Quick Start

There are several ways to get recon-web up and running. Pick the method that suits your workflow best.

Docker (One-liner)

The fastest way to run a scan — no setup required. Just pull and run:

docker run --rm ghcr.io/brunoafk/recon-web/cli scan example.com

This pulls the latest CLI image, scans the target, prints the results to stdout, and cleans up the container automatically.

Docker Compose

For the full experience — web UI, persistent history, and all services — use Docker Compose.

1. Clone the repository:

   git clone https://github.com/brunoafk/recon-web.git
   cd recon-web

2. Create your environment file:

   cp .env.example .env

3. Start all services:

   docker compose up

4. Open the web UI at http://localhost:8080 and run your first scan.

From Source

If you want to develop or customize recon-web, run it directly with Node.js.

Prerequisites: Node.js 24+ and npm.

1. Clone and install dependencies:

   git clone https://github.com/brunoafk/recon-web.git
   cd recon-web
   npm install

2. Copy the example environment file:

   cp .env.example .env

3. Start the API server and web UI in separate terminals:

   # Terminal 1 — API server
   npm run dev
   
   # Terminal 2 — Web UI
   npm run dev:web

4. Open http://localhost:8080 in your browser.

What you’ll see

Once everything is running, the scan flow works like this:

1. You enter a target URL in the web UI (or pass it as a CLI argument).
2. recon-web kicks off dozens of security and reconnaissance checks in parallel — DNS lookups, TLS analysis, header inspection, port scanning, performance audits, and more.
3. Results stream back to the UI in real time via server-sent events. Each check appears as it completes, so you don’t have to wait for the full scan to finish.
4. When all checks are done, the full report is saved to your scan history for later review, comparison, and export.

Head over to Configuration to add API keys and tune settings, or jump straight to Your First Scan for a detailed walkthrough of the results.