Recon (DETEKTIV) — deep external reconnaissance and attack-surface mapping
From a single domain or ASN, Detektiv discovers every reachable host, service, and exposure across your perimeter — including the shadow assets you forgot you owned — and writes them onto the graph as the entry point every other module builds on.
1,284
Hosts discovered
312
Exposed services
27
Shadow assets
Authorized scope only
Detektiv acts only on assets the customer owns and is authorized to test. Ownership is verified before any active enumeration — passive discovery first, deep enumeration only on confirmed scope.
Capabilities
What Detektiv does
Three capabilities that turn a single domain or ASN into a complete, provenance-stamped map of your external attack surface.
Passive-First Discovery
Map the perimeter before touching a single packet
Starts from open sources — DNS, certificate transparency, WHOIS, ASN data, and public records — to build the surface without active probing.
Deep Enumeration
Full enumeration on authorized scope
Once ownership is verified, Detektiv enumerates hosts, services, ports, and technologies across the perimeter — including the shadow assets you forgot you owned.
Provenance-Stamped Assets
Every asset carries where it came from
Each discovered asset is written to the graph with its discovery source, timestamp, and ownership evidence — the entry point every other module builds on.
Architecture
The entry point to the security graph
Detektiv discovers the surface, verifies ownership, then writes every asset to the one graph all eleven modules share — the foundation Detection builds on.
Discovers from
DNS & Certificates
Subdomains, CT logs
WHOIS & ASN
Net blocks, ownership
Public Records
OSINT, leak sources
Live Services
Ports, tech fingerprints
Detektiv
Recon Layer
Emits to graph
Assets
Hosts, domains, services
Exposures
Open ports, shadow assets
Provenance
Source, ownership, timestamp
Detektiv finds the surface; Odbrana finds the issues on it.
Use Cases
For teams that need to know their true footprint
Detektiv serves anyone who needs an accurate, continuously-updated picture of what they actually expose to the internet.
Enterprises
- Continuous attack-surface monitoring
- Shadow IT & forgotten asset discovery
- M&A perimeter due diligence
Security Teams
- Know your true external footprint
- Feed validated assets to scanning
- Catch exposures before attackers do
Red Teams
- Outside-in reconnaissance
- Authorized-scope enumeration
- Entry-point mapping for engagements
MSSPs
- Multi-tenant surface discovery
- Client-ready exposure reports
- Repeatable onboarding recon
Trust
Discovery with discipline
Reconnaissance is powerful. Detektiv is built so it only ever runs against what you own.
Ownership Verified
Active enumeration is gated behind verified ownership of every in-scope asset.
Passive by Default
Discovery starts from open sources — no active probing until scope is confirmed.
Full Provenance
Every asset records how, when, and from where it was discovered.
Sovereign Option
Run reconnaissance within your own environment. EU-hosted or on-prem.