Instrument

recongraph

Bill Rondell, Nick Adams & Dade Murphy — instrument — 1 min read — 85 words

Phase: hunt
Language: Python

Seed-polymorphic recon engine with environmental contamination detection

§ Workflow phase

01 hunt
02 analyze
03 enrich
04 report
05 instrument

Discovery. Finds what is exposed.

recongraph is a Python recon engine that accepts any seed type, IP, CIDR, domain, ASN, certificate fingerprint, banner string, and emits a typed provenance graph with rule-based exposure classification.

What it does

Seed-polymorphic input: IP / CIDR / Domain / ASN / CertFP / BannerString
Typed provenance output, every node carries its derivation rule
Fixed-point passive saturation before any active probe
Active probes gated on a configurable budget
Built-in sandbox-MITM detection, downgrades L7 conclusions when running inside an intercepting environment

§ Used in

Used in

FIELD CASES · 02

01

Unauthenticated ML Training Server — velutina-service.ch

2026-06-01
02

116.202.28.181 — Pantaflow Live Transcription Server

2026-05-22

§ hunt layer

Same phase

01

aimap

nmap for AI infrastructure

Go
02

JAXEN

Stateful Go recon framework with deep TLS forensics

Go
03

VisorGraph

High-performance infrastructure mapping with native gVisor sandboxing

Go
04

VisorGoose

Government TLD AI discovery via CT logs, Shodan, DNS, and Ollama fingerprinting

Go
05

menlohunt

GCP External Attack Surface Management with automated chain detection

Go
06

VisorSD

Shodan exposure scanner + adversarial RAG security testing

Go
07

VisorBishop

Cross-platform AI/LLM observability fingerprinter, 12 platforms, IP-direct-shadow probe

Go