Authorized targets only

recon-scope

Automated reconnaissance platform for authorized security assessments. Enumerate subdomains, scan ports, fingerprint services — all from a single dashboard.

Subdomain Enumeration

Passive discovery via crt.sh with async DNS resolution. No brute-force — only authorized, low-noise enumeration.

Port Scanning

Asyncio TCP connect scan across top-100, top-1000, or full port ranges. Banner grabbing and service identification included.

⟨/⟩

Fingerprinting

HTTP header analysis, tech stack detection, TLS certificate capture, and a findings engine with critical-to-info severity levels.