A lightweight Linux-native CLI recon tool for passive and active reconnaissance on domains or IPs.
Features
DNS records (A, NS, MX, TXT, SPF, SOA, CNAME, AAAA)
WHOIS information with normalized output parsing
Common port scanning capabilities
HTTP headers analysis
Ping statistics and network diagnostics
Traceroute mapping for network path analysis
Parallel execution with threading for improved performance
Quick Start
bash# Clone and setup
git clone https://github.com/Tecttano/scout.git
cd scout
chmod +x scout.py
# Basic usage
python3 scout.py -t example.com # Basic reconnaissance
python3 scout.py -t 8.8.8.8 --ports # Include port scanning
python3 scout.py -t example.com -a # All checksInstallation
Quick Install
Clone the repository:
bashgit clone https://github.com/Tecttano/scout.git
cd scoutMake executable:
bashchmod +x scout.pyOptional - Add to PATH:
bash# Copy to system directory
sudo cp scout.py /usr/local/bin/scout
sudo chmod +x /usr/local/bin/scout
# Or create symlink
sudo ln -s $PWD/scout.py /usr/local/bin/scoutUsage Examples
Basic Reconnaissance
bashpython3 scout.py -t example.com # Standard domain scan
python3 scout.py -t 192.168.1.1 # IP address scan
python3 scout.py -t example.com --passive # Passive checks onlyAdvanced Scanning
bashpython3 scout.py -t example.com --dns-info # All DNS records
python3 scout.py -t example.com --headers # HTTP headers analysis
python3 scout.py -t example.com --ports # Include port scanning
python3 scout.py -t example.com --trace # Add traceroute
python3 scout.py -t example.com -a # All checks enabledOutput and Profiles
bashpython3 scout.py -t domain.com -o results # Save to file
python3 scout.py -t example.com --json # JSON output format
python3 scout.py -t example.com --profile quick # Quick scan profile
python3 scout.py -t example.com --profile full # Comprehensive scan
python3 scout.py -t example.com -v # Verbose outputCommand Options
| Option | Description |
|---|---|
-t, --target | Target domain/IP (required) |
--passive | Passive checks only (no active scanning) |
--dns-info | Fetch all DNS record types |
--headers | Analyze HTTP headers |
--ports | Scan common ports |
--trace | Run traceroute analysis |
-a, --all | Run all available checks |
--profile | Scan profile (quick, passive, full) |
-v, --verbose | Enable verbose output |
--timeout | Timeout in seconds (default: 5) |
--threads | Maximum threads (default: 10) |
-o, --output | Save results to file |
--json | Output in JSON format |
Technical Details
Scout is written entirely in Python and developed on Linux in VS Code, using only subprocess.run to interface with native tools like dig, whois, ping, and traceroute. It uses argparse for input parsing and runs straight from the CLI.
I was rusty with Python, but I got concurrency working with threads to avoid blocking on slower calls like ping or traceroute which brought the average runtime down from about 8 seconds to 2. By default, Scout pulls A and PTR records, but you can toggle DNS modes to fetch MX, TXT, SPF, SOA, CNAME, and AAAA.
The toughest part was normalizing WHOIS output since it's inconsistent across registrars. I built a parser that scans each line, checks for keys like "registrant", "created", "expires", or "registrar", and builds a summary and JSON object. It catches junk returns, handles blank lines, and even formats dates consistently. I built this tool because I actually needed something lightweight and reliable for my IT use cases. One easy advantage of developing a tool I actually use is that I'll organically resolve bugs and add features as I go along.
Requirements
Python 3.6+ with standard library
Standard Unix tools: dig, whois, ping, traceroute
Linux/Unix-like system (tested on Debian/Ubuntu)
Network connectivity for active reconnaissance
Sample Output
Basic Domain Scan
[DOMAIN] example.com
[DNS] A: 93.184.216.34
[DNS] NS: a.iana-servers.net, b.iana-servers.net
[WHOIS] Registrar: IANA
[WHOIS] Created: 1995-08-14
[PING] 93.184.216.34: avg 45.2ms, 0% lossComprehensive Scan
=== SCOUT RECONNAISSANCE REPORT ===
Target: example.com
[DNS RECORDS]
A: 93.184.216.34
AAAA: 2606:2800:220:1:248:1893:25c8:1946
MX: (Priority 0) .
NS: a.iana-servers.net, b.iana-servers.net
TXT: v=spf1 -all
[WHOIS INFORMATION]
Registrar: IANA
Organization: Internet Assigned Numbers Authority
Created: 1995-08-14
Updated: 2022-08-14
Expires: 2023-08-14
[PORT SCAN]
80/tcp: open (http)
443/tcp: open (https)
[HTTP HEADERS]
Server: ECS (dcb/7EA3)
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=604800Development Notes
Uses threading for concurrent operations to improve performance
Implements robust error handling for network timeouts
WHOIS parser handles multiple registrar formats
Modular design allows easy addition of new reconnaissance modules
JSON output format for integration with other tools
Troubleshooting
Common Issues
bash# Check required tools are installed
which dig whois ping traceroute
# Install missing tools (Debian/Ubuntu)
sudo apt update
sudo apt install dnsutils whois iputils-ping traceroute
# Permission issues for certain scans
sudo python3 scout.py -t target.com --ports
# Network connectivity test
ping -c 1 8.8.8.8Performance Optimization
bash# Reduce timeout for faster scans
python3 scout.py -t example.com --timeout 3
# Limit thread count for resource-constrained systems
python3 scout.py -t example.com --threads 5
# Use passive mode for stealth reconnaissance
python3 scout.py -t example.com --passive