Reconeer API & CLI Documentation

Jump to: Quickstart Authentication Endpoints Subfinder Reconeer CLI Examples Rate limits Errors

Quickstart

Get a free API key in 30 seconds: create an account → copy the key from your dashboard. Then pick your usage style:

1. Curl (one-liner)

curl -H "Authorization: Bearer YOUR_API_KEY" \
  "https://www.reconeer.com/api/domain/example.com"

2. Reconeer CLI (Go binary)

go install github.com/reconeer/reconeer/cmd/reconeer@latest
export RECONEER_API_KEY=YOUR_API_KEY
reconeer -d example.com

3. Subfinder integration (automatic)

# Subfinder includes Reconeer as a default source since v2.x
export RECONEER_API_KEY=YOUR_API_KEY
subfinder -d example.com

Authentication

The API accepts your key in any of three ways. Pick whichever fits your tooling:

Method	Header / Parameter	Typical use
Bearer token	`Authorization: Bearer YOUR_API_KEY`	curl, the Reconeer CLI, SDKs
X-API-Key header	`X-API-KEY: YOUR_API_KEY`	Subfinder (projectdiscovery)
Query parameter	`?api_key=YOUR_API_KEY`	Browser tests, quick checks

Find your key at /dashboard after signing up. Rotate it anytime with one click.

Endpoints

GET `/api/domain/{domain}`

Returns passive-collected subdomains and their resolved IPs for the apex domain.

curl -H "Authorization: Bearer $RECONEER_API_KEY" \
  https://www.reconeer.com/api/domain/example.com

Response:

{
  "subdomains": [
    {"subdomain":"api.example.com","ip":"93.184.216.34","country":"US","reverse_resolves":true},
    {"subdomain":"mail.example.com","ip":"93.184.216.34","country":"US","reverse_resolves":false}
  ],
  "ipStats": [{"ip":"93.184.216.34","count":2}]
}

GET `/api/domain/{domain}?format=csv` Premium

Same data as CSV (or format=tsv) for easy import into Burp Suite, OWASP ZAP, or spreadsheets.

curl -H "Authorization: Bearer $RECONEER_API_KEY" \
  "https://www.reconeer.com/api/domain/example.com?format=csv" \
  -o example.com_subs.csv

POST `/api/domain/bulk` Premium

Query up to 50 domains in a single request. Saves round-trips when working across a full scope.

curl -X POST -H "Authorization: Bearer $RECONEER_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"domains":["example.com","example.org","example.net"]}' \
  https://www.reconeer.com/api/domain/bulk

Response: {"count": N, "domains": { "example.com": [...], "example.org": [...] }}

GET `/api/ip/{ip}`

List all subdomains observed pointing at a given IP. Useful for shared-hosting / CDN pivots.

curl -H "Authorization: Bearer $RECONEER_API_KEY" \
  https://www.reconeer.com/api/ip/93.184.216.34

GET `/api/subdomain/{subdomain}`

Reverse lookup: find the apex + resolved IP for a specific subdomain.

curl -H "Authorization: Bearer $RECONEER_API_KEY" \
  https://www.reconeer.com/api/subdomain/api.example.com

Using Reconeer with Subfinder

Reconeer is a default source in subfinder (added in PR #1694). No config file edits needed:

# Either: export the env var (one-time per shell session)
export RECONEER_API_KEY=YOUR_API_KEY
subfinder -d example.com

# Or: pass it in subfinder's provider config (~/.config/subfinder/provider-config.yaml)
reconeer:
  - YOUR_API_KEY

To use only Reconeer (skip other sources): subfinder -d example.com -s reconeer

Reconeer CLI

The standalone Go CLI gives you the fastest single-domain or bulk-list query without subfinder overhead.

go install github.com/reconeer/reconeer/cmd/reconeer@latest

Flag	Description
`-d, -domain`	Domain to enumerate (repeatable)
`-dL, -list`	File with one domain per line; `-` for STDIN
`-k, -api-key`	API key (or set `RECONEER_API_KEY`)
`-jsonl`	Output JSON Lines (one object per subdomain)
`-o, -output`	Write to file (default STDOUT)
`-rl`	Max requests per second (default 3)
`-silent`	Only print subdomains, no banner
`-v`	Verbose logging

Common workflows

Pipe to httpx (alive-host filtering)

reconeer -d target.com -silent | httpx -silent

Bulk scope from a file

reconeer -dL scope.txt -silent -o all_subs.txt

JSON Lines into jq

reconeer -d target.com -jsonl | jq -r '.subdomain'

Export CSV for Burp Suite / spreadsheets (Premium)

curl -sH "Authorization: Bearer $RECONEER_API_KEY" \
  "https://www.reconeer.com/api/domain/target.com?format=csv" \
  > target.com_subs.csv

Bulk-domain query (Premium)

cat scope.txt | jq -R . | jq -s '{domains: .}' | \
  curl -X POST -H "Authorization: Bearer $RECONEER_API_KEY" \
    -H "Content-Type: application/json" -d @- \
    https://www.reconeer.com/api/domain/bulk

Rate limits

Anonymous (no key): a small daily allowance from your IP — for evaluation only.
Free tier: 10 queries per day per API key. Resets at 00:00 UTC.
Premium ($49/mo): unlimited queries, CSV/TSV export, bulk endpoint, priority. Upgrade →

When you hit the free cap, the API responds with HTTP 429 and an upgrade message. Premium accounts never see 429 from Reconeer.

Errors

Status	Meaning	What to do
`401`	Invalid or missing API key	Check the header / env var spelling. Key visible at /dashboard.
`402`	Premium feature on a free key	Endpoint requires `tier=premium`. Upgrade or use the free endpoint.
`404`	No data for this domain/IP/subdomain	Reconeer doesn't have observed data yet. Premium also triggers an async scan to fill the gap.
`429`	Daily quota reached	Wait 24h or upgrade to Premium.
`500`	Server error	Retry once. If it persists, let us know.

Reconeer API & CLI