#recon — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #recon, aggregated by home.social.
-
Advanced Subdomain Discovery with Amass and Cheat Sheet
In this cheat sheet, I cover essential Amass commands, enumeration techniques, and practical workflows for effective recon.
https://denizhalil.com/2026/05/02/owasp-amass-subdomain-enumeration-cheat-sheet/#CyberSecurity #OWASP #Amass #SubdomainEnumeration #Recon #OSINT #AttackSurface #BugBounty
-
Advanced Subdomain Discovery with Amass and Cheat Sheet
In this cheat sheet, I cover essential Amass commands, enumeration techniques, and practical workflows for effective recon.
https://denizhalil.com/2026/05/02/owasp-amass-subdomain-enumeration-cheat-sheet/#CyberSecurity #OWASP #Amass #SubdomainEnumeration #Recon #OSINT #AttackSurface #BugBounty
-
Advanced Subdomain Discovery with Amass and Cheat Sheet
In this cheat sheet, I cover essential Amass commands, enumeration techniques, and practical workflows for effective recon.
https://denizhalil.com/2026/05/02/owasp-amass-subdomain-enumeration-cheat-sheet/#CyberSecurity #OWASP #Amass #SubdomainEnumeration #Recon #OSINT #AttackSurface #BugBounty
-
----------------
🛠️ Tool
===================Opening: Claude-OSINT is a paired set of Claude skills intended to operationalize offensive reconnaissance inside a Claude skills environment. The project bundles a methodology skill (osint-methodology) and a tactical skill (offensive-osint) to provide structured tradecraft, scoring rules, and probe paths tailored for authorized red-team and bug-bounty engagements.
Key Features:
• Modular skills: Two self-contained SKILL.md files that prime Claude for strategy and tactics respectively.
• Broad coverage: ~5,500 lines of tradecraft, 90+ recon modules, 48 secret-regex patterns, 80+ dorks, 9 read-only credential validators, and 27 attack-path templates.
• Recon capabilities: Subdomain discovery stacks (crt.sh + fallback), Wayback/CDX deep mining, WHOIS/RDAP pivots, bulk IP→ASN mappings, and public-records pivots such as OpenCorporates and SEC EDGAR.
• Identity & SSO mapping: Fingerprinting and enumeration for Microsoft Entra/M365, Okta tenant slugs, ADFS metadata, Google Workspace OIDC discovery, and generic OIDC/SAML paths.
• App surface discovery: Swagger/OpenAPI discovery paths, GraphQL discovery and field-enumeration strategies, always-on HTTP checks (common sensitive files and endpoints), and security header audits.Technical Implementation:
• The repository structure centers on skills/ containing SKILL.md files that encode prompts, heuristics, regexes and scoring rules, plus a small standard-library-only secret_scan.py for local secret scanning.
• The approach is to supply Claude with structured tradecraft (procedural steps, regex tiers, payload ideas, and scoring thresholds) rather than a runnable scanner binary.Use Cases:
• Red-team external recon phases with time-budgeted pipelines (1h/4h/1d/1w).
• Bug-bounty reconnaissance to enumerate SSO, open APIs, and legacy backups using crafted dorks and regexes.
• Augmenting human analysts by surfacing prioritized attack paths and identity pivots.Limitations:
• The repository provides methodology and prompting artifacts rather than turnkey scanning infrastructure; operationalization requires an authorized Claude skills environment.
• No active exploitation tooling is included; focus remains on discovery, mapping, and validation primitives.🔹 tool #osint #recon #pentesting
-
Кастомные вордлисты для самых маленьких
Ни для кого не секрет, что качественные вордлисты - это ключ к эффективному фаззингу и, как следствие, большему покрытию скоупа и хорошим файндингам во время пентеста и баг-баунти. Однако вордлисты в общем доступе далеко не всегда дадут достаточное покрытие, какими бы большими они ни были. У веб-приложения может быть свой специфический нейминг путей и параметров. Некоторые ручки могут находиться на внескоуповых доменах и дублироваться на скоуповых, иногда даже с измененной функциональностью. Часть параметров и вовсе не удастся найти без ручного анализа JavaScript-кода приложения. Здесь в игру вступают кастомные вордлисты, закрывающие все вышеперечисленные нюансы. Благодаря ним можно значительно эффективнее проводить фаззинг путей веб-приложения, а также брутить параметры его запросов. Эта статья - первая из цикла про кастомные словари, рассказывающая про сбор базового вордлиста без особых усилий. В следующей статье я расскажу про создание более комплексного кастомного вордлиста, требующего больших затрат по времени.
https://habr.com/ru/companies/deiteriylab/articles/1029012/
#информационная_безопасность #пентест #фаззинг #багбаунти #безопасность_вебприложений #burp_suite #ffuf #recon #api_testing
-
Кастомные вордлисты для самых маленьких
Ни для кого не секрет, что качественные вордлисты - это ключ к эффективному фаззингу и, как следствие, большему покрытию скоупа и хорошим файндингам во время пентеста и баг-баунти. Однако вордлисты в общем доступе далеко не всегда дадут достаточное покрытие, какими бы большими они ни были. У веб-приложения может быть свой специфический нейминг путей и параметров. Некоторые ручки могут находиться на внескоуповых доменах и дублироваться на скоуповых, иногда даже с измененной функциональностью. Часть параметров и вовсе не удастся найти без ручного анализа JavaScript-кода приложения. Здесь в игру вступают кастомные вордлисты, закрывающие все вышеперечисленные нюансы. Благодаря ним можно значительно эффективнее проводить фаззинг путей веб-приложения, а также брутить параметры его запросов. Эта статья - первая из цикла про кастомные словари, рассказывающая про сбор базового вордлиста без особых усилий. В следующей статье я расскажу про создание более комплексного кастомного вордлиста, требующего больших затрат по времени.
https://habr.com/ru/companies/deiteriylab/articles/1029012/
#информационная_безопасность #пентест #фаззинг #багбаунти #безопасность_вебприложений #burp_suite #ffuf #recon #api_testing
-
Кастомные вордлисты для самых маленьких
Ни для кого не секрет, что качественные вордлисты - это ключ к эффективному фаззингу и, как следствие, большему покрытию скоупа и хорошим файндингам во время пентеста и баг-баунти. Однако вордлисты в общем доступе далеко не всегда дадут достаточное покрытие, какими бы большими они ни были. У веб-приложения может быть свой специфический нейминг путей и параметров. Некоторые ручки могут находиться на внескоуповых доменах и дублироваться на скоуповых, иногда даже с измененной функциональностью. Часть параметров и вовсе не удастся найти без ручного анализа JavaScript-кода приложения. Здесь в игру вступают кастомные вордлисты, закрывающие все вышеперечисленные нюансы. Благодаря ним можно значительно эффективнее проводить фаззинг путей веб-приложения, а также брутить параметры его запросов. Эта статья - первая из цикла про кастомные словари, рассказывающая про сбор базового вордлиста без особых усилий. В следующей статье я расскажу про создание более комплексного кастомного вордлиста, требующего больших затрат по времени.
https://habr.com/ru/companies/deiteriylab/articles/1029012/
#информационная_безопасность #пентест #фаззинг #багбаунти #безопасность_вебприложений #burp_suite #ffuf #recon #api_testing
-
Кастомные вордлисты для самых маленьких
Ни для кого не секрет, что качественные вордлисты - это ключ к эффективному фаззингу и, как следствие, большему покрытию скоупа и хорошим файндингам во время пентеста и баг-баунти. Однако вордлисты в общем доступе далеко не всегда дадут достаточное покрытие, какими бы большими они ни были. У веб-приложения может быть свой специфический нейминг путей и параметров. Некоторые ручки могут находиться на внескоуповых доменах и дублироваться на скоуповых, иногда даже с измененной функциональностью. Часть параметров и вовсе не удастся найти без ручного анализа JavaScript-кода приложения. Здесь в игру вступают кастомные вордлисты, закрывающие все вышеперечисленные нюансы. Благодаря ним можно значительно эффективнее проводить фаззинг путей веб-приложения, а также брутить параметры его запросов. Эта статья - первая из цикла про кастомные словари, рассказывающая про сбор базового вордлиста без особых усилий. В следующей статье я расскажу про создание более комплексного кастомного вордлиста, требующего больших затрат по времени.
https://habr.com/ru/companies/deiteriylab/articles/1029012/
#информационная_безопасность #пентест #фаззинг #багбаунти #безопасность_вебприложений #burp_suite #ffuf #recon #api_testing
-
Plum, for Proactive Land Uncovering & Monitoring, is an orchestration tool to learn, monitor, and document an exposure surface. It coordinates work between scanning agents, keeps historical results, and makes observations searchable over time.
This project, part of D4 which was initially co-funded by the European Union, is still young, but it already addresses a concrete need: helping CIRCL to keep a global view of Luxembourg’s IP space, especially in the context of NIS2-related activities. The goal is not only to scan, but to maintain actionable knowledge of the national perimeter, its visible exposures and allows vulnerability discovery in the context of incident response.
#plum #scanning #networkscanning #cybersecurity #recon #csirt
https://www.d4-project.org/2026/04/29/Plum-knowing-and-monitoring-your-perimeter.html
-
Plum, for Proactive Land Uncovering & Monitoring, is an orchestration tool to learn, monitor, and document an exposure surface. It coordinates work between scanning agents, keeps historical results, and makes observations searchable over time.
This project, part of D4 which was initially co-funded by the European Union, is still young, but it already addresses a concrete need: helping CIRCL to keep a global view of Luxembourg’s IP space, especially in the context of NIS2-related activities. The goal is not only to scan, but to maintain actionable knowledge of the national perimeter, its visible exposures and allows vulnerability discovery in the context of incident response.
#plum #scanning #networkscanning #cybersecurity #recon #csirt
https://www.d4-project.org/2026/04/29/Plum-knowing-and-monitoring-your-perimeter.html
-
Plum, for Proactive Land Uncovering & Monitoring, is an orchestration tool to learn, monitor, and document an exposure surface. It coordinates work between scanning agents, keeps historical results, and makes observations searchable over time.
This project, part of D4 which was initially co-funded by the European Union, is still young, but it already addresses a concrete need: helping CIRCL to keep a global view of Luxembourg’s IP space, especially in the context of NIS2-related activities. The goal is not only to scan, but to maintain actionable knowledge of the national perimeter, its visible exposures and allows vulnerability discovery in the context of incident response.
#plum #scanning #networkscanning #cybersecurity #recon #csirt
https://www.d4-project.org/2026/04/29/Plum-knowing-and-monitoring-your-perimeter.html
-
Plum, for Proactive Land Uncovering & Monitoring, is an orchestration tool to learn, monitor, and document an exposure surface. It coordinates work between scanning agents, keeps historical results, and makes observations searchable over time.
This project, part of D4 which was initially co-funded by the European Union, is still young, but it already addresses a concrete need: helping CIRCL to keep a global view of Luxembourg’s IP space, especially in the context of NIS2-related activities. The goal is not only to scan, but to maintain actionable knowledge of the national perimeter, its visible exposures and allows vulnerability discovery in the context of incident response.
#plum #scanning #networkscanning #cybersecurity #recon #csirt
https://www.d4-project.org/2026/04/29/Plum-knowing-and-monitoring-your-perimeter.html
-
Plum, for Proactive Land Uncovering & Monitoring, is an orchestration tool to learn, monitor, and document an exposure surface. It coordinates work between scanning agents, keeps historical results, and makes observations searchable over time.
This project, part of D4 which was initially co-funded by the European Union, is still young, but it already addresses a concrete need: helping CIRCL to keep a global view of Luxembourg’s IP space, especially in the context of NIS2-related activities. The goal is not only to scan, but to maintain actionable knowledge of the national perimeter, its visible exposures and allows vulnerability discovery in the context of incident response.
#plum #scanning #networkscanning #cybersecurity #recon #csirt
https://www.d4-project.org/2026/04/29/Plum-knowing-and-monitoring-your-perimeter.html
-
https://www.europesays.com/nl/190109/ Crimson Glory – Chasing The Hydra #2026 #Amusement #BraveworldsRecords #ChasingTheHydra #CrimsonGlory #Dutch #Entertainment #FatesWarning #HeirApparent #lethal #Music #Muziek #Nederland #Nederlanden #Nederlands #Netherlands #NL #ProgressieveMetal #ProgressievePowerMetal #queensrÿche #recensie #recon #SacredWarrior #Sanctuary #savatage #VerenigdeStaten #watchtower #ZwareMetalen
-
https://www.europesays.com/be-nl/48063/ Crimson Glory – Chasing The Hydra #2026 #Amusement #BE #België #Belgium #BraveworldsRecords #ChasingTheHydra #CrimsonGlory #Entertainment #FatesWarning #HeirApparent #lethal #Music #Muziek #ProgressieveMetal #ProgressievePowerMetal #queensrÿche #recensie #recon #SacredWarrior #sanctuary #savatage #VerenigdeStaten #watchtower #ZwareMetalen
-
This Is What a Personal Surveillance System Actually Looks Like
You stop thinking of it as surveillance. It becomes “the system.” Just part of how things run. -
This Is What a Personal Surveillance System Actually Looks Like
You stop thinking of it as surveillance. It becomes “the system.” Just part of how things run. -
This Is What a Personal Surveillance System Actually Looks Like
You stop thinking of it as surveillance. It becomes “the system.” Just part of how things run. -
This Is What a Personal Surveillance System Actually Looks Like
You stop thinking of it as surveillance. It becomes “the system.” Just part of how things run. -
This Is What a Personal Surveillance System Actually Looks Like
You stop thinking of it as surveillance. It becomes “the system.” Just part of how things run. -
Two US U-2 spy planes just departed RAF Fairford in the UK, heading toward the Middle East. U-2s fly at 20+ km, stay airborne for 10+ hours, and collect intel satellites can't reach. Relocation? Routine patrol? Unknown. But when strategic recon moves, someone is about to be watched. #Recon #Alert #Military
-
Two US U-2 spy planes just departed RAF Fairford in the UK, heading toward the Middle East. U-2s fly at 20+ km, stay airborne for 10+ hours, and collect intel satellites can't reach. Relocation? Routine patrol? Unknown. But when strategic recon moves, someone is about to be watched. #Recon #Alert #Military
-
Two US U-2 spy planes just departed RAF Fairford in the UK, heading toward the Middle East. U-2s fly at 20+ km, stay airborne for 10+ hours, and collect intel satellites can't reach. Relocation? Routine patrol? Unknown. But when strategic recon moves, someone is about to be watched. #Recon #Alert #Military
-
----------------
🛠️ Tool
===================Executive summary: RedAmon is an agentic red‑team framework (v1.1.0) designed to automate offensive security workflows from reconnaissance through exploitation and post‑exploitation without human intervention. The project combines autonomous AI decisioning with modular tool servers and graph-based analysis to represent and drive engagement state.
Key features:
• Autonomous agents: The framework coordinates AI-driven agents for multi-stage operations, including task decomposition, evidence synthesis, and action selection.
• Graph-oriented analysis: The platform uses a graph database to model relationships discovered during recon and to persist findings for planning and attribution.
• Modular tool servers: The architecture exposes MCP-style tool servers for common scanners and exploit utilities such as MCP Naabu, MCP Nuclei, and MCP Metasploit to perform targeted operations.
• Multi-provider AI support: The system supports multiple AI providers, with Anthropic recommended and OpenAI supported as alternatives, plus optional integrations for web search and NVD lookups.Technical implementation (conceptual):
• Orchestration layer: An agent orchestrator schedules tasks, aggregates outputs, and updates the persistent graph to guide subsequent actions.
• Service decomposition: Distinct services provide the web UI, agent API, recon orchestrator, and backend databases; tool execution is handled by isolated MCP servers.
• Data model: Findings, assets, and action outcomes are stored in a graph model for pathfinding, attack surface enumeration, and chaining of exploitation steps.Use cases:
• Continuous red‑team exercises where human oversight is limited and repeatable autonomous scenarios are required.
• Research and simulation of multi-stage attack paths for purple team validation and threat emulation.
• Educational demonstrations of agentic offensive automation in controlled lab environments.Limitations and considerations:
• The framework is explicitly intended for authorized testing and research; legal and ethical constraints apply.
• Autonomous operation increases the risk profile; careful scoping and safeguards are necessary when running real engagements.
• Dependence on external AI providers affects cost, latency, and behavior determinism.References:
• RedAmon v1.1.0 (tool release), Anthropic, OpenAI, Neo4j, MCP Naabu, MCP Nuclei, MCP Metasploit.🔹 tool #AI #redteam #autonomous_agents #recon
🔗 Source: https://github.com/samugit83/redamon
-
"I can't believe I almost committed treason for a woman 😠"
-
"I can't believe I almost committed treason for a woman 😠"
-
"I can't believe I almost committed treason for a woman 😠"
-
"I can't believe I almost committed treason for a woman 😠"
-
"I can't believe I almost committed treason for a woman 😠"
-
Zehn Entscheidungskriterien für die Wahl eines SAP-Sicherheitspartners
-
Zehn Entscheidungskriterien für die Wahl eines SAP-Sicherheitspartners
-
Ransomware starts with reconnaissance: we observed a recent large-scale scanning campaign validating exploitable systems, data that feeds the initial access market and shows up later in real attacks. 🕵️♀️
https://www.greynoise.io/blog/christmas-scanning-campaign-fuel-2026-attacks
-
Ransomware starts with reconnaissance: we observed a recent large-scale scanning campaign validating exploitable systems, data that feeds the initial access market and shows up later in real attacks. 🕵️♀️
https://www.greynoise.io/blog/christmas-scanning-campaign-fuel-2026-attacks
-
Ransomware starts with reconnaissance: we observed a recent large-scale scanning campaign validating exploitable systems, data that feeds the initial access market and shows up later in real attacks. 🕵️♀️
https://www.greynoise.io/blog/christmas-scanning-campaign-fuel-2026-attacks
-
Ransomware starts with reconnaissance: we observed a recent large-scale scanning campaign validating exploitable systems, data that feeds the initial access market and shows up later in real attacks. 🕵️♀️
https://www.greynoise.io/blog/christmas-scanning-campaign-fuel-2026-attacks
-
Ransomware starts with reconnaissance: we observed a recent large-scale scanning campaign validating exploitable systems, data that feeds the initial access market and shows up later in real attacks. 🕵️♀️
https://www.greynoise.io/blog/christmas-scanning-campaign-fuel-2026-attacks
-
It’s wild that 170k+ of you are rocking a free Pentest-Tools.com account. 💥
Data shows registered users run 3x more scans than anonymous users. It’s likely because of the "Santa-tier" perks (2 parallel scans, asset monitoring, & 90-day history).
Most used tools by the community: 1️⃣ Website Scanner (792k)
2️⃣ Port Scanner (726k)
3️⃣ Network Scanner (722k)Which tool is your "Step 1" for recon?
Get the bundle here: https://pentest-tools.com/usage/pricing/free