We wondered if there could be a way to get crucial information about your vulnerabilities in your website, so that you could limit the chances of being hacked. That idea led us to create recon_rocks.
What it does
recon_rocks lets you enter in the URL of your website, and it will run a series of diagnostic tests on the website you entered. It will display all of the crucial information, and even who to contact in case of a bad vulnerability so that it can be fixed as soon as possible.
How we built it
We build recon_rocks using Python, Flask, and Recon-Ng to build the backend and carry out all of the tests we run on the website. Then we used Bootstrap for the UI, and customized to give it more a terminal/hacky feel to it.
Challenges we ran into
We ran into the issues of dispatching multiple sub-processes, asynchronously. To solve that problem we first tried to solve it using the Celery framework, and Celery wasn't allowing us to run the processes like we had hoped. We had to learn a new way to multithread tasks.
Accomplishments that we're proud of
We're really proud of learning how to multithread tasks using Python, because it allowed us so that we wouldn't have to sacrifice any of the tests that we run on the websites.
What we learned
We learned a lot about Python, and how best to make use of the Flask framework with Python. We also learned about other security tests and options that matter most to people so that we can be sure we are providing them with the right information that's useful.
What's next for recon_rocks
We really want a tool like recon_rocks, and we envision it to be versatile across many tests; some tests that we did not have a chance to add in the short span of time we had. In order to make recon_rocks versatile, we're going to be open sourcing it on GitHub. That will allow anyone who believes or wants a tool like this to have a certain function, they can add it. We want to make sure we are covering as many web insecurities as possible, and the best way to do that is, for us to allow more people to add tests, and give feedback on what's most meaningful in protecting websites from being attacked.