Built for

Whether you're hunting bounties, running pentests, or keeping an eye on vendors — Recon gives you a single view of what changed and when.

Penetration Testing & Recon

Run discovery in the background while you focus on testing. Recon surfaces new hosts, port changes, and tech stack shifts so you spend less time on tedious enumeration.

•Passive and active subdomain discovery
•More subdomains over time as we keep scanning
•Response code and stack change alerts
•Visual snapshots for quick review

Bug Bounty Hunting

Stay ahead of scope changes. When a 403 becomes a 200 or a new subdomain shows up in scope, you're the first to know — without constantly re-running your tooling.

•Customize in-scope and out-of-scope
•In-scope asset discovery
•Status code flips (403→200, 404→200)
•Tech and infra change signals

M&A & Due Diligence

After an acquisition, you inherit domains and subdomains you didn't build. Recon helps you map the full surface and spot changes as integrations move forward.

•Inventory of acquired assets
•Change tracking during integration
•Time-stamped discovery history

Security Operations

Add external attack surface to your triage workflow. Changes show up in one place — new hosts, new ports, new tech — so your team can investigate before it becomes a ticket.

•Central view of external exposure
•Customize which alerts you receive
•Change alerts for prioritization
•Slack and Discord notifications

Compliance & Audits

Keep your asset list current for auditors. Recon maintains an up-to-date inventory of subdomains, IPs, and services — with change history when you need to explain what shifted.

•Live asset inventory
•Change history when you need it
•Subdomains, IPs, ports, services

Vendor & Third-Party Risk

Vendors add subdomains and change infra all the time. Monitor their external surface so you see new exposure before it turns into a breach or compliance gap.

•Track vendor domains over time
•New asset and change alerts
•Visibility into third-party exposure

Start monitoring