July 14, 2026
Building My First Tool: How Reconductor Came Together
For a while now I’ve been heads down in labs, boxes, and certs, but everything I was doing was consuming other people’s tools. I hadn’t…

By N0flow
2 min read
For a while now I've been heads down in labs, boxes, and certs, but everything I was doing was consuming other people's tools. I hadn't actually built anything of my own. So I set myself a small target: write a simple real tool, from scratch.
That's how Reconductor started.
The Problem I Was Solving
Recon is the first step on basically every box or engagement, and it's almost always the same handful of Nmap commands. A full TCP sweep, a detailed version and script scan on the ports that came back open, sometimes a UDP pass.
The specific scan profiles I used weren't random either. During OSCP I learned the hard way that running a single heavy scan straight away can actually miss ports, if the flags aren't tuned right, a box under load or a slower connection can cause you to walk away thinking a port is closed when it isn't. So I spent time tuning rate and searching online until I had profiles I trusted not to miss anything. I've been running those same tuned scans ever since, on OSCP boxes and on CTF's, and they haven't let me down… yet. Reconductor is really just those trusted commands turned into something I don't have to retype every time.
What Reconductor Does
It's a Python CLI wrapper around nmap. You give it a target IP, it shows you three scan profiles, and it runs the right nmap command for you:
- Full TCP scan across all 65535 ports, tuned for speed
- A detailed scan with version detection and default scripts on ports you specify
- A full sweep of the top 1000 UDP ports
Nothing insane on the Nmap side, these are scan profiles I already trusted and used manually. What changed is that now I don't have to remember or retype any of it for the millionth time. (Should though once in a while)
Building It
This was my first real script, so I kind of leaned on AI along the way, not to write it for me, but to help me get past dumb roadblocks I kept running into and to explain some of the things I encountered that I didn't know yet, things like how to structure a CLI properly. The scan profiles, the logic, and the decisions behind what the tool should actually do were mine. (Still a lot of room for improvement)
What I Learned
Small as it is, this project taught me more than I expected:
- How to structure a CLI tool that takes arguments and handles bad input gracefully
- Why something as simple as a
.gitignorefile actually matters - That "simple" tools still need real design decisions: what happens on invalid input, what gets saved, what the user actually sees
What's Next
Reconductor is intentionally small right now, and that's fine, it was meant to be a first baby step, not a finished product. Next on the list maybe is a structured output per target instead of flat text files, and eventually feeding open ports from the full scan straight into the detailed scan automatically.
If you want to see the code, it's up on my GitHub as Reconductor. If you're on a similar path, self taught, building toward OSCP or just trying to get more hands on, my advice is the same thing that got me here: stop only using tools, and start building one, even a small one. :)
Github repo: https://github.com/N0fl0w/Reconductor-