Otsolain

Otsolain / Gecko

Public

Recon & security-assessment platformFastAPI stage orchestrator with a live web UI, Tor routing, and multi-provider AI triage

osint pentesting reconnaissance
17
0
69% credibility
Found May 31, 2026 at 17 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

Gecko is an automated website security assessment platform that helps you discover security issues on websites you own or have permission to test. It runs dozens of passive and active checks — from DNS configuration to exposed files to missing security headers — and presents findings in a clear, prioritized report. You can choose between quick passive scans or deep full scans, optionally including authenticated testing by providing login steps.

How It Works

1
🔍 You hear about a security tool

A friend tells you about Gecko — a tool that automatically checks websites for security problems, like missing protections or exposed information.

2
🖥️ You install it on your computer

You download and run a simple setup command. Gecko launches a clean web interface in your browser, ready to scan.

3
🌐 You enter a website to check

You type in the domain name of your own website (or one you have permission to test) and click start. Gecko asks you to confirm you own it.

4
Gecko goes to work automatically

Behind the scenes, Gecko quietly checks dozens of security checks — DNS records, exposed files, missing protections, and more — streaming results to your screen in real time.

5
You choose how deep to go
🔒
Quick scan

Passive checks only — no requests sent to the target, completely invisible to the website

🔓
Full scan

All checks enabled including active probes — gives the most complete picture

6
📋 You review your security report

Gecko compiles everything into a clear report showing what it found, how serious each issue is, and what it means for you.

You know what to fix next

You now have a prioritized list of security issues to address, with explanations and references to help you understand and fix each one.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 17 to 17 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is Gecko?

Gecko is a passive reconnaissance and security-assessment platform built in Python. The backend runs as a FastAPI service that orchestrates over 50 different scan stages, streaming results live to a web UI via Server-Sent Events. You point it at a domain, pick a scan profile (full, quick, or custom), and it enumerates subdomains, fingerprints tech stacks, probes for vulnerabilities, checks for exposed secrets on GitHub, and builds an attack chain analysis. The whole stack ships as a docker-compose setup with Tor routing built in for OPSEC-sensitive work, or you can run it bare-metal on Linux with a single `gecko` command.

Why is it gaining traction?

The hook here is the breadth of the stage catalog combined with the live streaming UI. Most recon tools are CLI-only or require stitching together separate utilities. Gecko brings the whole pipeline into one interface with per-stage confirmation gates, method-level technique selection, and optional AI-assisted triage via Anthropic, OpenAI, or Gemini. The Tor integration is always-on in Docker and optional on bare-metal, which matters for operators who need privacy. Batch scanning multiple targets sequentially with campaign-level aggregation is also a practical touch that solo pentesters and small teams actually need.

Who should use this?

Security researchers and penetration testers who want a unified recon dashboard without scripting glue between tools. Bug bounty hunters managing multiple targets will appreciate the batch mode and session persistence (reload the page mid-scan and it catches you up). Red team operators who need Tor routing for OPSEC will find the privacy mode useful. This is not for production security teams needing SLA-backed tooling -- the 17-star count and early versioning tell you where this sits on the maturity curve.

Verdict

Gecko is a feature-rich recon workbench with a thoughtful UI layer that could save you significant scripting time if the stage catalog covers your targets. The 0.699999988079071% credibility score reflects an early-stage project with limited community validation, so treat it as a power-user tool rather than enterprise-grade infrastructure. Test it against your specific target types before committing to it as a primary workflow.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.