← all writeups
Recon

Building a Recon Pipeline That Scales

Dec 28, 2025 · 7 min · by Abhishek Bhaskar (Abhi HackZ)

Starter/example post — replace with your real content.

Good recon is a pipeline, not a single command. Here's the shape of the one I run across bug-bounty targets.

Stages

  1. Seed — ASNs, root domains, acquisitions.
  2. Expand — subdomain enumeration from multiple sources, then resolve.
  3. Probe — live hosts, tech fingerprinting, interesting ports.
  4. Triage — diff against last run, surface only what's new.

The trick is making each stage feed the next automatically, so a new asset shows up in triage without me re-running everything by hand.

Abhishek Bhaskar (Abhi HackZ)
Security Analyst & VAPT Engineer
Book a free 30-min security scoping call →