recon_target
Perform initial passive reconnaissance on a domain. Enumerate subdomains, resolve DNS, check TLS certificates, probe HTTP, grade security headers, and fingerprint technologies—all without intrusive scanning.
Instructions
One-shot passive+light recon of an in-scope domain.
Chains the safe tools into a single report: subdomain enumeration, DNS resolution, TLS certificate (with SANs), an HTTP probe, security-header grade, and a technology fingerprint of the apex. No intrusive scanning is performed. Ideal as the first call against a new target.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes | ||
| include_subdomains | No |