R
toolbox chromos / Recon
External attack surface reviews for M365 businesses

Find what attackers can see before they do.

Recon is a fixed-price external reconnaissance and Microsoft 365 identity exposure review for small and mid-sized businesses. You get a clean executive report in 72 hours, without logins, agents, software installs, or a long contract.

Start a Recon review See what you get
72-hour delivery
No credentials required
Built for SMB leadership
recon report preview
Domain footprintmapped
Microsoft 365 signalsdetected
! DMARC and mail posturereviewed
! Exposed servicesprioritized
Executive PDFready

$ report --format leadership --noise low
Ready: findings, evidence, remediation roadmap
Built for organizations using Microsoft 365Entra IDExchange Onlinepublic DNSweb appscloud infrastructure

A security assessment people will actually read.

Most vulnerability exports are noisy. Recon turns the public view of your business into a short, useful report: what is exposed, why it matters, and what to fix first.

Snapshot

External ASM Snapshot

Public-facing domains, subdomains, email posture, web services, exposed technologies, and prioritized findings.

$2,500

3 business days plus 30-minute readout.

Deep Dive

External + Identity Review

Add Microsoft 365 and Entra-focused identity exposure review for organizations that need more than a surface scan.

$5,000

5 business days plus workshop.

Retainer

Continuous Monitoring

Monthly re-scan, change tracking, quarterly review call, and practical notes for your IT provider or internal admin.

$1,500/mo

Designed for lean teams without a SOC.

What the report covers.

Recon focuses on the public internet boundary: the information a stranger, competitor, or attacker can observe before any phishing email or exploit attempt.

Positioning note: this is a passive external review. No client credentials, no agents, no software installation, and no intrusive access to internal systems.

Host inventory

Canonical hostnames, public IPs, ports, web titles, technologies, and observations.

M365 posture

Tenant indicators, mail authentication, DNS hygiene, MTA-STS, TLS reporting, and identity signals.

Risk findings

Plain-English severity, evidence, impact, and remediation guidance.

Executive summary

A readable overview for leadership, insurance discussions, and technical follow-up.

Simple three-step engagement.

Start with a company name, domain, and point of contact.

Scope the domainConfirm the public domain and business context. No login or installation needed.
Run passive reconCollect public evidence from DNS, web exposure, identity signals, historical sources, and open infrastructure.
Deliver the reportReceive the PDF, remediation roadmap, and a 30-minute readout focused on practical fixes.
High example
Missing or weak DMARC enforcement
Your domain may be easier to impersonate in phishing or vendor fraud attempts.
Medium example
Exposed remote management or admin interface
Public service exposure increases risk and may need access controls or firewall restrictions.
Info example
Historical URLs and sensitive patterns
Old paths, archived pages, robots.txt entries, and public metadata can reveal useful context.

Want to see your outside view?

Send the domain. Get a focused review that tells you what is visible and what to fix first.

Request review