Version: 1.3-beta
Status: Advisory-only | External-Posture Intelligence
Author: Shikhar Kant Sinha
VedicRecon is a surgical reconnaissance and infrastructure posture analysis engine designed to transform raw external scan data into governed, uncertainty-aware intelligence reports.
Unlike traditional vulnerability scanners that attempt to enumerate and exploit everything, VedicRecon focuses on:
-
Externally observable posture
-
Defensive abstraction & opacity
-
Attack surface reasoning
-
What can and cannot be known from outside
It does not claim vulnerabilities unless they are externally verifiable.
VedicRecon sits between raw recon tools and human analysis, acting as a structured reasoning layer.
👉 Don’t want to read everything?
Jump straight to the Installation & Usage section.
This is critical.
VedicRecon is NOT:
❌ A vulnerability scanner
❌ An exploitation framework
❌ A replacement for Nmap, Burp, Metasploit, or manual testing
❌ A CVE auto-mapper
❌ A “critical findings generator”
“If something cannot be externally verified, it must not be asserted.”
VedicRecon enforces epistemic discipline:
-
Observability ≠ Absence
-
Ambiguity is explicitly stated
-
Heuristic attribution is labeled as such
-
Defensive controls that intentionally obscure themselves are treated conservatively
This prevents:
-
Over-reporting
-
False confidence
-
Vendor hallucinations
-
Legal and professional misrepresentation
-
Budget Friendly
VedicRecon is intentionally designed to be cost-efficient per execution.
- AI usage is limited strictly to final narrative synthesis
- Deterministic logic, scoring, and analysis are performed locally
- The selected model (Gemini 2.5 Flash) is optimized for fast summarization and low token usage
As a result, a typical VedicRecon run consumes approximately ~1 RPD (request per day unit).
This predictable, minimal consumption model ensures that:
- The tool remains practical for repeated use
- Costs do not scale with scan size or port count
- AI usage never becomes a bottleneck or hidden expense
Cost efficiency is a design constraint, not an optimization afterthought.
VedicRecon can:
-
Perform baseline network discovery using trusted tools (Nmap, ffuf)
-
Detect edge abstraction patterns (opaque / non-attributable behavior)
-
Classify service exposure vs defensive density
-
Reason about attack surface shape, not just port counts
-
Generate human-readable intelligence reports
It clearly separates:
-
Verifiable facts
-
Non-verifiable elements
-
Hypothetical attack paths
-
Produce executive-safe, audit-safe reports
VedicRecon uses a strict, multi-stage pipeline:
Recon → Registry → Logic Engine → Deterministic Scoring → AI Narration → Privacy Enforcement → Final Report
Each stage has one responsibility:
| Stage | Purpose |
|---|---|
| Recon (Go core) | Fast, deterministic data collection |
| Registry | Single source of truth |
| Logic Engine | Correlation, edge detection, posture inference |
| VMS Engine | Deterministic scoring (non-AI) |
| AI Engine | Narrative synthesis only |
| Privacy Scrubber | Post-generation enforcement |
AI is never used to:
-
Detect vulnerabilities
-
Identify vendors
-
Infer internal architecture
-
Make claims about unseen systems
AI is used only to:
- Convert structured logic into clear human language
- Write professional security narratives
- Generate hypothesis-based attack reasoning
All sensitive data is scrubbed post-generation.
Penetration Testers
- Early-phase recon
- External posture analysis
- Client-safe reporting
Security Engineers / Blue Teams
- Attack surface visibility
- Defensive abstraction analysis
Consultants / Auditors
- Advisory-only assessments
- Professional defensibility
- Script-kiddie automation
- Exploit chaining
- Vulnerability farming
- Red team automation without human analysis
- Scope confirmation
- Run VedicRecon
- Review posture report
- Decide where to focus manual testing
- Proceed with targeted exploitation using other tools
VedicRecon answers:
“Where does this infrastructure appear weak or exposed from the outside?”
It intentionally does not answer:
“How do I break in automatically?”
- All ports
- OS fingerprinting
- Service enumeration
- Focused analysis (
-p) - Sensitive environments
- Noise reduction
VedicRecon enforces:
- Scope awareness
- Advisory-only output
- Non-exploitative posture
All findings are:
- Externally observable
- Non-assertive
- Hypothesis-based
Authorization is your responsibility.
“Vedic” refers to structured knowledge, not mythology.
The tool emphasizes:
- Clarity
- Order
- Truth boundaries
- Knowing what is known vs unknowable
Design limitations (intentional):
- External posture only
- No authenticated scanning
- No internal visibility
- No exploitation
VedicRecon is not built to impress with noise.
It is built to think clearly under uncertainty.
If you value:
- Accuracy over drama
- Discipline over hype
- Intelligence over automation
This tool is for you.
- ✅ Kali Linux
- ✅ Ubuntu 20.04+
⚠️ Arch Linux (advanced users only)
macOS is not supported due to raw socket limitations.
nmapffufgopython3(>= 3.10)
Verify:
nmap --version
ffuf -V
go version
python3 --versiongit clone https://github.com/Shikhar0708/VedicRecon-Framework.git
cd VedicRecon-FrameworkVedicRecon uses a Go binary for fast, deterministic discovery.
cd core
go build -o ../bin/vr_core_linux .
cd ..Verify:
ls bin/vr_core_linuxCreate and activate a virtual environment:
python3 -m venv vedic-framework
source vedic-framework/bin/activateInstall dependencies:
pip install -r requirements.txt| File | Purpose |
|---|---|
| config/profiles.json | Defines the specific arguments and flags for Nmap and ffuf scan profiles. |
| config/ai_profile.json | Sets the boundaries and stylistic constraints for AI-generated narratives. |
| config/privacy.json | Contains the Zero-knowledge scrubbing rules to strip PII and sensitive data. |
| config/wrapper.json | Handles OS tool verification to ensure dependencies like Nmap are present. |
You typically do not need to modify these unless customizing behavior.
VedicRecon allows users to supply their own directory or endpoint wordlists.
To ensure compatibility with the discovery pipeline, any custom wordlist must be named:
common.txt
and placed in the following directory:
config/wordlists/common.txt
This design choice ensures:
- A predictable, deterministic execution path
- No dynamic file loading or unsafe path handling
- Consistent behavior across environments
If you wish to use a different wordlist, simply replace the contents of common.txt with your own entries.
Launch the framework as root:
sudo -E vedic-framework/bin/python main.py
You must explicitly accept the operational boundary license before use.
After that you will see the VedicRecon Station menu.
From the menu:
1. Add New Target(s)You can enter:
A single IP: 192.x.x.x
A CIDR: 192.168.x.x/24
A file path containing targets. Unstable for nowTargets are stored in the central registry.
When launching discovery, you will be prompted whether to:
Scan Entire Host (Default)
Full port discoverySingle-Port Diagnostic Mode
Used for:
-
Sensitive environments
-
Service validation
-
Noise reduction
Example:
Scan a single port only? (y/n): y
Enter port number: 3000This uses Nmap’s -p flag internally without changing Go binaries.
VedicRecon automatically executes:
| Phase | Description |
|---|---|
| Phase 2 | Baseline Network Discovery |
| Phase 4 | Banner Grabbing |
| Phase 5 | Edge / WAF Signal Detection |
| Phase 6 | Optional Directory Enumeration (ffuf) |
| Phase 7 | Logic Correlation |
| Phase 8 | Deterministic Scoring (VMS) |
| Phase 10 | AI Intelligence Synthesis |
| Phase 11 | Privacy Scrubbing |
VedicRecon uses an external Large Language Model (LLM) only for narrative synthesis.
- Provider: Google Gemini
- Model: Gemini 2.5 Flash
On first run, VedicRecon will prompt for a Gemini API key only if AI narration is enabled.
The AI is used strictly to:
- Convert structured, deterministic findings into clear human-readable language
- Generate professional security narratives
- Describe hypothesis-based attack reasoning
The AI is never used to:
- Detect vulnerabilities
- Identify vendors
- Infer internal architecture
- Make claims about unseen systems
- Assign risk scores
- Sensitive identifiers (IPs, hostnames, banners, vendor names) are sanitized before AI ingestion
- A second privacy enforcement pass is applied after AI output
- The AI never receives raw scan data
If no API key is provided, VedicRecon can still perform reconnaissance and scoring, but it will fail loudly and no ai-report generation will happen.
Registry
output/targets.csvIntelligence Reports
reports/VedicRecon_Surgical_Report_<timestamp>.mdAdvisory-only
Externally observable
Safe to share with stakeholders
- Define scope
- Add target(s)
- Run discovery
- Review posture report
- Decide where to manually test
- Proceed with exploitation using other tools
Often occurs with:
- OS detection failures
- Permission issues
- Filtered environments
VedicRecon continues safely unless critical data is missing.
To reset the workspace:
Clear Workspace (/output)You must have authorization to scan any target.
VedicRecon does not bypass protections and does not exploit systems.
Licensed under the GNU General Public License v3.0 (GPL-3.0).