// recon knowledge base

// knowledge base

ReconAtlas

Structured, versioned recon checklists for bug bounty hunters. Every entry ships as a human page and a stable JSON endpoint.

5 entries  ·  API at /api/checklists/[slug]

Reconnaissance /checklists/subdomain-enumeration
Subdomain Enumeration

Systematically discover all subdomains of a target to map the full attack surface before active testing begins.

MED
subfinderamassassetfinderdnsx +3
Scanning /checklists/port-scanning
Port Scanning

Identify open TCP/UDP ports and enumerate running services across the target's IP space to reveal the full network attack surface.

LOW
nmapmasscanrustscannaabu
Mapping /checklists/endpoint-discovery
Endpoint Discovery

Uncover hidden routes, API endpoints, and web resources by combining passive URL harvesting with active directory brute-forcing and JavaScript analysis.

MED
gauwaybackurlskatanaferoxbuster +3
Testing /checklists/auth-testing
Authentication Testing

Test authentication mechanisms for broken access control, JWT vulnerabilities, IDOR, insecure password reset flows, and OAuth misconfigurations.

HIGH
burpsuitejwt_toolffufnuclei +1
Analysis /checklists/info-disclosure
Information Disclosure

Identify unintentional exposure of sensitive data — API keys, credentials, stack traces, internal hostnames, and developer artifacts — across all discovered surfaces.

LOW
nucleigitleakstrufflehoggospider +2