Run Passive Domain Recon Report
Perform comprehensive passive reconnaissance on any domain — gathering DNS records, WHOIS data, subdomains, web technologies, and vulnerabilities into a professional pentest report.
Introduction
This workflow automates thorough, authorized passive penetration test reconnaissance for any domain you enter. It gathers DNS intelligence, website technology details, known vulnerabilities, and compiles everything into a professional, downloadable report — all without active scanning or intrusive testing.
It performs five key tasks:
- Collects detailed DNS records, WHOIS data, SPF/DMARC/DKIM analysis, subdomain enumeration, and hosting information.
- Performs website analysis including technologies used, HTTP headers, security headers, robots.txt, sitemap exploration, and common exposed paths.
- Conducts vulnerability research against discovered technologies, IP addresses, and services — looking for CVEs, exploits, breach data, and IP reputation.
- Merges all data and generates a structured markdown penetration testing report.
- Outputs a detailed, actionable document summarizing risks, findings, and remediation suggestions.
Prerequisites
- A Needle platform account with AI-enabled workflow execution.
- The AI agent, internet search, and web browsing tools enabled in your account.
- Proper legal authorization to perform passive reconnaissance on the target domain.
How the Flow Works
The workflow runs in two parallel phases, followed by vulnerability research and report generation.
| Node | Description |
|---|---|
| Manual Trigger | You start the flow by entering the target domain (default: example.com). |
| AI Agent — DNS & Domain Recon | Performs comprehensive DNS record enumeration, WHOIS lookup, SPF/DMARC/DKIM analysis, subdomain discovery via certificate transparency logs and other sources, and hosting/ASN identification. |
| AI Agent — Web Technology Analysis | Browses the target website to identify technologies, HTTP and security headers, exposed files and folders, cookie security, and common sensitive paths. |
| Merge | Combines the outputs from both parallel recon agents into a single dataset for further processing. |
| AI Agent — Vulnerability Research | Searches for CVEs matching discovered technologies and versions, checks IP reputation, looks for breach data, assesses subdomain takeover risks, and builds a prioritized vulnerability list. |
| AI Agent — Report Writer | Generates a professional, structured markdown penetration test report compiling all findings and recommendations, then saves it as a downloadable file. |
How to Use
- Open the workflow and click the Manual Trigger node.
- Replace
example.comwith the domain you want to investigate. - Run the workflow.
- Once complete, open the final Report Writer node to find a download link for your markdown report.
Output
At the end, you receive a complete and well-organized penetration testing report in Markdown format containing:
- Executive summary with scope and key findings
- Detailed findings organized by severity and category
- Analysis of DNS records, web headers, and technologies
- Vulnerability and risk assessment with CVSS scores
- Infrastructure summary and attack surface analysis
- Email security posture review (SPF/DKIM/DMARC)
- Prioritized remediation actions
- Appendices with raw data supporting all findings
Important Notes
- This workflow performs passive reconnaissance only — it does not execute active scanning or intrusive testing.
- Always ensure you have proper authorization before running this workflow on any domain.
- The depth of findings depends on publicly available data and the accuracy of external sources.
- Results may vary based on the target's security posture and data exposure.
- For best results, ensure your account has internet search and web browsing tools enabled.
Want to showcase your own workflows?
Become a Needle workflow partner and turn your expertise into recurring revenue.