Recon Presets
RedAmon has two preset systems that let you skip manual configuration:
- Built-in Recon Presets -- 21 curated recon pipeline configurations covering common scenarios from quick bug bounty scans to full-scale network audits. These configure only recon tool parameters (328+ settings across the Recon Pipeline tabs)
- My Project Presets -- save your entire project configuration (recon pipeline, agent behavior, tool matrix, agent skills, CypherFix, and all other settings) as a reusable preset, then load it on any future project. Includes AI-generated presets via natural language
- Open a project form (new or existing) and click the Recon Preset tab (lightning bolt icon) in the Recon Pipeline tab group
- Browse the Built-in Recon Presets grid and click a preset card
- Click Select -- all recon tabs update instantly. Target fields (domain, IPs, subdomains) are preserved
The built-in library contains 21 presets organized as a card grid. Each card shows an icon, name, and short description. Click a card to see the full description with detailed sections explaining the goal, target audience, what the preset enables/disables, and how it works.
- Click a card to view its full description in the detail panel
- Click "Select" to apply the preset to the current project form
- The preset overwrites all recon tool settings (modules, thresholds, toggles) but never touches target-specific fields (domain, subdomains, IP list)
- An "Applied" badge appears on the project form showing which preset is active
- You can still override any individual setting after applying a preset
| # | Preset | Focus |
|---|---|---|
| 1 | Full Pipeline - Active Only | Every active tool maxed out, all passive sources disabled. Maximum noise, maximum coverage |
| 2 | Full Pipeline - Passive Only | Zero packets to target. Maximum intelligence from third-party sources, archives, and passive databases only |
| 3 | Full Pipeline - Maximum | Every tool enabled with every parameter pushed to the limit. The longest, most thorough scan possible |
| 4 | Bug Bounty - Quick Wins | Fast, lightweight scan for low-hanging fruit. Get actionable results in under 15 minutes |
| 5 | Bug Bounty - Deep Dive | Thorough single-target assessment. Deep crawling, JS analysis, all Nuclei severities, balanced to avoid IP bans |
| 6 | API Security Audit | Focused on REST/GraphQL API surface. Kiterunner, Arjun, ffuf with API extensions, Nuclei API tags |
| 7 | Infrastructure Mapper | Network perimeter mapping. Full port scanning, service detection, banner grabbing, Shodan enrichment, CVE lookup |
| 8 | OSINT Investigator | Maximum passive intelligence from all 10 OSINT providers, archives, and public databases. No active scanning |
| 9 | Web App Pentester | Web application focused. Aggressive crawling, directory fuzzing with recursion, parameter discovery, Nuclei DAST with all severities |
| 10 | JS Secret Miner | Deep JS analysis pipeline. Maximize JS file discovery, extract secrets, endpoints, and source maps |
| 11 | Subdomain Takeover Hunter | Maximize subdomain discovery and detect takeover opportunities. All subdomain tools at high limits, httpx CNAME probing, Nuclei takeover templates |
| 12 | Stealth Recon | Minimal detection footprint. All traffic routed through Tor, passive tools preferred, extremely low rate limits on active probes |
| 13 | CVE Hunter | Find known CVEs through port scanning, service detection, Nuclei templates, and passive CVE sources |
| 14 | Red Team Operator | Balanced stealth with targeted active validation. Connect scan, throttled probes, Tor routing, critical-only Nuclei, full OSINT enrichment |
| 15 | Directory & Content Discovery | Maximize hidden content discovery. ffuf with deep recursion, Kiterunner for API routes, deep crawling, GAU historical URLs |
| 16 | Cloud & External Exposure | Cloud-focused security assessment. OSINT providers for cloud-exposed services, TLS probes, security checks for cloud misconfigs |
| 17 | Compliance & Header Audit | Security posture validation. httpx with all header probes, TLS analysis, SPF/DMARC/DNSSEC checks, Nuclei misconfig scanning |
| 18 | Secret & Credential Hunter | Go beyond JS -- find secrets everywhere. Deep JS analysis, GAU for historical files, ffuf with sensitive extensions, Nuclei exposure/token detection |
| 19 | Parameter & Injection Surface | Maximize parameter discovery for injection testing. Arjun all methods, ParamSpider, GAU, Katana paramsOnly, Nuclei DAST with injection tags |
| 20 | DNS & Email Security | DNS infrastructure and email security audit. Full subdomain enumeration, WHOIS, SPF/DMARC/DNSSEC checks, zone transfer detection, SMTP open relay testing |
| 21 | Network Perimeter - Large Scale | Large-scale network scanning. Masscan at 10k pps, Naabu verification, Nmap service detection, banner grabbing, Shodan + Censys enrichment |
Unlike built-in presets which only configure recon tools, user project presets save your entire project configuration -- recon pipeline, agent behavior, tool matrix, agent skills, CypherFix settings, and everything else. This lets you create and reuse complete project templates across different targets.
Presets are stored per-user in the database and available across all your projects.
- Configure a project form with all the settings you want (recon, agent, skills, etc.)
- Click "Save as Preset" in the form header bar
- Enter a name (required) and optional description
- Click Save
What gets saved: All project settings -- recon pipeline configuration, agent behavior, tool matrix, agent skills, CypherFix settings, GVM scan config, integration settings, and everything else in the form.
What is excluded: Target-specific fields are stripped automatically -- target domain, subdomain list, IP mode, target IPs, project name, description, RoE document, and uploaded JS files. This ensures presets are portable across different targets.
There are two ways to load a saved preset:
- "Load Preset" button in the form header bar -- opens a side drawer listing your saved presets
- "My Recon Presets" tab in the Recon Preset modal -- shows your presets alongside the built-in library
Click a preset to load it. The system merges the preset settings with server defaults (for any parameters not stored in the preset), then applies all settings to the form -- both recon and non-recon tabs are updated.
Click the trash icon on any user preset card. A confirmation dialog appears before the preset is permanently deleted.
Describe your scanning goals in natural language and let an LLM generate a validated recon configuration for you. The AI generates recon pipeline parameters only (not agent or CypherFix settings). Once saved, the generated preset is stored in your My Project Presets collection and can be loaded like any other user preset.
This feature requires at least one AI Model Provider configured in Global Settings.
- Open the My Recon Presets tab in the Recon Preset modal
- Click "Generate with AI" (sparkle icon)
- Type a natural language description of what you want to scan and how
The current LLM model is shown as a badge. Example prompts:
- "Fast passive scan focused on subdomain discovery and OSINT, no active probing"
- "Deep web app pentest with full crawling, directory fuzzing, and Nuclei on all severities"
- "Stealth mode: minimal noise, only passive tools, no port scanning"
- "API-focused scan: enable Kiterunner, Arjun on all methods, ffuf with API extensions, disable crawling and OSINT"
- "Bug bounty quick scan for a single target -- subdomain enum, httpx, Katana shallow crawl, Nuclei critical+high only, finish in under 15 minutes"
- "Cloud exposure audit: all OSINT providers maxed out, httpx with ASN and CDN detection, TLS analysis, security header checks, Nuclei cloud and misconfig templates"
- "Secret hunting: enable JS recon with all modules, GAU for historical URLs, ffuf with sensitive file extensions (.env, .bak, .conf), Nuclei exposure and token templates"
- "Large network perimeter scan for /24 CIDR: Masscan at high rate for port discovery, Naabu verification, Nmap service detection, banner grabbing, Shodan and Censys enrichment, CVE lookup"
After generation, a review screen shows:
- Enabled tools (green tags) -- tools the preset turns on
- Disabled tools (grey tags) -- tools explicitly turned off
- Tuned parameters -- count of numeric/threshold parameters adjusted
Enter a name (required) and optional description, then click "Save Preset" to add it to your My Project Presets collection. Click "Regenerate" to go back and try a different description.
All AI-generated presets are validated through a strict pipeline:
- The LLM output is parsed as JSON (markdown fences are stripped automatically)
- Every parameter is validated against a Zod schema covering all 328+ recon settings
- Unknown keys are stripped to prevent prompt injection
- Type coercion handles numbers and booleans from the LLM response
- If validation fails, the error details are shown so you can adjust your prompt
- Built-in recon presets store a partial configuration covering only recon pipeline parameters. Any parameter not in the preset keeps its server default. They are read-only and ship with the application
- User project presets store all project settings (recon + agent + skills + CypherFix + everything else), minus target-specific fields. They are stored per-user in PostgreSQL and can be created, loaded, and deleted at any time
- AI-generated presets produce recon-only parameters (validated against a 328-parameter Zod schema), then get saved into the user preset collection like any manually saved preset
- Loading merges preset values over server defaults, then applies to the form. Target fields (domain, subdomains, IPs) are never overwritten
- The
extractPresetSettings()utility strips target-specific fields (domain, subdomain list, IP mode, target IPs, project name, description, RoE document, uploaded JS files) before saving
- Creating a Project -- full project form walkthrough
- Running Reconnaissance -- the parallelized scanning pipeline
- Project Settings Reference -- complete list of all 196+ configurable parameters
- AI Model Providers -- set up LLM providers for AI-generated presets