Reconly Labs builds open-source security tools, exposure intelligence products, developer security training, and deployable automation for startups, SaaS teams, and modern builders.
Security should not feel like a dashboard nobody has time to read. Reconly Labs turns exposed internet-facing signals into clear engineering action:
what changed, what matters, why it matters, and what to fix next.
We work across four connected lanes:
| Lane | Focus | Built for |
|---|---|---|
| Open-source scanners | Practical tools for checking real exposure | Developers, founders, security engineers |
| Products | Continuous posture, dependency, AI-app, and exposure intelligence | CTOs and product engineering teams |
| Services and automation | Monitoring, hardening, and security engineering delivered as working outcomes | Teams that need implementation |
| Training/Appsec Audit | AppSec audit sprints and developer security programs | Teams that want better security instincts |
Our tools are designed to make the first security check fast, repeatable, and useful.
| Tool | What it helps you find | Repository |
|---|---|---|
| CodeSecret | Leaked secrets in source code, history, adjacent files, and CI/CD surfaces | Reconly-Labs/codesecret |
| ClientScan | Production frontend exposure, shipped bundles, source maps, internal hints, and leaked client-side signals | Reconly-Labs/clientscan |
| DomainScan | Outside-in domain exposure, public assets, technologies, third parties, and internet-visible surface area | Reconly-Labs/domainscan |
| RecordScan | DNS, SSL/TLS, security headers, email controls, SPF, DKIM, DMARC, MX, MTA-STS, and TLS reporting posture | Reconly-Labs/recordscan |
More scanner modules are part of the Reconly pipeline, including subdomain takeover review, cloud storage exposure review, AI-generated app checks, dependency risk review, and exposed console fingerprinting.
| Product | Focus |
|---|---|
| Compass | A daily security pulse for CTOs and engineering leads: what changed, what matters, and what to do next. |
| DepShield | Continuous dependency graph monitoring that explains what to fix, why it matters, and what to do next. |
| VibeCheck | Security visibility for AI-generated and fast-moving codebases before risky patterns ship. |
| SecHealth | A startup posture health check that makes security understandable to leadership and engineering. |
| Vigil | Continuous threat exposure management for teams that need posture to stay active. |
The 15 Days of AppSec Audit Sprint is a free practical track for developers, founders, and technical leads.
Each module includes:
- A real breach story
- A plain-language breakdown of the attack pattern
- A 15-minute playbook
- A practical check teams can run against their own systems
- Where useful, an open-source Reconly tool to automate the first step
The goal is simple: read, run, repeat.
Security is not a product you buy, a checklist you complete, or a consultant you hire once. It is engineering behavior built into how teams move, how tools are deployed, and how exposure is tracked over time.
We believe good security work should be:
- Clear enough for leadership to prioritize
- Practical enough for engineers to act on
- Continuous enough to catch drift
- Honest enough to separate real risk from noise
Start with the problem you are trying to solve.
We can help map it to the right product, service, automation, or training path, usually within one conversation.
- Book a discovery call: reconlylabs.in/#contact
- Run a free outside-in posture scan: reconlylabs.in/#contact
- Explore the academy: reconlylabs.in/academy
Built for security-first teams.