whatisgithub

What is gecko?

otsolain/gecko — explained in plain English

Analysis updated 2026-06-24

17PythonAudience · ops devopsComplexity · 4/5Setup · hard

In one sentence

A self-hosted passive reconnaissance platform for authorized security testing that runs sequential information-gathering stages, streams results to a browser, routes traffic through Tor, and optionally uses AI to suggest potential attack chains.

Mindmap

mindmap
  root((Gecko))
    What It Does
      Passive recon stages
      Stream to browser
      AI triage layer
    Tech Stack
      Python
      Docker
      Tor
    Data Sources
      Shodan
      GitHub
      AI providers
    Use Cases
      OSINT gathering
      Pentest recon
      Attack chain analysis
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Run passive OSINT recon on an authorized target domain and stream each data source's results to a browser as they arrive

USE CASE 2

Configure Gecko with a Shodan API key and an AI provider key to get automated attack chain suggestions based on discovered exposures

USE CASE 3

Deploy Gecko via Docker Compose in one command to route all scan traffic through Tor for privacy during authorized assessments

What is it built with?

PythonDockerTorShodan API

How does it compare?

otsolain/gecko0petru/sentimoalingalingling/akasha-wechat
Stars171717
LanguagePythonPythonPython
Setup difficultyhardmoderatehard
Complexity4/53/54/5
Audienceops devopsdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · hard Time to first run · 1h+

Requires Docker Compose or a bare-metal Linux host, Tor is always active in Docker. API keys for Shodan, GitHub, and AI providers are optional but expand data coverage significantly.

No license information is stated in the repository.

So what is it?

Gecko is a passive reconnaissance and security assessment platform designed for security professionals who need to gather information about systems they are authorized to test. It is built around a Python backend that runs a series of information-gathering stages in sequence and streams the results to a browser-based interface in real time. The tool can route all outbound traffic through the Tor network to conceal the origin of the scan. In the Docker setup, Tor routing is always on. In a bare-metal Linux installation, Tor is optional and only required for scans where privacy is a priority. You configure Gecko by creating an environment file from the provided template and filling in any third-party API keys you have. Keys for services like Shodan, GitHub, and various AI providers are all optional. Stages that require a missing key skip themselves automatically, so a scan with no API keys at all still runs but draws on fewer data sources. If you supply an API key for an AI provider (Anthropic, OpenAI, or Gemini), the tool adds an AI triage layer that analyzes findings and suggests potential attack chains. Gecko runs either through Docker Compose, which starts a Tor proxy, the backend, and a static web frontend in one command, or directly on a Linux host through a setup script that creates a Python virtual environment, installs dependencies, and registers a "gecko" shell command. A browser window opens automatically on start. The README carries a prominent note that Gecko must only be used against systems you own or have explicit written permission to test. It is written in Python, tagged on GitHub under OSINT, pentesting, and reconnaissance, and currently has 17 stars. The README does not describe a hosted service, self-hosting is the only option.

Copy-paste prompts

Prompt 1
Set up Gecko with Docker Compose using my Shodan and Anthropic API keys, scan my own domain in passive mode, and show me the AI triage analysis of what was found
Prompt 2
Which Gecko recon stages run without any API keys, and what information does each stage collect during a passive scan?
Prompt 3
Add a new Gecko recon stage that queries the Have I Been Pwned API for breached emails found during a scan and appends results to the stream
Prompt 4
Configure Gecko's bare-metal Linux install to route only external API calls through Tor while keeping direct connections for local network probes

Frequently asked questions

What is gecko?

A self-hosted passive reconnaissance platform for authorized security testing that runs sequential information-gathering stages, streams results to a browser, routes traffic through Tor, and optionally uses AI to suggest potential attack chains.

What language is gecko written in?

Mainly Python. The stack also includes Python, Docker, Tor.

What license does gecko use?

No license information is stated in the repository.

How hard is gecko to set up?

Setup difficulty is rated hard, with roughly 1h+ to a first successful run.

Who is gecko for?

Mainly ops devops.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.