Launching a Recon Scan
In this article, we will go over you can easily start a recon scan on a single or multiple domains or even a target definition to map out as many hosts & live hosts as possible.
What are Recon Scans?
A Recon Scan is a scan that is executed once in a workflow-like method to uncover as many web security vulnerabilities on your target URLs or assets.
Starting a Recon Scan on a single URL
To start or launch a Recon Scan:
- Navigate to
/scans/new
- Select Recon Scan
- And under the Target section, specify a single domain, a list of domain or a select a predefined asset definition from the list.
Please make sure you provide valid domains. Not providing any valid domains may result in some of the scans to fail.
Next, in case you want to schedule your scan or configure it to run on a recurring basis, enable the option “Schedule Scan”.
What this will do is unfold the options menu for you to specify a future date to which you would like to run the scan. You can also configure it to only run once.
The default timezone is set to GMT, you may change it on your profile settings
Afterward, you may also configure if you would like to probe for live hosts, opt-in to screenshot them as well. And select what HTTP Ports you want to probe for. By default, all options are enabled.
And finally, click on Run Scan to run the scan. You will be redirected in a moment to the results page.
Live Results: The scanner is capable of saving the first results as soon as they are available.
Live hosts probing and screenshotting takes a bit more time. That’s why the scanner always returns the subdomains back first.
What happens after I start a Recon Scan?
The scanner is designed to go out and perform tasks in a workflow-like manner to uncover as many subdomains as possible.
After the initial subdomain enumeration scan finishes and if you’ve opted-in to probe for live hosts & screenshotting, it will automatically pass the data to the next scanners to probe for the HTTP ports specified & screenshot these if they are live.
Advanced: Finding more Subdomains
Additonally, the subdomain scanner also allows you to specify external API credentials to use these sources as well with the aim to find you more subdomains.
To set them up, navigate to your Profile Settings. And check the “External API Credentials” option.
Finally, paste in your API keys from the listed services, and save your settings.
Some users have reported to receive much better and way more results back after specifying their API keys (even more than their previous tools).
Don’t forget to set them up in your profile settings!
Was this page helpful?