Gecko

Gecko is a passive reconnaissance and security assessment platform designed for security professionals who need to gather information about systems they are authorized to test. It is built around a Python backend that runs a series of information-gathering stages in sequence and streams the results to a browser-based interface in real time.

The tool can route all outbound traffic through the Tor network to conceal the origin of the scan. In the Docker setup, Tor routing is always on. In a bare-metal Linux installation, Tor is optional and only required for scans where privacy is a priority.

You configure Gecko by creating an environment file from the provided template and filling in any third-party API keys you have. Keys for services like Shodan, GitHub, and various AI providers are all optional. Stages that require a missing key skip themselves automatically, so a scan with no API keys at all still runs but draws on fewer data sources. If you supply an API key for an AI provider (Anthropic, OpenAI, or Gemini), the tool adds an AI triage layer that analyzes findings and suggests potential attack chains.

Gecko runs either through Docker Compose, which starts a Tor proxy, the backend, and a static web frontend in one command, or directly on a Linux host through a setup script that creates a Python virtual environment, installs dependencies, and registers a "gecko" shell command. A browser window opens automatically on start.

The README carries a prominent note that Gecko must only be used against systems you own or have explicit written permission to test. It is written in Python, tagged on GitHub under OSINT, pentesting, and reconnaissance, and currently has 17 stars. The README does not describe a hosted service; self-hosting is the only option.