
What are Recon Scans?
A Recon Scan is a scan type within BLACKBIRD Web App Pentesting Suite to help you find all the subdomains of your target. Additionally, you can also opt-in to filter and explore live hosts as well as screenshot these.Starting a Recon Scan on a single domain
To start or launch a Recon Scan:- Navigate to
/scans/new
- Select Recon Scan
- And under the Target section, specify a single domain, a list of domains or a select a pre-defined target definition from the list.

Please make sure you provide valid domains. Not providing any valid domains may result in some of the scans failing.

The default timezone is set to GMT, you may change it on your profile settings

Live Results: The scanner is capable of saving the first results as soon as they are available.Live hosts probing and screenshotting takes a bit more time. That’s why the scanner always returns the subdomain results first.
What happens after I start a Recon Scan?
The scanner is designed to go out and perform tasks in a workflow-like manner to uncover as many subdomains as possible. After the initial subdomain enumeration scan finishes and if you’ve opted-in to probe for live hosts & screenshotting, it will automatically pass the data to the next scanners to probe for the HTTP ports specified & screenshot these if they are live.Advanced: Finding more Subdomains
Additionally, the subdomain scanner also allows you to specify external API credentials to use these external sources to find even more subdomains. To set them up, navigate to your Profile Settings. And check the “External API Credentials” option. Finally, paste in your API keys from the listed services, and save your settings.
Our customers have reported receiving much better and way more results back after specifying their API keys (even more than their previous tools).Don’t forget to set them up in your profile settings!