plugins
- Web and mobile clients
- Dark/Light themes
- Free and open source
- And more!
Architecture
The Reconmap architecture is quite simple. We have a RESTful API written in PHP8.4 and a bunch of clients written in React and React native. The information is stored in a MySQL 8.0 server and for background processing and messaging we rely on Rabbitmq.
The command automation is done using the Docker API and a Golang client.
Changelog v1.1
Added
- Add licenses page on the Web client
- Add filters to the vulnerabilities page
- Add setting to allow * CORS origins
- Add priority filter for tasks
- Add multiple contacts to client (general, billing, technical)
- Add project credential vault (Thanks to Karel Rozhon)
Changed
- Store user notifications on server (introduces ability to mark notifications as read/unread)
Download & Use
Copyright (C) 2021 Santiago Lizardo, Pablo Lizardo
