RECOX

Recon Guide · Subdomain & Endpoint Enum · Bug Bounty Toolkit

RECOX is a recon tool that helps you gather subdomains and endpoints from multiple passive sources for better coverage — with a guided post-recon workflow and a bug bounty school to keep you on the right track.

👑 LEARN BUG BOUNTY

⌕

HackerTarget URLScan.io crt.sh JLDC CertSpotter RapidDNS DNSRepo

Subdomains

Resolved

Sources Hit

Unique IPs

Scanning sources…

Results

#	Subdomain	IP Address	Source	Status
◎ Enter a domain above and click Scan to start discovering subdomains.

Endpoint Recon

Wayback Machine · Common Crawl · AlienVault OTX · URLScan.io

Discover known endpoints, paths, and URLs for a domain from historical web archives and passive sources — no active scanning.

⌕

Wayback Common Crawl AlienVault OTX URLScan.io

Endpoints

#	URL	Status !⚠️ These are historical status codes — recorded the last time that service crawled the URL. A 200 doesn't mean the URL is alive right now. The data could be months or years old. For live status codes, probe each URL with httpx — that's step 1 in the "What Next" workflow.	Source
◎ Enter a domain above and click Scan to start discovering endpoints.

🎯

Enumeration Done!

Subdomains found — what should you do next as a bug bounty hunter?

See next steps

RECOX

Endpoint Recon

🎓 Free Bug Bounty Course