Recon
Continuous attack surface monitoring
// discover · detect · respond

See everything exposed to the internet — before attackers do.

Recon maintains a live inventory of your internet-facing infrastructure, discovers unknown exposed services, and tells you exactly what changed since the last scan — so no exposure window slips by unnoticed.

Map your attack surface → See a live scan
<24h
to full inventory
100%
scope coverage
0
missed changes
recon scan --scope acme-corp.com

External attack surface

scanning
HostServicePortStatus
api.acme-corp.comnginx 1.27443authorized
vpn.acme-corp.comopenssh 9.622watch
staging.acme-corp.compostgres5432new
+1 opened−0 closed2 certs rotating
Exposure change
Port 5432 opened on staging.acme-corp.com — routed to #soc-alerts 14s ago.
// from discovery to response

One continuous loop around everything you expose.

Baseline change detection

Every scan is diffed against your accepted baseline. New ports, rotated certs, vanished hosts — surfaced as typed, severity-ranked change events.

+ PORT_OPENED 5432/postgres staging.acme-corp.com
− PORT_CLOSED 8080/http legacy.acme-corp.com
~ CERT_ROTATED api.acme-corp.com (expires 28d)
baseline → diff → alert →

Automatic asset discovery

Register IP ranges and domains; Recon enumerates hosts, services, and certificates across the full authorized scope.

scope → inventory →

Scheduled continuous scans

Hourly, daily, or weekly cadences with per-target locks — no exposure window exceeds your SLA.

cadence → coverage →

Audit-ready trend reporting

12-month immutable history, exposure trends, and remediation velocity — exported to PDF, JSON, or CSV in seconds for your next audit.

history → report → export →
// know what changed before your next audit

Take control of what's exposed to the internet.

Continuous visibility, change intelligence, and alert routing to Slack, webhook, and email — purpose-built for security operations teams.

Start monitoring your surface →

Dashboard

3 scans running Acme Corp SOC AC
Assets monitored
1,284
▲ 36 new this week
Open changes
7
▲ 3 since yesterday
Scans · 7d
412
0 missed cycles
Authorized
98%
1,259 / 1,284

Recent change events

View all →
port_openedstaging.acme-corp.com :54322m ago
cert_expiringapi.acme-corp.com (28d)19m ago
service_changedvpn.acme-corp.com :221h ago
host_gonelegacy.acme-corp.com3h ago

Recent scans

View all →
acme-corp.comcompleted8 hosts
10.0.0.0/24running
vpn.acme-corp.comcompleted1 host
edge.acme-corp.comcompleted3 hosts

Asset inventory

AssetKindStatusCadenceLast scan
acme-corp.comdomainauthorizeddaily12m ago
staging.acme-corp.comdomainauthorizedhourly2m ago
10.0.0.0/24cidrverifyingmanual
vpn.acme-corp.comdomainauthorizedweekly3h ago
edge.acme-corp.comdomainpendingmanual
← Assets

staging.acme-corp.com

Authorization & schedule

statusauthorized methoddns_txt cadencehourly last scan2 minutes ago baselineaccepted 6h ago

Current snapshot

PortServiceCert
443nginx 1.27CN=*.acme-corp.com · 28d
22openssh 9.6
5432postgresql

Scan history

StartedTriggerStatusHosts
today 14:02manualcompleted1
today 13:00scheduledcompleted1
today 12:00scheduledcompleted1

Scans

AssetTriggerStatusHostsOpen portsFinished
staging.acme-corp.commanualcompleted132m ago
10.0.0.0/24manualrunning
acme-corp.comscheduledcompleted81412m ago
edge.acme-corp.commanualfailed001h ago
← Scans

Scan result

completed · 4.2s
assetstaging.acme-corp.com triggermanual · today 14:02 snapshot hasha1f3…9c0b changes1 PORT_OPENED

Discovered surface · 1 host

203.0.113.42 · US · AS64500
PortProtoServiceVersionTLS certificate
443tcphttpsnginx 1.27CN=*.acme-corp.com · exp 28d · SAN ×4
22tcpsshopenssh 9.6
5432tcppostgresql— (newly exposed)

Change feed

TypeAssetSeverityDetectedStatus
port_openedstaging.acme-corp.comhigh2m agoopen
cert_expiringapi.acme-corp.comhigh19m agoopen
service_changedvpn.acme-corp.commedium1h agoacked
host_gonelegacy.acme-corp.comlow3h agoacked
← Changes

PORT_OPENED

severityhigh assetstaging.acme-corp.com detectedtoday 14:02 · scan #4192 routed to#soc-alerts (Slack) · ops-webhook

Prior state (baseline)

ports: [22, 443] services: 22 → openssh 9.6 443 → nginx 1.27

Current state

ports: [22, 443, 5432] services: 22 → openssh 9.6 443 → nginx 1.27 5432 → postgresql (NEW)

Alert channels

SOC Slack

enabled

slack · #soc-alerts

min severity: medium

Ops webhook

enabled

https://ops.acme-corp.com/hooks

HMAC signed · min: high

Compliance email

disabled

email · risk@acme-corp.com

min severity: info

Delivery log

EventChannelStatusAttemptsWhen
port_openedSOC Slackdelivered12m ago
port_openedOps webhookdelivered12m ago
cert_expiringSOC Slackdelivered119m ago
service_changedOps webhookretrying21h ago

Reports

ReportKindFormatStatusCreated
Q2 exposure auditauditpdfreadytoday 09:14Download ↓
90-day surface trendtrendcsvreadyyesterdayDownload ↓
Asset inventory exportauditjsonrenderingjust now

Audit log

append-only · 12-month retention
TimeActorActionTargetIP
14:02:11analyst@acmescan.triggerstaging.acme-corp.com10.4.2.9
14:01:58analyst@acmebaseline.acceptstaging.acme-corp.com10.4.2.9
13:47:02admin@acmechannel.createOps webhook10.4.2.1
09:14:30risk@acmereport.generateQ2 exposure audit10.4.8.7
08:55:12analyst@acmeauth.loginuser10.4.2.9
← Gallery