Technology Stack

March 23, 2026 · View on GitHub

Frontend

TechnologyRole
Next.js (v16)Full-stack React framework — server-side rendering, API routes, and the project webapp
React (v19)Component-based UI library powering all interactive views
TypeScriptStatic typing across the entire frontend codebase
TanStack React QueryServer state management, caching, and data synchronization
React Force Graph (2D & 3D)Interactive attack surface graph visualization
Three.js3D rendering engine behind the 3D graph view
D3 ForceForce-directed layout algorithms for graph positioning
React MarkdownRendering agent chat responses with markdown formatting
React Syntax HighlighterCode block highlighting in agent outputs
Lucide ReactIcon system used throughout the UI

Backend & API

TechnologyRole
FastAPIAsync Python web framework for the Recon Orchestrator and Agent API
UvicornASGI server running both FastAPI services
PydanticData validation and settings management across all Python services
Docker SDK for PythonProgrammatic container lifecycle management — the Recon Orchestrator uses it to spawn and control recon, GVM, and GitHub hunt containers
SSE (Server-Sent Events)Real-time log streaming from recon pipeline and GVM scans to the webapp
WebSocketBidirectional real-time communication between the agent and the webapp chat

AI & LLM

TechnologyRole
LangChainLLM application framework — prompt management, tool binding, chain composition
LangGraphState machine engine implementing the ReAct (Reasoning + Acting) agent loop
OpenAI (Direct)Supported LLM family — GPT-5.2, GPT-5, GPT-4.1. Configure in Global Settings
Anthropic (Direct)Supported LLM family — Claude Opus 4.6, Sonnet 4.5, Haiku 4.5. Configure in Global Settings
OpenAI-CompatibleAny OpenAI-compatible endpoint (Ollama, vLLM, Groq, etc.). Configure in Global Settings
OpenRouterMulti-model gateway — access 300+ models through a single API key. Configure in Global Settings
AWS BedrockManaged AWS service — access foundation models (Claude, Titan, Llama, Cohere, etc.) via langchain-aws. Configure in Global Settings
TavilyAI-powered web search used by the agent for CVE research and exploit intelligence
Model Context Protocol (MCP)Standardized protocol for tool integration — the agent calls security tools through MCP servers
LangChain AWSAWS Bedrock integration — ChatBedrockConverse for Bedrock foundation models
LangChain MCP AdaptersBridges LangChain tool interface with MCP server endpoints
Text-to-CypherLLM-powered natural language to Neo4j Cypher query translation

Databases

TechnologyRole
Neo4j (Community Edition)Graph database — stores the entire attack surface as an interconnected knowledge graph with 17 node types and 20+ relationship types
APOCNeo4j plugin providing advanced procedures and functions for graph operations
PostgreSQL (v16)Relational database — stores project settings, user accounts, and configuration data
PrismaTypeScript ORM for PostgreSQL — schema management, migrations, and type-safe queries
RedisIn-memory cache and message queue used within the GVM vulnerability scanning stack

Security & Penetration Testing Tools

ToolCategoryRole
Kali LinuxBase PlatformPenetration testing distribution used as the base Docker image for recon and MCP tool containers
Metasploit FrameworkExploitationExploit execution, payload delivery, Meterpreter sessions, auxiliary scanners, and post-exploitation
NaabuPort ScanningFast SYN/CONNECT port scanner from ProjectDiscovery
NmapNetwork ScanningNetwork mapper for deep service detection, OS fingerprinting, and NSE vulnerability scripts — exposed as a dedicated MCP server
NucleiVulnerability ScanningTemplate-based scanner with 9,000+ community templates + custom template upload — DAST fuzzing, CVE detection, misconfiguration checks
HttpxHTTP ProbingHTTP/HTTPS probing, technology detection, TLS inspection, and response metadata extraction
KatanaWeb CrawlingActive web crawler with JavaScript rendering — discovers URLs, endpoints, forms, and parameters
GAU (GetAllUrls)Passive ReconPassive URL discovery from Wayback Machine, Common Crawl, AlienVault OTX, and URLScan.io
ParamSpiderParameter MiningPassive URL parameter discovery from Wayback Machine CDX API — returns only parameterized URLs for fuzzing
KiterunnerAPI DiscoveryAPI endpoint brute-forcer using real-world Swagger/OpenAPI-derived wordlists
SubfinderSubdomain DiscoveryPassive subdomain enumeration using 50+ online sources (certificate logs, DNS databases, web archives)
KnockpySubdomain DiscoveryActive subdomain brute-forcing tool
WappalyzerFingerprintingTechnology fingerprinting engine with 6,000+ detection rules
InteractshOut-of-Band DetectionCallback server for detecting blind vulnerabilities (SSRF, XXE, blind SQLi)
Tor / Proxychains4AnonymityAnonymous traffic routing for stealthy reconnaissance

Vulnerability Assessment

TechnologyRole
GVM / OpenVAS (Greenbone)Network-level vulnerability scanner with 170,000+ Network Vulnerability Tests (NVTs)
ospd-openvasOpenVAS scanner engine — executes protocol-level probes against target services
gvmdGVM daemon — orchestrates scans, manages configurations, and exposes the GMP API
GitHub Secret HunterCustom scanner using 40+ regex patterns and Shannon entropy analysis to detect leaked credentials in GitHub repositories

Data Sources & Threat Intelligence

SourceRole
NVD (National Vulnerability Database)CVE lookup, CVSS scores, and vulnerability descriptions
MITRE CWE / CAPECWeakness classification and common attack pattern mapping for discovered CVEs
Shodan InternetDBPassive port and service data without sending packets to the target
crt.shCertificate Transparency log queries for subdomain discovery
Wayback MachineHistorical URL archive for passive endpoint discovery
Common CrawlWeb archive data for passive URL collection
AlienVault OTXOpen threat intelligence feed for URL and indicator enrichment
URLScan.ioURL scanning and analysis data
HackerTargetPassive subdomain enumeration API
VulnersAlternative vulnerability database for CVE enrichment
GitHub APIRepository and code search for secret scanning via PyGithub

Infrastructure & DevOps

TechnologyRole
DockerContainer runtime — every component runs containerized with zero host dependencies
Docker Compose (v2)Multi-container orchestration — defines and manages the entire 12+ container stack
Docker-in-Docker (DinD)Architecture pattern allowing the Recon Orchestrator to spawn ephemeral scan containers
Python (3.11)Core language for all backend services — recon pipeline, agent, orchestrator, GVM scanner, GitHub hunter
Node.js (v22)JavaScript runtime for the Next.js webapp
Go (1.25)Build environment for compiling ProjectDiscovery tools (Naabu, Nuclei) from source
Bash / ShellContainer entrypoint scripts, tool orchestration, and automation

Protocols & Communication

ProtocolRole
MCP (Model Context Protocol)Standardized tool integration — four MCP servers (Network Recon, Nuclei, Metasploit, Nmap) running inside the Kali sandbox
SSE (Server-Sent Events)Unidirectional real-time streaming for recon logs, GVM scan progress, and GitHub hunt output
WebSocketBidirectional real-time communication for the agent chat interface
Bolt (Neo4j)Binary protocol for high-performance Neo4j graph database queries
GMP (Greenbone Management Protocol)XML-based protocol for communicating with the GVM daemon
REST / HTTPInter-service API communication between all containers