# ReconAtlas
> A structured bug bounty recon checklist knowledge base designed for both human researchers and AI agents.

ReconAtlas publishes versioned, schema-consistent security research checklists covering the five core bug bounty reconnaissance phases. Every entry is available simultaneously as a human-readable HTML page and a machine-readable JSON API endpoint under the same slug.

## Content

- [Subdomain Enumeration](https://reconatlas.pages.dev/checklists/subdomain-enumeration): Discover all subdomains of a target domain using passive DNS, active brute-force, permutation scanning, and HTTP probing.
- [Port Scanning](https://reconatlas.pages.dev/checklists/port-scanning): Identify open TCP/UDP ports and enumerate running services across the target IP space.
- [Endpoint Discovery](https://reconatlas.pages.dev/checklists/endpoint-discovery): Uncover hidden routes, API endpoints, and web resources using passive harvesting, active crawling, directory brute-force, and JavaScript analysis.
- [Authentication Testing](https://reconatlas.pages.dev/checklists/auth-testing): Test authentication mechanisms for JWT vulnerabilities, IDOR, broken password reset flows, and OAuth misconfigurations.
- [Information Disclosure](https://reconatlas.pages.dev/checklists/info-disclosure): Identify unintentional exposure of API keys, credentials, stack traces, and developer artifacts.

## Machine-Readable API

Each checklist is available as structured JSON:

    GET /api/checklists/{slug}

Returns a JSON object conforming to the ChecklistEntry schema:

    {
      "slug": string,
      "title": string,
      "phase": string,
      "description": string,
      "difficulty": "low" | "medium" | "high",
      "tags": string[],
      "tools": string[],
      "steps": [{ "id", "title", "description", "commands"?, "notes"? }],
      "references": string[],
      "version": string,
      "updatedAt": string  // ISO 8601
    }

Available slugs: subdomain-enumeration, port-scanning, endpoint-discovery, auth-testing, info-disclosure

## Crawler Notes

- All content is public and freely indexable.
- API responses include CORS headers (Access-Control-Allow-Origin: *).
- No authentication required for any public endpoint.
- No tracking pixels, analytics, or user accounts for public content.
- Stable URLs — slugs will not change between schema versions.

## Sitemap

https://reconatlas.pages.dev/sitemap.xml