Recon Scans

What are Recon Scans?

A Recon Scan is a scan type within BLACKBIRD Web App Pentesting Suite to help you find all the subdomains of your target. Additionally, you can also opt-in to filter and explore live hosts as well as screenshot these.

Starting a Recon Scan on a single domain

To start or launch a Recon Scan:
  • Navigate to /scans/new
  • Select Recon Scan
  • And under the Target section, specify a single domain, a list of domains or a select a pre-defined target definition from the list.
Select Recon Scans Target
Please make sure you provide valid domains. Not providing any valid domains may result in some of the scans failing.
Next, in case you want to schedule your scan or configure it to run on a recurring basis, enable the option “Schedule Scan”. What this will do is unfold the options menu for you to specify a future date to which you would like to run the scan. You can also configure it to only run once. Configure Recon Scans Schedule
The default timezone is set to GMT, you may change it on your profile settings
Afterward, you may also configure if you would like to probe for live hosts, and opt-in to screenshot them as well. Select what HTTP Ports you want to probe for. By default, all options are enabled. Recon Scans Options And finally, click on Run Scan to run the scan. You will be redirected in a moment to the results page.
Live Results: The scanner is capable of saving the first results as soon as they are available.Live hosts probing and screenshotting takes a bit more time. That’s why the scanner always returns the subdomain results first.

What happens after I start a Recon Scan?

The scanner is designed to go out and perform tasks in a workflow-like manner to uncover as many subdomains as possible. After the initial subdomain enumeration scan finishes and if you’ve opted-in to probe for live hosts & screenshotting, it will automatically pass the data to the next scanners to probe for the HTTP ports specified & screenshot these if they are live.

Advanced: Finding more Subdomains

Additionally, the subdomain scanner also allows you to specify external API credentials to use these external sources to find even more subdomains. To set them up, navigate to your Profile Settings. And check the “External API Credentials” option. Finally, paste in your API keys from the listed services, and save your settings. Configure External API Credentials
Our customers have reported receiving much better and way more results back after specifying their API keys (even more than their previous tools).Don’t forget to set them up in your profile settings!