Project overview
ReconCorp is a lightweight yet powerful reconnaissance microservice that exposes a simple and clean REST API for discovering subdomains and resolving their IP addresses for a given host. Designed for seamless integration into automated workflows, threat intelligence platforms, and red team toolkits, ReconCorp brings the essential capabilities of recon directly into your infrastructure — without the need for heavy local tools or manual commands.
Reconnaissance — often referred to as recon — is the first and one of the most critical phases in cybersecurity operations, red teaming, bug bounty hunting, and vulnerability research. It involves collecting as much publicly available information as possible about a target before any direct engagement or active scanning takes place. The goal is to map the digital footprint of the target — uncovering exposed infrastructure, domains, endpoints, and potential entry points without raising alarms.
In this context, ReconCorp acts as a tactical entry tool: it helps identify a target’s visible subdomain structure and resolve those names into actionable IP addresses. This basic but vital step lays the groundwork for more advanced actions such as port scanning, service enumeration, vulnerability detection, or attack surface analysis.
- Collects subdomains from a variety of public sources and passive DNS feeds.
- Efficiently resolves discovered subdomains to their corresponding IPv4/IPv6 addresses.
- Built with minimal dependencies and startup cost.
- Structured, parseable results designed for easy piping into scanners, dashboards, or other recon stages.
- Can be incorporated into automated pipelines or extended to include additional recon stages
What is Reconnaissance and Why Does it Matter?
Reconnaissance (or recon) is the foundational phase of any security operation — whether you're simulating an attack, mapping infrastructure, hunting for vulnerabilities, or performing a digital inventory. Its purpose is to gather as much publicly available intelligence as possible, passively and quietly, before any active engagement occurs.
A typical recon workflow includes identifying subdomains, enumerating DNS records, resolving IP addresses, gathering metadata, and assessing the exposed digital surface of a target. This data enables more advanced analysis and forms the basis of responsible, targeted security assessments.
Project solution
Unlike traditional CLI tools, ReconCorp is always running, always ready, and accessible over HTTP. This makes it ideal for CI/CD pipelines, SOC dashboards, or external systems that need to query recon data on demand.
It focuses on doing one job extremely well — mapping domains to infrastructure quickly and reliably — and exposing that intelligence through a modern interface, not just a terminal.
Whether you're building a full-fledged recon platform or just need a dependable backend for subdomain and IP mapping, ReconCorp is the plug-and-play service you’ve been missing.
1.2M+
Domains Processed
28M+
Subdomains & hosts Discovered
7.5M+
Unique IPs Mapped
95M+
Recon Requests Served
Recon 101: What Everyone Asks?
Curious about how deep reconnaissance really goes, what’s legal, and what tools actually matter? Here are the most common — and most revealing — questions about recon, answered with clarity and just the right amount of sarcasm.
Not quite. While Google is your friend, recon is your informed friend who knows where the skeletons are buried. Recon uses dozens of sources, APIs, DNS tricks, and data correlation to find what lazy Googling never will.
Yes — usually. Passive recon collects publicly available data without interacting with the target's infrastructure. It’s like reading someone’s résumé online, not breaking into their office. But laws vary — so don’t skip the fine print if you're operating outside your living room.
Because that forgotten dev-portal-v2-beta-staging.example.com running PHP 5.6 might be the reason someone gets breached. Subdomains are often the soft underbelly of an organization’s security — ripe for the picking.
Sure — if your recon strategy involves looking through a keyhole and calling it a full view. Shodan is powerful, but it’s one piece of the puzzle. Recon is about depth, correlation, and context — not just banner grabbing.
If you’ve hit 4 AM, opened 37 tabs, written 3 scripts, and you’re about to scrape LinkedIn employee names to brute-force emails — congratulations, you're doing recon right. Just don’t forget to sleep occasionally.