Post

ReconLens: The Passive Reconnaissance Lens for Modern Web Security

🇬🇧 Introducing ReconLens, a powerful browser extension that silently extracts endpoints, secrets, and intelligence from web pages you visit, enabling frictionless passive reconnaissance.

Posted
Preview Image
By fr0stb1rd
views 3 min read
ReconLens: The Passive Reconnaissance Lens for Modern Web Security

In the world of cybersecurity, the quality of your reconnaissance directly determines the success of your engagement. While active scanning tools are powerful, they are often noisy and easily detected. This is where passive reconnaissance shines—gathering intelligence without ever sending a single probe beyond what a normal user would.

Introducing ReconLens: A modern, high-speed passive information extraction tool built as a Manifest V3 browser extension. | 🇹🇷 Türkçe

🔍 What is ReconLens?

ReconLens is a silent observer that lives in your browser. As you browse the web, it automatically analyzes page sources, inline scripts, and external JavaScript files to harvest valuable intelligence. It extracts everything from hidden API endpoints and cloud storage buckets to sensitive secrets like API keys and JWTs—all in real-time and entirely locally.

ReconLens is a modernization and expansion of the original FindSomething project, rebuilt to meet the demands of modern web security research.

✨ Key Features

ReconLens is designed for speed, depth, and usability:

🎯 13 Detection Categories

ReconLens doesn’t just look for URLs; it categorizes intelligence into 13 distinct types:

  • Infrastructure: IP addresses, Domains, and URLs.
  • Sensitive Data: Secrets (700+ patterns), JWTs, and Emails.
  • Development: Paths, Incomplete Paths, and Algorithm detection (Base64, MD5, etc.).
  • Static Assets: Automatic filtering of images, CSS, and other static files.

🔒 700+ Secret Patterns

Powered by a massive regex engine inspired by Nuclei, ReconLens can detect hundreds of different secret types, including:

  • Cloud Credentials (AWS, Azure, GCP)
  • API Keys (Google, Stripe, Twilio, Slack)
  • Database Connection Strings
  • Private Keys and Tokens

🤖 AI-Ready Intelligence

Exporting your findings for further analysis is seamless. The specialized “Copy for AI” engine formats your harvested data into Markdown, JSON, XML, or HTML, ready to be dropped into your favorite LLM or reporting tool.

🎨 Cyber Aesthetic & Performance

Security tools don’t have to look boring. ReconLens features a custom Cyber Aesthetic UI with a high-contrast purple/magenta palette. Behind the scenes, it uses an asynchronous pipeline that ensures your browsing speed is never compromised.

📡 Webhook Integration

For those who want to centralize their data collection, ReconLens can forward findings to a remote server in real-time. Simply configure your endpoint, and watch your global reconnaissance database grow as you browse.

🛡️ Privacy & Security First

ReconLens operates under a strict privacy-first model:

  • Local Analysis: All regex matching and data extraction happen locally in your browser.
  • No Data Leakage: No data is sent to external servers unless you explicitly configure a webhook.
  • Manifest V3: Built on the latest browser extension standards for better security and performance.

📦 Getting Started

ReconLens is open-source and cross-compatible with Chrome and Firefox.

Installation

  1. Clone the Repository:
    1

    git clone https://github.com/fr0stb1rd/ReconLens.git
  2. Chrome/Chromium:
    • Navigate to chrome://extensions/
    • Enable Developer mode.
    • Click Load unpacked and select the ReconLens directory.
  3. Firefox:
    • Navigate to about:debugging#/runtime/this-firefox
    • Click Load Temporary Add-on and select the manifest.json.

💡 The Philosophy of Passive Recon

“The essence of penetration testing is information gathering. The detail and quality of the information collected directly correlates with the ability to discover vulnerabilities.”

Modern web apps often leak internal logic and sensitive endpoints through client-side JavaScript. Manually auditing these files is a Herculean task. ReconLens automates this process, turning your normal browsing activity into a powerful intelligence-gathering mission.

Whether you’re a bug bounty hunter looking for that one hidden endpoint or a security researcher auditing a complex application, ReconLens provides the clarity you need to see through the noise.

Explore the code and contribute on GitHub: fr0stb1rd/ReconLens

Cybersecurity, Web
reconlens reconnaissance bug-bounty web-security browser-extension secrets-detection
This post is licensed under CC BY 4.0 by the author.