ReconLab is an interactive, educational reconnaissance lab. Point it at a domain or IP you own, prove ownership, and watch real security tools execute stage by stage — each one explained before it runs and interpreted after.
$ internal:tls example.com:443
Protocol : TLSv1.3
Issuer : Let's Encrypt
Valid to : Aug 14 2026
Days until expiry : 64
Self-signed : false
verdict ▸ NEGATIVE — transport security is healthyThe goal is understanding. Each step is a small lesson in offensive recon and defensive hardening.
Every scan begins with domain-ownership verification (DNS TXT, file, meta tag, WHOIS email) or admin approval. Passive recon is free; active scans are gated.
A guided pipeline walks you from passive recon to reporting — one tool at a time, in the right order.
Before each tool runs you see why it runs, what it does, and how to read the result as positive or negative.
Watch the actual command and its streaming output in a terminal, then get an automatic interpretation panel.
Admins add, reorder, or remove tools and stages from a panel — the pipeline is data, not hard-coded.
Results roll up into a severity-ranked report with OWASP/CWE/MITRE links and fix guidance.
Validate the target, confirm scope, verify you are authorized to scan it.
WHOIS, DNS records, subdomains, certificate transparency — no packets to the target.
Live-host probing, screenshots, TLS audit, port & service detection.
Content discovery, parameters, security headers, deep TLS configuration.
Template & signature scanners — CVEs, misconfigurations, exposures.
Findings by severity, OWASP/CWE mapping, remediation guidance, export.
Sign in, verify a domain you control, and start learning.
ReconLab · hosted at sentinel.radiatus.com · Only scan systems you own or are explicitly authorized to test.