# Rekon

> AI-powered penetration testing service targeting LATAM startups, scale-ups, and compliance-driven teams.
> Proprietary 0-day detection engine with 300+ automated modules and expert human validation.
> Reports delivered from 24 hours. Pricing published. No subscriptions. Free retest included.

Rekon is not a consultancy and not a SaaS. It is a penetration testing system that combines 300+ automated
security modules with expert human validation and a proprietary AI engine that reasons over source code
to detect unknown vulnerabilities. The AI traces data flows from HTTP inputs to dangerous sinks (SQL,
commands, deserialization), mines version diffs for silent patches, and generates adaptive exploits with
WAF bypass. Results equivalent to a 20-person pentesting team, delivered in 48 hours. Pricing is publicly
listed starting at $990 USD — roughly half the market rate of comparable services such as Cobalt or HackerOne.
Contact: hello@rekon.sh

## Services [Servicios](/services/)

Rekon covers six capability areas:

- **Web, APIs and Mobile** — OWASP Top 10, business logic, auth bypass, IDOR, SSRF, SQLi. REST, GraphQL,
  gRPC. Android and iOS (static + dynamic).
- **Infrastructure and Cloud** — Exposed services, LLMNR/NTLM relay. AWS, Azure, GCP (IAM, buckets, IMDS).
  Docker, Kubernetes, Helm, container registries.
- **Active Directory and Identity** — Kerberos, OAuth 2.0, SAML, OIDC, SSO. Credential attacks, lateral
  movement, privilege escalation.
- **Post-exploitation and Reporting** — Attack chains, privilege escalation, reproducible evidence,
  CVSS v3.1 scoring, prioritized remediation playbook.
- **AI 0-Day Engine** — Taint analysis, version diff mining, gadget chain discovery. Findings no scanner
  can produce.
- **AI-Assisted Pentesting** — 300+ automated modules with adaptive payloads and real-time WAF bypass,
  validated by human security engineers.

Frameworks and CMS analyzed: WordPress, Drupal, Laravel, Django, Spring, Exchange, Zimbra, NextCloud.
Languages supported: 8. Sink patterns per language: 60+.

Not covered: physical security, in-person social engineering, malware development, continuous SOC/SIEM.

## Methodology [About](/about/)

Standards followed: OWASP WSTG (200+ web test cases), PTES (full recon-to-report cycle),
NIST SP 800-115, MITRE ATT&CK (tactics and techniques mapping).

Compliance applicable: PCI-DSS 4.0, SOC 2, ISO 27001, GDPR, HIPAA.

Pipeline phases:
1. Recon — Subdomains, endpoints, technology fingerprinting
2. Scan — Active vulnerability and CVE detection
3. Exploit — Confirmed exploitation + attack chains
4. Validate — CVSS v3.1 evidence + step-by-step reproduction
5. Report — PDF + HTML + SARIF + CycloneDX

## Pricing [Precios](/pricing/)

All plans include a report with reproducible evidence, CVSS v3.1 scoring, and a free retest.

| Plan           | Price (USD) | Scope                                        | Delivery  |
|----------------|-------------|----------------------------------------------|-----------|
| Recon          | $0          | 1 domain, external scan, CVE detection       | 24h       |
| Starter        | $990        | 1 web app, OWASP Top 10 + API Top 10         | 48-72h    |
| Professional   | $2,990      | Web + API (REST, GraphQL, WebSocket)         | 48h       |
| Infrastructure | $5,990      | Network + AD + Exchange + VPN (up to 256 IPs)| 3-5 days  |
| Red Team       | $9,990      | Full simulation: infra + cloud + social eng  | 5-7 days  |
| Enterprise     | Custom      | Continuous pentest, bug bounty, compliance   | SLA-based |

**Recon** ($0, limited launch offer): 1 domain, subdomain and port discovery, technology fingerprinting,
known CVE detection, executive PDF report, delivery in 24 hours.

**Starter** ($990): 1 web application, 1 domain, OWASP Top 10 + OWASP API Top 10, manual exploitation
of findings, PDF report with reproducible evidence and CVSS, 1 retest at 30 days, email support.

**Professional** ($2,990, most popular): Web + API (REST, GraphQL, WebSocket), OWASP Top 10 + business
logic + IDOR, post-exploitation and attack chains, PDF + interactive HTML + SARIF report, prioritized
remediation playbook, 2 retests within 60 days, direct Slack/email channel.

**Infrastructure** ($5,990): External + internal network (up to 256 IPs), Active Directory (Kerberoast,
ADCS, DCSync, GPO), Exchange/mail server (ProxyShell, relay, spray), VPN/firewalls/network segmentation,
privilege escalation and lateral movement, report with network map and attack chains, 3 retests in 90 days.

**Red Team** ($9,990): Everything in Infrastructure plus cloud (AWS/Azure/GCP IAM, S3, metadata), phishing
and custom social engineering, WAF/EDR/SIEM evasion, mobile (Android + iOS), executive + technical report
with MITRE ATT&CK mapping, unlimited retests in 90 days, dedicated pentester with Slack + calls.

**Enterprise** (custom): Fully custom scope, continuous pentesting, managed bug bounty, compliance programs
(PCI-DSS, ISO 27001, SOC 2), dedicated pentester, guaranteed SLA, unlimited retests.

## How It Works [Como funciona](/#como-funciona)

Five steps from kickoff to report:

1. **Scope & NDA** (1 day) — Send targets, sign NDA, start.
2. **Recon** (4h) — Attack surface mapping with 300+ AI-powered modules.
3. **Exploit** (24h) — Vulnerability confirmation and attack chain construction.
4. **Report** (same day) — Evidence, CVSS scoring, remediation playbook.
5. **Retest** (30 days) — Verify critical fixes at no extra cost.

## AI Engine [Motor IA](/#ia)

Four-stage proprietary pipeline:

1. **Framework cloning** — Detects exact framework/CMS version and clones its source code.
2. **Interprocedural taint analysis** — Traces data flow from every HTTP input to every dangerous sink
   across functions, files, and modules (60+ patterns, 8 languages).
3. **Version diff mining** — Compares target version against the next release to surface silent patches —
   vulnerabilities fixed by the vendor without a CVE assignment.
4. **PoC generation and exploitation** — Generates specific exploits with exact parameters, correct
   encoding, and adaptive WAF bypass. Tests live against the target server.

Stats: 300+ automated modules, 60+ sink patterns per language, 8 languages, 48h kickoff-to-report.

## Comparison [Comparativa](/#comparativa)

Rekon vs. competitors on key dimensions:

- **Delivery**: Rekon from 24h vs. Cobalt 1-2 weeks, HackerOne 2-4 weeks, Synack 2-3 weeks.
- **Pricing**: Rekon published from $990 (free Recon tier) vs. Cobalt from ~$6K credits,
  HackerOne/Synack enterprise-only unlisted pricing.
- **Post-exploitation**: Rekon yes; Cobalt no; HackerOne no; Synack yes.
- **Attack chains**: Rekon yes; Cobalt no; HackerOne partial; Synack yes.
- **AI 0-day detection**: Rekon yes; Cobalt no; HackerOne no; Synack no.
- **No subscription required**: Rekon yes; Cobalt no; HackerOne no; Synack no.
- **Report formats**: Rekon PDF + HTML + SARIF + CycloneDX vs. PDF only or PDF + CSV elsewhere.
- **Free retest**: Rekon 30 days free; others require credits or contract terms.
- **Best for**: Rekon — startups, scale-ups, one-time compliance. Cobalt — continuous CI/CD DevSecOps.
  HackerOne — enterprise bug bounty. Synack — government/FedRAMP.

## FAQ [FAQ](/#faq-contacto)

**How long does a penetration test take?**
Depends on scope. Recon: 24h. Starter: 48-72h. Professional: 48h. Infrastructure: 3-5 days.
Red Team: 5-7 days. The AI engine runs 300+ modules in parallel — delivers what a team of 20 pentesters
takes weeks to do.

**What is included in the report?**
Technical report with reproducible evidence and CVSS v3.1 scoring, executive summary for leadership,
prioritized remediation playbook, and a free retest at 30 days. Formats: PDF, HTML, SARIF, CycloneDX.

**Is this just automated scanning?**
No. Automation discovers; security engineers validate, chain vulnerabilities, and write every finding.
Every result goes through expert manual review before the report is delivered.

## Key Pages

- Landing page [/](/)
- Pricing [/pricing](/pricing/)
- About [/about](/about/)
- Sample report [/report-sample](/report-sample/)
- Blog [/blog](/blog/)
- Contact [/contact](/contact/)

## English Summary

Rekon (rekon.sh) is an AI-powered penetration testing service for LATAM companies. It combines a
proprietary 0-day detection engine (taint analysis, diff mining, adaptive exploit generation) with
300+ automated modules and expert human validation. Reports are delivered from 24 hours. Pricing is
transparent and published: Recon free, Starter $990, Professional $2,990, Infrastructure $5,990,
Red Team $9,990, Enterprise custom. Every plan includes reproducible evidence, CVSS v3.1 scoring,
and a free retest. Methodology follows OWASP WSTG, PTES, NIST SP 800-115, and MITRE ATT&CK.
Coverage spans web, API, mobile, infrastructure, cloud, and Active Directory. Contact: hello@rekon.sh