Noureddine RAMDI / Argus: a modular Python CLI toolkit for comprehensive security reconnaissance

Created Sat, 23 May 2026 20:41:14 +0000 Modified Sat, 23 May 2026 20:41:27 +0000
948 Words
github-stars python cli security reconnaissance osint network-scanning

jasonxtn/Argus

Argus is a command-line reconnaissance tool that integrates a broad spectrum of security scanning techniques into a single interactive shell. Instead of juggling multiple scripts or tools to collect information about network infrastructure, web applications, or threat intelligence, Argus provides a unified interface to execute 135 specialized modules. The design mimics the Metasploit-style command shell where users can select modules, configure targets, and execute scans seamlessly.

what argus offers and how it is built

At its core, Argus is a Python-based reconnaissance framework that bundles diverse information-gathering capabilities — from basic WHOIS and DNS lookups to advanced threat intelligence queries using APIs like Shodan, VirusTotal, Censys, and Have I Been Pwned (HIBP). The toolkit is organized into 135 modules, each implementing a distinct fingerprinting or data collection technique relevant to network security and OSINT workflows.

The entire system runs inside an interactive CLI shell. Users enter commands such as use to pick a module, set to configure parameters like target domain and thread count, and run to launch the scan. For convenience, batch commands like runall execute all modules sequentially, while runfav runs a curated set of favorite modules. Profiles allow users to save specific module configurations for repeated use.

Under the hood, Argus is written in Python, using threading for concurrency and modular code organization to isolate each reconnaissance technique. The API keys required for external services are configurable via environment variables or a settings file, enabling seamless integration with third-party threat intelligence providers.

The project supports multiple installation methods: running directly from source after installing dependencies, installing via pip as argus-recon, a full installer script that automates setup, or a Docker image for containerized usage. This flexibility caters to different user preferences and deployment scenarios.

what distinguishes argus technically and its tradeoffs

The standout feature of Argus is its comprehensive and uniform CLI metaprompt interface that exposes a wide array of scanning modules consistently. Each module, whether it performs a DNS enumeration, JWT token inspection, or RPKI route validity check, follows the same command pattern (use, set, run), which reduces cognitive load and streamlines workflow automation.

This consistent interface is a design choice that trades off some complexity in the CLI implementation for a much smoother user experience. Instead of learning unique commands or flags per tool, users master a single command set that works across all recon modules.

Another technical strength is the integration of multiple external intelligence APIs in a multiplexed fashion. Argus supports API keys for Shodan, VirusTotal, Censys, Google, and HIBP, among others. This multi-provider approach increases the breadth and depth of data available but introduces external dependencies and the need to manage multiple API keys, which can be a barrier for some users.

The codebase is surprisingly clean for a security tool with such a large module catalog. It uses Python’s threading for parallelism, allowing scans to run concurrently where applicable. The modular structure means users can enable or disable modules as needed, which helps manage performance and relevance.

One limitation is that the tool relies heavily on third-party API rate limits and availability, meaning extended or high-volume scans require proper API key management and potentially paid API plans. Additionally, the sheer number of modules (135) could overwhelm new users, though the favorites and profiles features mitigate this.

quick start

Option 1: No Installation (Run Directly)

git clone https://github.com/jasonxtn/argus.git
cd argus
pip install -r requirements.txt
python -m argus

Option 2: Using pip

pip install argus-recon
argus

Option 3: Full Installation

git clone https://github.com/jasonxtn/argus.git
cd argus
chmod +x install.sh && ./install.sh
python -m argus

Option 4: Docker

git clone https://github.com/jasonxtn/argus.git
cd argus
docker build -t argus-recon:latest .
docker run -it --rm -v $(pwd)/results:/app/results argus-recon:latest

basic usage example

Once launched, you can list available modules:

argus> modules

Select a module by number:

argus> use 1

Set the target and thread count:

argus> set target example.com
argus> set threads 10

Run the module:

argus> run

To enhance functionality, export your API keys as environment variables:

export VIRUSTOTAL_API_KEY="your_key_here"
export SHODAN_API_KEY="your_key_here"
export CENSYS_API_ID="your_id_here"
export CENSYS_API_SECRET="your_secret_here"
export GOOGLE_API_KEY="your_key_here"
export HIBP_API_KEY="your_key_here"

verdict

Argus is a solid choice for security professionals who want a one-stop, modular reconnaissance toolkit accessible through a consistent CLI interface. Its large collection of specialized modules covers a wide range of information gathering needs, making it suitable for penetration testers, red teamers, and OSINT researchers.

The tradeoff lies in managing multiple API keys and navigating the extensive module catalog, which may pose a learning curve for newcomers. However, the favorites and profiles system helps tailor the experience. The support for Docker and pip installation adds deployment flexibility.

Overall, Argus is worth exploring if you value having a uniform, extensible CLI for diverse reconnaissance tasks without juggling multiple standalone tools.

→ GitHub Repo: jasonxtn/Argus ⭐ 3,584 · Python