ReconScope
RECON SYSTEM // ONLINE

Discover your
cyber exposure

See your domain the way an attacker does — recon your external attack surface in under a minute.

$

resolving DNS records…

100 %
passive
0
contact
~60 s
scan

100% passive analysis based on public data. No active connection to your systems.

// recon scope18 modules

Attack surface

4
Subdomain EnumerationEvery subdomain is a way in. We map them all to surface forgotten or accidentally exposed services.Internet ServicesWhich of your servers' ports and services are visible from the Internet? A service exposed by mistake (database, admin panel) is a direct target.Exposed VulnerabilitiesCross-references your servers with Shodan's database to list known vulnerabilities (CVE) already public — exploitable without any scanning.Subdomain TakeoverA subdomain pointing to an abandoned service can be reclaimed by an attacker, who would then host malicious content under your own brand.

Impersonation & phishing

3
TyposquattingLook-alike domains mimic yours down to a single letter. Configured for email, they're ready to phish your customers and staff.Email SecurityWithout proper SPF/DKIM/DMARC, anyone can send emails in your name. It's the #1 vector for fraud and phishing.Anti-spam ReputationChecks whether your sending IPs or domain are on anti-spam blacklists. If listed, your legitimate emails land in spam or get rejected.

Leaks & secrets

6
Infected Machines (Infostealer)Detects staff or customer machines infected by an infostealer. Their credentials and session cookies are already circulating among cybercriminals.Dark Web ExposureSearches the dark web for credentials, combolists and mentions tied to your domain. Whatever leaks can be used to access your accounts.Code LeaksLooks for your domain in public code and verifies exposed secrets (API keys, tokens). A secret in cleartext is exploitable immediately.Historical URLsDigs through public web archives of your domain to spot forgotten sensitive files and backups (configs, exports, dumps).Email EnumerationLists your organization's publicly exposed email addresses — direct targets for phishing and credential stuffing.Document Metadata LeaksAnalyzes the metadata of your public documents (PDF/Office). It often reveals internal usernames and the software you use.

Configuration & encryption

5
DNS HealthChecks DNS hygiene: DNSSEC, server redundancy, key records. A fragile setup makes hijacking and outages easier.TLS CertificateInspects your certificate and TLS configuration. An expired certificate or outdated protocol breaks trust and exposes traffic.Domain RegistrationChecks your domain's expiry and transfer lock. An expired or unlocked domain can be bought back or hijacked.HTTP Security HeadersGrades the presence of defensive headers (HSTS, CSP…). Their absence exposes you to clickjacking, injection and HTTPS downgrade.Technologies & VersionsIdentifies the technologies and versions your site exposes. A disclosed version tells an attacker exactly which known flaws to try.

ReconScope — Free and responsible cyber diagnostic. Public data only. No intrusion.