SPNT
Commercial tier · Recon

Recon (DETEKTIV) — deep external reconnaissance and attack-surface mapping

From a single domain or ASN, Detektiv discovers every reachable host, service, and exposure across your perimeter — including the shadow assets you forgot you owned — and writes them onto the graph as the entry point every other module builds on.

detektiv-surface.view

1,284

Hosts discovered

312

Exposed services

27

Shadow assets

acme.com → 14 subdomains
Owned
staging-old.acme.net :8080
Shadow
AS13335 → 3 net blocks
Verified

Authorized scope only

Detektiv acts only on assets the customer owns and is authorized to test. Ownership is verified before any active enumeration — passive discovery first, deep enumeration only on confirmed scope.

Capabilities

What Detektiv does

Three capabilities that turn a single domain or ASN into a complete, provenance-stamped map of your external attack surface.

Passive-First Discovery

Map the perimeter before touching a single packet

Starts from open sources — DNS, certificate transparency, WHOIS, ASN data, and public records — to build the surface without active probing.

Deep Enumeration

Full enumeration on authorized scope

Once ownership is verified, Detektiv enumerates hosts, services, ports, and technologies across the perimeter — including the shadow assets you forgot you owned.

Provenance-Stamped Assets

Every asset carries where it came from

Each discovered asset is written to the graph with its discovery source, timestamp, and ownership evidence — the entry point every other module builds on.

Architecture

The entry point to the security graph

Detektiv discovers the surface, verifies ownership, then writes every asset to the one graph all eleven modules share — the foundation Detection builds on.

Discovers from

DNS & Certificates

Subdomains, CT logs

WHOIS & ASN

Net blocks, ownership

Public Records

OSINT, leak sources

Live Services

Ports, tech fingerprints

Detektiv

Recon Layer

Emits to graph

Assets

Hosts, domains, services

Exposures

Open ports, shadow assets

Provenance

Source, ownership, timestamp

Detektiv finds the surface; Odbrana finds the issues on it.

Use Cases

For teams that need to know their true footprint

Detektiv serves anyone who needs an accurate, continuously-updated picture of what they actually expose to the internet.

Enterprises

  • Continuous attack-surface monitoring
  • Shadow IT & forgotten asset discovery
  • M&A perimeter due diligence

Security Teams

  • Know your true external footprint
  • Feed validated assets to scanning
  • Catch exposures before attackers do

Red Teams

  • Outside-in reconnaissance
  • Authorized-scope enumeration
  • Entry-point mapping for engagements

MSSPs

  • Multi-tenant surface discovery
  • Client-ready exposure reports
  • Repeatable onboarding recon

Trust

Discovery with discipline

Reconnaissance is powerful. Detektiv is built so it only ever runs against what you own.

Ownership Verified

Active enumeration is gated behind verified ownership of every in-scope asset.

Passive by Default

Discovery starts from open sources — no active probing until scope is confirmed.

Full Provenance

Every asset records how, when, and from where it was discovered.

Sovereign Option

Run reconnaissance within your own environment. EU-hosted or on-prem.