Recon Royale - Hacker's Arena

Recon Royale is an exciting competitive platform where participants submit subdomains for a specified target domain. Players accumulate points based on the accuracy of their submissions, striving to achieve the prestigious title of King.

Are you the best at recon? Prove it! 🏆

Benchmark your data against others and show your skills. Compete with your friends and the community. Have fun! 🎉

To participate, log in with your X account, then submit a text file containing subdomains for the current target domain. Make sure that your text file contains one subdomain per line. 📄

Your file should be a plain text file with one subdomain per line. Here is an example:


    about.att.com
    adip-api-xandr.att.com
    adserversl.att.com
    aegis.att.com
    afmfe18.att.com
    aiq-in.att.com
    attvideo.att.com

Your submitted subdomains are processed and validated to determine your points for the current round. They are temporarily stored in our database to reduce the load on our DNS resolver if another participant submits the same subdomains. At the end of each round, all subdomain records are removed from our database. We do not keep or use your submitted subdomains for any purpose other than the game mechanics. 🔒

No, we will not steal your subdomains and private techniques. We will not use your submitted subdomains for any other purpose beyond the game mechanics. 🚫

Subdomains are processed by first filtering them to ensure they match the current target domain and contain valid characters. They are then checked against a database for existing records. New subdomains are validated using DNS queries to confirm their existence and validity. Wildcard subdomains are considered to be invalid. ✅❌

We do not show which subdomains are valid or invalid. This is to prevent participants from using Recon Royale as a free DNS resolver. 🔍

You earn one point for each valid subdomain with a DNS record. You lose one point for each invalid subdomain. 📈📉

The maximum number of subdomains you can submit per round is capped at 100,000. If all of your submitted subdomains are valid, you could potentially earn up to 100,000 points in a single round. However, keep in mind that invalid subdomains will deduct points, so the actual maximum may vary depending on the accuracy of your subdomain list.. 💯

We utilize dnsx, a powerful tool developed by ProjectDiscovery.io. We run it with the -wd flag and employ a custom list of DNS resolvers. This list is continuously updated to include only the most reliable and efficient DNS servers available, ensuring optimal performance and accuracy in our subdomain resolution process.

Our backend uses database checks before resolving DNS queries to see if someone else submitted the same subdomain before you. If there is any DNS inconsistency, it will be stored in the database as-is.

Here's an example:

This way, no matter what happens, all participants will be affected equally.

No, you can only submit a file once per round. ⏳

Each round ends at midnight UTC+2 every day. 🕛

The top participant in the warriors leaderboard is awarded a crown. 👑

The target changes and a new round begins. 🔄

You can become the king by having the most crowns! 👑

If there is a tie, the participant who submitted first will be the winner. 🥇

Targets are selected from public bug bounty programs and/or Vulnerability Disclosure Programs (VDPs). 🎯

It's easy to implement and most bug bounty hunters have an X account. 👍

You can automate your submission using our API endpoints. Here's how:

Generate an API key by clicking the button below:

Use the API key to submit your subdomains via a POST request to the /api/submit-via-apikey endpoint.

Here's an example HTTP request:


    POST /api/submit-via-apikey HTTP/1.1
    Host: recon-royale.com
    User-Agent: Mozilla/5.0 
    Accept: application/json
    Content-Type: application/json
    X-API-Key: your_api_key_here
    Content-Length: 157

    {
        "subdomains": [
            "subdomain1.example.com",
            "subdomain2.example.com",
            "subdomain3.example.com",
            "subdomain4.example.com",
            "subdomain5.example.com"
        ]
    }

You can also use this one-liner to submit a file directly from your terminal:

echo '{"subdomains":'$(cat your_file.txt | jq -R -s -c 'split("\n")[:-1]')'}' > subdomains.json && curl -X POST -H "Content-Type: application/json" -H "X-API-Key: {your_api_key_here}" -d @subdomains.json https://recon-royale.com/api/submit-via-apikey

Replace your_api_key_here with yours, and your_file.txt with the path to your file containing subdomains (one per line).

You can also get the current target domain using this API endpoint:

curl -X GET -H "X-API-Key: {your_api_key_here}" https://recon-royale.com/api/current-target-via-apikey

Example response:


    {
        "domain": "example.com"
    }

Recon Royale 👑

Current Target: Loading...

Submit Subdomains

💡 Scoring System 💡

Warriors

Royalty

King

Frequently Asked Questions

🙏 Credits 🙏

Report a Bug