otsolain/gecko

★ 17PythonAudience · ops devopsComplexity · 4/5Setup · hard

Mindmap

mindmap
  root((Gecko))
    What It Does
      Passive recon stages
      Stream to browser
      AI triage layer
    Tech Stack
      Python
      Docker
      Tor
    Data Sources
      Shodan
      GitHub
      AI providers
    Use Cases
      OSINT gathering
      Pentest recon
      Attack chain analysis

mindmap root((Gecko)) What It Does Passive recon stages Stream to browser AI triage layer Tech Stack Python Docker Tor Data Sources Shodan GitHub AI providers Use Cases OSINT gathering Pentest recon Attack chain analysis

Click or tap to explore — scroll the page freely

Things people build with this

USE CASE 1

Run passive OSINT recon on an authorized target domain and stream each data source's results to a browser as they arrive

USE CASE 2

Configure Gecko with a Shodan API key and an AI provider key to get automated attack chain suggestions based on discovered exposures

USE CASE 3

Deploy Gecko via Docker Compose in one command to route all scan traffic through Tor for privacy during authorized assessments

Tech stack

PythonDockerTorShodan API

Getting it running

Difficulty · hard Time to first run · 1h+

Requires Docker Compose or a bare-metal Linux host, Tor is always active in Docker. API keys for Shodan, GitHub, and AI providers are optional but expand data coverage significantly.

No license information is stated in the repository.

In plain English

Gecko is a passive reconnaissance and security assessment platform designed for security professionals who need to gather information about systems they are authorized to test. It is built around a Python backend that runs a series of information-gathering stages in sequence and streams the results to a browser-based interface in real time. The tool can route all outbound traffic through the Tor network to conceal the origin of the scan. In the Docker setup, Tor routing is always on. In a bare-metal Linux installation, Tor is optional and only required for scans where privacy is a priority. You configure Gecko by creating an environment file from the provided template and filling in any third-party API keys you have. Keys for services like Shodan, GitHub, and various AI providers are all optional. Stages that require a missing key skip themselves automatically, so a scan with no API keys at all still runs but draws on fewer data sources. If you supply an API key for an AI provider (Anthropic, OpenAI, or Gemini), the tool adds an AI triage layer that analyzes findings and suggests potential attack chains. Gecko runs either through Docker Compose, which starts a Tor proxy, the backend, and a static web frontend in one command, or directly on a Linux host through a setup script that creates a Python virtual environment, installs dependencies, and registers a "gecko" shell command. A browser window opens automatically on start. The README carries a prominent note that Gecko must only be used against systems you own or have explicit written permission to test. It is written in Python, tagged on GitHub under OSINT, pentesting, and reconnaissance, and currently has 17 stars. The README does not describe a hosted service, self-hosting is the only option.

Copy-paste prompts

Prompt 1

Set up Gecko with Docker Compose using my Shodan and Anthropic API keys, scan my own domain in passive mode, and show me the AI triage analysis of what was found

Prompt 2

Which Gecko recon stages run without any API keys, and what information does each stage collect during a passive scan?

Prompt 3

Add a new Gecko recon stage that queries the Have I Been Pwned API for breached emails found during a scan and appends results to the stream

Prompt 4

Configure Gecko's bare-metal Linux install to route only external API calls through Tor while keeping direct connections for local network probes

Open on GitHub → Explain another repo

← otsolain on gitmyhub — every repo by this author, as a profile.

Verify against the repo before relying on details.