Skip to main content
This guide walks you through launching QtRecon, running your first network scan, and viewing the results.

Launch the application

Start QtRecon from your terminal: 
cd ~/tools/qtrecon
pipenv run python qtrecon.py
You can also open an existing workspace: 
pipenv run python qtrecon.py /path/to/workspace.db
QtRecon workspace files are SQLite databases with the .db extension. You can edit them directly if needed.

Run your first scan

1

Open the new scan dialog

Click File > New Scan or press the new scan button in the toolbar.The scan dialog allows you to configure:
  • Target IP addresses or CIDR ranges
  • Port ranges (TCP and UDP)
  • Scan type (SYN, Connect, etc.)
  • Scan speed (-T0 through -T5)
  • Additional options like OS detection and default scripts
2

Configure your scan

For a quick test scan, use these settings:Target: 192.168.1.0/24 (adjust to your network)Port range: T:-,U:53,161,631
  • T:- scans all TCP ports
  • U:53,161,631 scans specific UDP ports
Scan type: -sS (SYN scan, requires root)Speed: -T3 (normal)Options:
  • ✓ Version probing
  • ✓ Default scripts
  • ✓ OS detection
Check “Save as default” to use these settings for future scans.
3

Start the scan

Click Start Scan.If you’re running a privileged scan (like -sS), you’ll be prompted for your password by the graphical sudo program (pkexec, gksu, etc.).The scan progress appears in the Jobs tab at the bottom of the window.
4

Wait for results

As nmap discovers hosts, they appear in the Hosts tab on the left side of the window.Watch the log panel for messages:
[INFO] Starting new scan on 192.168.1.0/24
[INFO] Finished nmap scan (5 hosts)
If autorun is enabled in your configuration, QtRecon will automatically launch tools against discovered services.

View scan results

1

Select a host

Click on any host in the Hosts panel on the left.The right panel displays:
  • Host information (IP, hostname, OS, MAC address)
  • Open ports and services
  • Notes section for your observations
2

Explore the ports tab

The Ports tab shows all discovered services with:
  • Port number
  • Protocol (TCP/UDP)
  • Service name and version
Right-click on a port to:
  • Launch configured tools for that port
  • Copy the port number
  • View service details
3

View nmap output

Click the nmap tab to see the raw nmap output for the selected host.This includes:
  • Full version detection results
  • Script output from NSE scripts
  • OS detection details
4

Check application tabs

If autorun launched any tools, you’ll see additional tabs with names like:
  • “feroxbuster”
  • “Nikto”
  • “SMB enum”
These tabs display real-time output from running tools.
Running jobs show a clock icon. Completed jobs show a checkmark or X icon.

Launch tools manually

You can launch tools interactively against any discovered service.
1

Select a host and port

Click a host in the Hosts panel, then select a port in the Ports tab.
2

Right-click to see available tools

Right-click on the port to see all configured tools that can run against this service.For example, port 80 might show:
  • Launch Firefox
  • Launch Nikto
  • Scan files and folders with feroxbuster
  • Launch Nuclei
  • Launch Sqlmap in batch mode
3

Execute the tool

Click a tool to launch it.QtRecon automatically replaces variables in the command:
  • %%%IP%%% → Target IP address
  • %%%PORT%%% → Selected port
  • %%%HOSTNAME%%% → Target hostname (or IP if no hostname)
If the tool requires credentials and you have stored credentials for this host, QtRecon will ask if you want to use them.
4

View tool output

For non-detached tools, a new tab appears in the right panel showing real-time output.For detached tools (like browsers or terminals), the program launches in a separate window.

Work with the Services view

The Services tab provides a port-centric view of your scan results.
1

Switch to the Services tab

Click the Services (X) tab in the main work area.This shows all unique ports discovered across all hosts.
2

Select a port

Click on any port to see all hosts with that port open.For example, clicking “80/tcp” shows all web servers in your scan.
3

Launch tools against multiple hosts

Right-click on a host in this view to launch tools against that specific instance of the service.

Add notes and credentials

1

Add notes to a host

Select a host and click in the Notes section at the bottom right.You can:
  • Type or paste text
  • Drag and drop images
  • Use basic formatting
Notes are automatically saved to your workspace.
2

Store credentials

Click the Credentials tab for a host, then click Add Credential.Fill in:
  • Type: password, hash, or ssh_key
  • Domain: localhost, hostname, or domain name
  • Username: account username
  • Password/Hash: the credential value
When you launch a tool that uses %%%USERNAME%%% or %%%PASSWORD%%% variables, QtRecon will offer to substitute stored credentials.

Save your workspace

1

Save the database

Click File > Save or press Ctrl+S.Choose a filename and location for your workspace database.
~/pentest/client-recon.db
2

Enable autosave (optional)

Click File > Autosave database every 5 mins to automatically save your work.
Autosave is only available after you’ve manually saved the workspace at least once.
3

Load an existing workspace

Click File > Open to load a previously saved workspace.All hosts, scan results, notes, and credentials are restored.

Next steps

Now that you’ve run your first scan, explore QtRecon’s advanced features:

Configure custom tools

Press F10 to open settings and add your own tools to the user_binaries section

Set up autorun

Configure which tools launch automatically when specific ports are discovered

Use snippets

Access the Snippets panel for reverse shells and common commands with automatic variable replacement for %%%LHOST%%% and %%%LPORT%%%

Import XML files

Click File > Import nmap XML to import existing nmap scan results