It all started with that one twitt ;) Inspired by Greg’s post we decided to write a summary of common problems with Recon and why Vidoc Research - our tool for security researchers - solves them all.
TL;DR;
Recon is hard, because:
- It requires a lot of time
- You have do it often
- IP blocking/rate limiting
- Huge amounts of data to process
- Data might be old
- You have to clean the data (remove wildcards, resolve it regulary)
Check it out yourself - sign in for free.
We also invite you to our Discord server - join the community of security researchers where we share tips for users. You will be able to share your feedback there and let us know what features to implement next.
Save time - you don’t have to set up your own infrastructure - focus on hacking
So, you set up a VM, read long documentation, test several recon scanners to choose the best one, go through all parsing errors, fix bugs, and finally are able to run a scan over the night just to find out in the morning your IP was blocked after 10 mins of running because you forgot to set up rate limiting. Sounds familiar?
Using our tool solves all these problems, you log in, add a domain, click scan and get results in a few minutes (depending on size).
No more blocking your IP
We run a scan on our VMs - you don’t have to worry about it. Our VMs are set up in several geographical zones, we send requests from multiple different IPs - each scan is done from a unique address to avoid any rate limiting and make sure you get the best results. Always.
Easier data management - a huge amount of data
I guarantee you our scanner will give you even more data, but we will also give you an easy-to-use tool to manage and sort them so you can find what you were looking for quickly.
The advanced query mechanism gives you flexibility, even if you want to do a more complicated search. No more funky regex and problems with parsing.
No more old data
You ran your scan overnight, avoided rate limiting, nothing crashed, there were no parsing errors, and you have your results - 100k subdomains, you are happy to start working on them only to find out half of them don't work anymore. Have been there, and done that.
If you combine results from multiple sources and data from external databases you will get a lot of old data. Big tech companies make changes to their infrastructure all the time, some databases return data years old.
You avoid this problem using Vidoc Research - we make sure all subdomains resolve and assets under these addresses are in fact available.
No more garbage data
We also make sure you won’t get false data. In the case of wildcards, with classic tools like Subfinder or Amass you often get a lot of false data. Big tech companies often add wildcards, like *.sub.domain.com to their DNS records that resolve to some IP address. So when you resolve testxxxxx.sub.domain.com or abcd.sub.domain.com it returns the same IP - in fact, it’s the same subdomain. Sometimes you get few thousand subdomains that are garbage.
The situation gets a little bit more complicated when you have to manually go through the results - you waste a lot of time. We deal with all of it on our side and make sure we get rid of duplicated or false data.
Always want to do more
We know this feeling :) For those of you who always want to have the newest recon data and be up to date, we haev a good news - we offer active reconnaissance feature - daily domain monitoring.
What does it mean? We don't run a scan once. You choose a domain and our scan will run 24/7 on it and mark new findings in the Explore data tab. Whenever a new subdomain appears - you will know. Interested? Until the end of November, we have a 50% discount on daily monitoring of domains of all sizes - doesn’t matter 5 subdomains or 300k you will pay 5$ per month.
Check it out yourself - sign in for free.
We also invite you to our Discord server - join the community of security researchers where we share tips for users. You will be able to share your feedback there and let us know what features to implement next.