Authorized targets only
recon-scope
Automated reconnaissance platform for authorized security assessments. Enumerate subdomains, scan ports, fingerprint services — all from a single dashboard.
◎
Subdomain Enumeration
Passive discovery via crt.sh with async DNS resolution. No brute-force — only authorized, low-noise enumeration.
⬡
Port Scanning
Asyncio TCP connect scan across top-100, top-1000, or full port ranges. Banner grabbing and service identification included.
⟨/⟩
Fingerprinting
HTTP header analysis, tech stack detection, TLS certificate capture, and a findings engine with critical-to-info severity levels.