{"id":65004,"date":"2026-07-04T11:39:36","date_gmt":"2026-07-04T18:39:36","guid":{"rendered":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/"},"modified":"2026-07-04T11:39:36","modified_gmt":"2026-07-04T18:39:36","slug":"active-reconnaissance","status":"publish","type":"post","link":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/","title":{"rendered":"Active Reconnaissance: Techniques, Tools and Workflow (2026)"},"content":{"rendered":"<p><strong>Active reconnaissance<\/strong> is the phase where recon stops observing and starts interacting. Where <a href=\"\/wordpress\/passive-reconnaissance-techniques-for-penetration-testing\/\">passive reconnaissance<\/a> gathers intelligence from third parties without touching the target, active reconnaissance sends packets directly to it &#8211; scanning ports, fingerprinting services, capturing screenshots, and crawling applications &#8211; to turn a list of hosts into a detailed, current map of what each one is actually running. It is louder and higher-risk than passive recon, which is exactly why it demands discipline and scope.<\/p>\n<p>This guide covers active reconnaissance for 2026: how it differs from passive recon, the core techniques (port scanning, service and technology fingerprinting, screenshots, and endpoint discovery), how to stay in scope and safe, and how <a href=\"\/wordpress\/sn1per-professional-2026\/\">Sn1per<\/a> automates the whole active phase. It is a companion to the pillar on <a href=\"\/wordpress\/reconnaissance-methodology\/\">the reconnaissance methodology<\/a> and to the deep-dive on <a href=\"\/wordpress\/subdomain-enumeration\/\">subdomain enumeration<\/a>.<\/p>\n<h2 id=\"what-is\">What is active reconnaissance?<\/h2>\n<p>Active reconnaissance is the direct-interaction phase of recon: you query the target&#8217;s own infrastructure to learn what it exposes. That means resolving and probing hosts, scanning for open ports, identifying the service and version behind each port, fingerprinting web technologies, taking screenshots, and crawling for URLs and endpoints. Because it generates traffic the target can see and log, active recon is only run against assets you are authorized to test &#8211; and, in a disciplined methodology, only against the hosts that passive recon and <a href=\"\/wordpress\/subdomain-enumeration\/\">subdomain enumeration<\/a> already surfaced.<\/p>\n<h2 id=\"passive-vs-active\">Passive vs active reconnaissance<\/h2>\n<p>The two are sequential, not alternatives. Passive recon builds the broadest possible picture quietly; active recon goes deep on what passive recon found. Here is how they compare on the axes that matter:<\/p>\n<table>\n<thead>\n<tr>\n<th>Dimension<\/th>\n<th>Passive reconnaissance<\/th>\n<th>Active reconnaissance<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Interaction with target<\/td>\n<td>None &#8211; third-party data only<\/td>\n<td>Direct &#8211; sends traffic to the target<\/td>\n<\/tr>\n<tr>\n<td>Detectability<\/td>\n<td>Effectively invisible<\/td>\n<td>Visible in logs, IDS, and WAF<\/td>\n<\/tr>\n<tr>\n<td>Authorization needed<\/td>\n<td>Low (public data)<\/td>\n<td>High &#8211; explicit scope required<\/td>\n<\/tr>\n<tr>\n<td>Depth of detail<\/td>\n<td>Broad but shallow<\/td>\n<td>Deep &#8211; ports, versions, endpoints<\/td>\n<\/tr>\n<tr>\n<td>Typical tools<\/td>\n<td>crt.sh, theHarvester, urlscan.io<\/td>\n<td>Nmap, httpx, katana, gowitness<\/td>\n<\/tr>\n<tr>\n<td>Position in methodology<\/td>\n<td>First &#8211; build the map<\/td>\n<td>Second &#8211; enrich and validate it<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The rule of thumb: passive recon tells you what exists; active recon tells you what it is and whether it is worth attacking. For the passive half in depth, see our guide to <a href=\"\/wordpress\/passive-reconnaissance-techniques-for-penetration-testing\/\">passive reconnaissance techniques<\/a>.<\/p>\n<h2 id=\"port-scanning\">Port scanning and service detection<\/h2>\n<p>Port scanning is the backbone of active reconnaissance. It reveals which network services a host exposes &#8211; web on 80 and 443, but also SSH, SMB, RDP, databases, mail, and the long tail of application servers that never show up in a web crawl. <a rel=\"nofollow\" href=\"https:\/\/nmap.org\/\">Nmap<\/a> is the standard; naabu and masscan trade features for raw speed on large ranges. The step that turns a port number into intelligence is service and version detection: knowing that port 8009 is Apache JServ or that 7001 is WebLogic tells you exactly which enumeration and exploit path to follow. Sn1per runs a full Nmap port and service scan, then automatically fires the correct per-service enumeration &#8211; SMB share listing, database login checks, RDP and SSH audits &#8211; for every open port it finds.<\/p>\n<p>Two decisions shape every port scan. The first is coverage: a fast scan of the top 1,000 TCP ports finds the common services in seconds, while a full 65,535-port sweep catches the odd service hiding on a high port &#8211; the methodology usually runs the fast scan first and the full sweep only on hosts that look interesting. The second is protocol: TCP is the default, but UDP services such as DNS, SNMP, and IKE are easy to miss and often poorly secured, so a thorough pass covers both. Timing matters too, since aggressive scan rates can trip rate limits or degrade fragile services. Sn1per exposes fast and full port profiles with sensible timing defaults, so you can dial coverage against noise per engagement.<\/p>\n<h2 id=\"service-enum\">Service enumeration by protocol<\/h2>\n<p>An open port is only a lead; enumeration is what turns it into intelligence, and each protocol has its own playbook. On SMB (139\/445) you enumerate shares, users, and null sessions with tools like enum4linux and smbclient. On SSH (22) you audit supported algorithms and check for known authentication-bypass issues. On databases &#8211; MySQL, MSSQL, PostgreSQL, MongoDB, Redis &#8211; you probe for default credentials and unauthenticated access. On RDP (3389) you confirm the exposure and check the well-known pre-auth CVEs. On mail (25\/110\/143) you enumerate users and test for an open relay. Doing this by hand means remembering the right tool and flags for every service; Sn1per keys off the detected service and runs the matching enumeration automatically &#8211; shares, logins, audits, and safe CVE checks &#8211; for every open port in the workspace. That is what lets a single command enumerate dozens of services across dozens of hosts consistently.<\/p>\n<h2 id=\"fingerprinting\">Technology fingerprinting and screenshots<\/h2>\n<p>For web services, active recon identifies the stack: web server, framework, CMS, and any WAF in front. whatweb, webtech, and wig fingerprint technologies; wafw00f detects and identifies web application firewalls; and <a rel=\"nofollow\" href=\"https:\/\/github.com\/projectdiscovery\/httpx\">httpx<\/a> captures status codes, titles, and headers across hundreds of hosts at once. The highest-yield habit in this phase is visual recon: gowitness screenshots every live host so you can scan a wall of thumbnails and spot the odd login panel, the default install page, or the forgotten admin console in seconds. Sn1per runs the full fingerprinting set and captures a screenshot of every web port automatically, so the workspace becomes a browsable technology inventory without manual effort:<\/p>\n<pre><code># Active web reconnaissance: fingerprint, screenshot, crawl, discover\nsniper -t acme.com -m web -w acme\n\n[*] Live web hosts .......... 42\n[*] Technologies ............ nginx, WordPress, Apache Tomcat, Grafana\n[*] WAF detected ............ Cloudflare (17 hosts)\n[*] Screenshots captured .... 42  -&gt; loot\/workspace\/acme\/screenshots\/\n<\/code><\/pre>\n<p>Fingerprinting is not busywork &#8211; it is what makes every later phase efficient. Knowing that a host runs a specific CMS version, framework, or appliance tells you exactly which CVEs and misconfigurations are worth testing, so you skip the thousands of checks that could never apply and go straight to the handful that might. An accurate technology inventory is the difference between a scan that finishes in minutes with signal and one that runs for hours producing noise.<\/p>\n<h2 id=\"content\">Endpoint and content discovery<\/h2>\n<p>Once a web host is fingerprinted, active recon discovers what is on it. Active crawling with <a rel=\"nofollow\" href=\"https:\/\/github.com\/projectdiscovery\/katana\">katana<\/a> maps the live application; historical URL collection with gau and waybackurls recovers paths that are no longer linked; ffuf brute-forces directories and files; and JavaScript analysis extracts endpoints and secrets from client-side source. The goal is a complete inventory of URLs, parameters, and hidden endpoints &#8211; the raw material for the vulnerability-discovery phase. Sn1per chains active crawling, passive URL harvesting, directory brute force, and JavaScript analysis, then greps the collected URLs for high-value injectable parameters so the endpoints worth testing rise to the top of the workspace.<\/p>\n<p>Parameter discovery deserves special attention, because parameters are where injection lives. Beyond crawling, historical sources often reveal parameters that no longer appear in the live app but still work on the backend, and tools that mine JavaScript surface client-side routes and API paths the crawler never reaches. The output of this phase &#8211; a deduplicated set of URLs and parameters &#8211; is the direct input to vulnerability discovery, which is why thorough endpoint discovery does more for your hit rate than any single scanner.<\/p>\n<h2 id=\"safe\">Staying in scope: authorization and safe active scanning<\/h2>\n<p>Active reconnaissance is the phase most likely to get you in trouble, because it is traffic the target sees. Three rules keep it safe. First, authorization: only run active recon against assets covered by a bug bounty scope, a signed engagement, or your own ownership &#8211; and re-check scope before every run. Second, pace: aggressive scanning can degrade fragile services, so start with lighter, slower options and escalate only as needed. Third, start read-only: run discovery and fingerprinting before anything intrusive, review what you found, then decide what deserves a deeper look. Sn1per supports this by scoping every run to a workspace, gating the noisier phases behind explicit toggles, and offering lower-noise scan profiles so you control exactly how loud the active phase gets.<\/p>\n<p>A practical safeguard is to keep a clean separation between discovery and intrusion. Fingerprinting, screenshots, and endpoint mapping are low-impact and safe to run broadly; intrusive checks &#8211; brute force, injection testing, exploit attempts &#8211; should be gated behind a deliberate decision and pointed only at the hosts that earned the attention. Sn1per&#8217;s phased design and per-toggle gating make that separation the default rather than something you have to remember to enforce.<\/p>\n<h2 id=\"context\">Active recon in bug bounty vs red team engagements<\/h2>\n<p>The same techniques carry different constraints depending on the engagement. In bug bounty, active recon is bounded by the program&#8217;s scope and rate-limit rules, and the goal is breadth &#8211; cover the whole in-scope surface quickly to find the reachable bug before another hunter does, while staying polite enough not to trip protections and get flagged. In a red team engagement the goal is often the opposite: stay quiet. Here active recon is deliberately slowed and narrowed, favoring the least-noisy technique that answers the question, because tripping the blue team&#8217;s detection early can cost the whole operation. A recon platform helps in both cases by making the noisy phases explicit and tunable &#8211; you decide how much to run, how fast, and against which hosts, rather than firing everything at once.<\/p>\n<h2 id=\"sn1per\">Automating active reconnaissance with Sn1per<\/h2>\n<p>Sn1per automates the entire active-recon phase from one command. Its web mode handles fingerprinting, screenshots, crawling, and endpoint discovery; its normal mode adds full port and service enumeration and validated vulnerability checks across every host. Because everything lands in a named workspace, the active map is deduplicated, scored, and diffable against previous runs:<\/p>\n<pre><code># Full active pass: ports + services + web recon + validated findings\nsniper -t acme.com -m normal -w acme\n\n[*] Open ports (all hosts) ...... 88\n[*] Services fingerprinted ...... 61\n[*] Web endpoints discovered .... 1,240\n[*] Validated findings .......... 4  (see sc0pe risk report)\n<\/code><\/pre>\n<p>The enriched, active map then feeds the vulnerability-discovery and reporting phases of <a href=\"\/wordpress\/reconnaissance-methodology\/\">the reconnaissance methodology<\/a>, and scheduling the run turns point-in-time active recon into <a href=\"\/wordpress\/continuous-attack-surface-testing\/\">continuous attack surface testing<\/a>.<\/p>\n<h2 id=\"getting-started\">Getting started<\/h2>\n<p>Run active reconnaissance against a host you own. Start free with <a href=\"\/wordpress\/sn1per-community-edition\/\">Sn1per Community Edition<\/a> and run <code>sniper -t yourdomain.com -m web -w yourorg<\/code> to fingerprint and screenshot the surface, then <code>-m normal<\/code> to take it through ports, services, and validated findings. Move up to <a href=\"\/wordpress\/sn1per-professional-2026\/\">Sn1per Professional 2026<\/a> for scheduled runs and the JSON API, or browse every edition on the <a href=\"\/wordpress\/shop\/\">shop page<\/a>.<\/p>\n<h2 id=\"faq\">Frequently asked questions<\/h2>\n<h3>What is active reconnaissance?<\/h3>\n<p>Active reconnaissance is the phase of recon where you interact directly with the target &#8211; scanning ports, detecting services and versions, fingerprinting web technologies, capturing screenshots, and crawling for endpoints &#8211; to build a detailed map of what each host runs. Because it sends traffic the target can log, it is only run against authorized, in-scope assets, typically the hosts that passive recon and subdomain enumeration already surfaced.<\/p>\n<h3>What is the difference between active and passive reconnaissance?<\/h3>\n<p>Passive reconnaissance gathers intelligence from third-party sources without touching the target and is effectively invisible; active reconnaissance sends traffic directly to the target and is visible in logs, IDS, and WAF. Passive recon is broad but shallow and needs little authorization; active recon is deep &#8211; ports, versions, endpoints &#8211; and requires explicit scope. A good methodology runs passive first, then active on what it found.<\/p>\n<h3>Is active reconnaissance illegal?<\/h3>\n<p>Active reconnaissance is legal only against systems you are authorized to test &#8211; covered by a bug bounty program&#8217;s scope, a signed penetration-testing engagement, or your own ownership. Running port scans, crawls, or brute force against systems without permission can violate computer-misuse laws. Always confirm authorization and scope before any active step.<\/p>\n<h3>What tools are used for active reconnaissance?<\/h3>\n<p>Core active-recon tools include Nmap (and naabu or masscan) for port and service scanning, httpx for live-host probing, whatweb, webtech, and wafw00f for fingerprinting, gowitness for screenshots, and katana, gau, and ffuf for endpoint and content discovery. Sn1per orchestrates all of these automatically across every host in a workspace.<\/p>\n<h3>Does Sn1per automate active reconnaissance?<\/h3>\n<p>Yes. Sn1per&#8217;s web and normal modes automate the full active phase &#8211; port and service scanning, technology fingerprinting, screenshots, active and passive URL discovery, JavaScript analysis, and validated vulnerability checks &#8211; from a single command into a named workspace, with lower-noise profiles and scope guards so you control how aggressive each run is.<\/p>\n<p><script type=\"application\/ld+json\">\n{\"@context\":\"https:\/\/schema.org\",\"@type\":\"FAQPage\",\"mainEntity\":[\n{\"@type\":\"Question\",\"name\":\"What is active reconnaissance?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Active reconnaissance is the phase of recon where you interact directly with the target - scanning ports, detecting services and versions, fingerprinting web technologies, capturing screenshots, and crawling for endpoints - to build a detailed map of what each host runs. Because it sends traffic the target can log, it is only run against authorized, in-scope assets, typically the hosts that passive recon and subdomain enumeration already surfaced.\"}},\n{\"@type\":\"Question\",\"name\":\"What is the difference between active and passive reconnaissance?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Passive reconnaissance gathers intelligence from third-party sources without touching the target and is effectively invisible; active reconnaissance sends traffic directly to the target and is visible in logs, IDS, and WAF. Passive recon is broad but shallow and needs little authorization; active recon is deep - ports, versions, endpoints - and requires explicit scope. A good methodology runs passive first, then active on what it found.\"}},\n{\"@type\":\"Question\",\"name\":\"Is active reconnaissance illegal?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Active reconnaissance is legal only against systems you are authorized to test - covered by a bug bounty program's scope, a signed penetration-testing engagement, or your own ownership. Running port scans, crawls, or brute force against systems without permission can violate computer-misuse laws. Always confirm authorization and scope before any active step.\"}},\n{\"@type\":\"Question\",\"name\":\"What tools are used for active reconnaissance?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Core active-recon tools include Nmap (and naabu or masscan) for port and service scanning, httpx for live-host probing, whatweb, webtech, and wafw00f for fingerprinting, gowitness for screenshots, and katana, gau, and ffuf for endpoint and content discovery. Sn1per orchestrates all of these automatically across every host in a workspace.\"}},\n{\"@type\":\"Question\",\"name\":\"Does Sn1per automate active reconnaissance?\",\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"Yes. Sn1per's web and normal modes automate the full active phase - port and service scanning, technology fingerprinting, screenshots, active and passive URL discovery, JavaScript analysis, and validated vulnerability checks - from a single command into a named workspace, with lower-noise profiles and scope guards so you control how aggressive each run is.\"}}\n]}\n<\/script><\/p>\n<div id=\"wp-share-button-65004\" class=\"wp-share-button theme28\"><span class=\"total-share \"><i class=\"total-count-text\">Total Share<\/i> <i class=\"total-count\">0<\/i> <\/span><a target=\"_blank\" href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/\" class=\"share-button share-button-65004 facebook\" id=\"facebook\" data-nonce=\"85e826f1a5\">\r\n\r\n<span class=\"button-icon\"><\/span>\r\n<span class=\"button-name\">Facebook<\/span>\r\n\r\n<span class=\"button-count\">0<\/span>\r\n\r\n<\/a>\r\n\r\n<a target=\"_blank\" href=\"https:\/\/twitter.com\/intent\/tweet?url=https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/&amp;text=Active%20Reconnaissance:%20Techniques,%20Tools%20and%20Workflow%20(2026)\" class=\"share-button share-button-65004 twitter\" id=\"twitter\" data-nonce=\"85e826f1a5\">\r\n\r\n<span class=\"button-icon\"><\/span>\r\n<span class=\"button-name\">Twitter<\/span>\r\n\r\n<span class=\"button-count\">0<\/span>\r\n\r\n<\/a>\r\n\r\n<a target=\"_blank\" href=\"http:\/\/www.reddit.com\/submit?title=Active%20Reconnaissance:%20Techniques,%20Tools%20and%20Workflow%20(2026)&amp;url=https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/\" class=\"share-button share-button-65004 reddit\" id=\"reddit\" data-nonce=\"85e826f1a5\">\r\n\r\n<span class=\"button-icon\"><\/span>\r\n<span class=\"button-name\">Reddit<\/span>\r\n\r\n<span class=\"button-count\">0<\/span>\r\n\r\n<\/a>\r\n\r\n<a target=\"_blank\" href=\"https:\/\/www.linkedin.com\/shareArticle?url=https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/&amp;title=Active%20Reconnaissance:%20Techniques,%20Tools%20and%20Workflow%20(2026)&amp;summary=&amp;source=\" class=\"share-button share-button-65004 linkedin\" id=\"linkedin\" data-nonce=\"85e826f1a5\">\r\n\r\n<span class=\"button-icon\"><\/span>\r\n<span class=\"button-name\">Linkedin<\/span>\r\n\r\n<span class=\"button-count\">0<\/span>\r\n\r\n<\/a>\r\n\r\n<a title=\"More...\" href=\"#wp-share-button-65004\" class=\"share-button-more\"><span class=\"button-icon\"><i class=\"fa fa-plus\"><\/i><\/span><\/a><div class=\"wp-share-button-popup wp-share-button-popup-65004\"><div class=\"popup-buttons\"><span class=\"close\">X<\/span><a target=\"_blank\" href=\"mailto:?subject=Active%20Reconnaissance:%20Techniques,%20Tools%20and%20Workflow%20(2026)&amp;body=https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/\" class=\"share-button share-button-65004 email\" id=\"email\">\r\n\r\n<span class=\"button-icon\"><\/span>\r\n<span class=\"button-name\">Email<\/span>\r\n<span class=\"button-count\">0<\/span>\t\t\t\t\r\n\r\n<\/a>\r\n<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Active reconnaissance explained for 2026 &#8211; port scanning, service and technology fingerprinting, screenshots and endpoint discovery &#8211; the tools, the scope rules, and how Sn1per automates it safely.<\/p>\n","protected":false},"author":1,"featured_media":65005,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[290,80,289,334],"tags":[359,423,378,418,425,177,396,424,287,394,37],"class_list":["post-65004","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-attack-surface-management","category-bug-bounties","category-penetration-testing","category-red-team","tag-359","tag-active-reconnaissance","tag-attack-surface-management","tag-bug-bounty","tag-fingerprinting","tag-nmap","tag-offensive-security","tag-port-scanning","tag-reconnaissance","tag-red-team","tag-sn1per"],"aioseo_notices":[],"aioseo_head":"\n\t\t<!-- All in One SEO 4.9.9 - aioseo.com -->\n\t<meta name=\"description\" content=\"Active reconnaissance for 2026 - port scanning, service and tech fingerprinting, screenshots and endpoint discovery - the tools, the scope rules, and how Sn1per automates it safely.\" \/>\n\t<meta name=\"robots\" content=\"max-image-preview:large\" \/>\n\t<meta name=\"author\" content=\"xer0dayz\"\/>\n\t<link rel=\"canonical\" href=\"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/\" \/>\n\t<meta name=\"generator\" content=\"All in One SEO (AIOSEO) 4.9.9\" \/>\n\t\t<meta property=\"og:locale\" content=\"en_US\" \/>\n\t\t<meta property=\"og:site_name\" content=\"Sn1perSecurity\" \/>\n\t\t<meta property=\"og:type\" content=\"article\" \/>\n\t\t<meta property=\"og:title\" content=\"Active Reconnaissance: Techniques and Tools (2026)\" \/>\n\t\t<meta property=\"og:description\" content=\"Active reconnaissance for 2026 - port scanning, service and tech fingerprinting, screenshots and endpoint discovery - the tools, the scope rules, and how Sn1per automates it safely.\" \/>\n\t\t<meta property=\"og:url\" content=\"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/\" \/>\n\t\t<meta property=\"og:image\" content=\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/active-reconnaissance.png\" \/>\n\t\t<meta property=\"og:image:secure_url\" content=\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/active-reconnaissance.png\" \/>\n\t\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t\t<meta property=\"article:published_time\" content=\"2026-07-04T18:39:36+00:00\" \/>\n\t\t<meta property=\"article:modified_time\" content=\"2026-07-04T18:39:36+00:00\" \/>\n\t\t<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Sn1persecurity-105784611869093\" \/>\n\t\t<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n\t\t<meta name=\"twitter:site\" content=\"@sn1persecurity\" \/>\n\t\t<meta name=\"twitter:title\" content=\"Active Reconnaissance: Techniques and Tools (2026)\" \/>\n\t\t<meta name=\"twitter:description\" content=\"Active reconnaissance for 2026 - port scanning, service and tech fingerprinting, screenshots and endpoint discovery - the tools, the scope rules, and how Sn1per automates it safely.\" \/>\n\t\t<meta name=\"twitter:creator\" content=\"@sn1persecurity\" \/>\n\t\t<meta name=\"twitter:image\" content=\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/active-reconnaissance.png\" \/>\n\t\t<script type=\"application\/ld+json\" class=\"aioseo-schema\">\n\t\t\t{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"BlogPosting\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#blogposting\",\"name\":\"Active Reconnaissance: Techniques and Tools (2026)\",\"headline\":\"Active Reconnaissance: Techniques, Tools and Workflow (2026)\",\"author\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/author\\\/xer0dayz\\\/#author\"},\"publisher\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/#organization\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/active-reconnaissance.png\",\"width\":1200,\"height\":630,\"caption\":\"Sn1perSecurity guide cover: Active Reconnaissance - port scanning, service and technology fingerprinting, screenshots and endpoint discovery, automated by Sn1per\"},\"datePublished\":\"2026-07-04T11:39:36-07:00\",\"dateModified\":\"2026-07-04T11:39:36-07:00\",\"inLanguage\":\"en-US\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#webpage\"},\"isPartOf\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#webpage\"},\"articleSection\":\"Attack Surface Management, Bug Bounties, Penetration Testing, Red Team, 2026, active-reconnaissance, attack-surface-management, bug-bounty, fingerprinting, NMap, offensive-security, port-scanning, reconnaissance, red-team, sn1per\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#breadcrumblist\",\"itemListElement\":[{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress#listItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/category\\\/bug-bounties\\\/#listItem\",\"name\":\"Bug Bounties\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/category\\\/bug-bounties\\\/#listItem\",\"position\":2,\"name\":\"Bug Bounties\",\"item\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/category\\\/bug-bounties\\\/\",\"nextItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#listItem\",\"name\":\"Active Reconnaissance: Techniques, Tools and Workflow (2026)\"},\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress#listItem\",\"name\":\"Home\"}},{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#listItem\",\"position\":3,\"name\":\"Active Reconnaissance: Techniques, Tools and Workflow (2026)\",\"previousItem\":{\"@type\":\"ListItem\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/category\\\/bug-bounties\\\/#listItem\",\"name\":\"Bug Bounties\"}}]},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/#organization\",\"name\":\"Sn1perSecurity\",\"description\":\"Get an attacker's view of your organization with our all-in-one offensive security platform\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/\",\"email\":\"support@sn1persecurity.com\",\"foundingDate\":\"2021-10-05\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"value\":2},\"logo\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2022\\\/06\\\/Sn1perwhiteandcircleicontwitter.jpg\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#organizationLogo\",\"width\":500,\"height\":500,\"caption\":\"Sn1perSecurity Logo\"},\"image\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#organizationLogo\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/Sn1persecurity-105784611869093\",\"https:\\\/\\\/x.com\\\/sn1persecurity\",\"https:\\\/\\\/www.instagram.com\\\/sn1persecurity\",\"https:\\\/\\\/www.youtube.com\\\/sn1persecurity\",\"https:\\\/\\\/www.linkedin.com\\\/in\\\/sn1persecurity\\\/\",\"https:\\\/\\\/github.com\\\/1N3\\\/Sn1per\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/author\\\/xer0dayz\\\/#author\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/author\\\/xer0dayz\\\/\",\"name\":\"xer0dayz\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#authorImage\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/60111840c4f5a576635c5b9169e7322cec38bea67f56f0c141021c7579f230a4?s=96&d=mm&r=g\",\"width\":96,\"height\":96,\"caption\":\"xer0dayz\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#webpage\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/\",\"name\":\"Active Reconnaissance: Techniques and Tools (2026)\",\"description\":\"Active reconnaissance for 2026 - port scanning, service and tech fingerprinting, screenshots and endpoint discovery - the tools, the scope rules, and how Sn1per automates it safely.\",\"inLanguage\":\"en-US\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/#website\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#breadcrumblist\"},\"author\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/author\\\/xer0dayz\\\/#author\"},\"creator\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/author\\\/xer0dayz\\\/#author\"},\"image\":{\"@type\":\"ImageObject\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/wp-content\\\/uploads\\\/2026\\\/07\\\/active-reconnaissance.png\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#mainImage\",\"width\":1200,\"height\":630,\"caption\":\"Sn1perSecurity guide cover: Active Reconnaissance - port scanning, service and technology fingerprinting, screenshots and endpoint discovery, automated by Sn1per\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/active-reconnaissance\\\/#mainImage\"},\"datePublished\":\"2026-07-04T11:39:36-07:00\",\"dateModified\":\"2026-07-04T11:39:36-07:00\"},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/#website\",\"url\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/\",\"name\":\"Sn1perSecurity\",\"alternateName\":\"Sn1per\",\"description\":\"Get an attacker's view of your organization with our all-in-one offensive security platform\",\"inLanguage\":\"en-US\",\"publisher\":{\"@id\":\"https:\\\/\\\/sn1persecurity.com\\\/wordpress\\\/#organization\"}}]}\n\t\t<\/script>\n\t\t<!-- All in One SEO -->\n\n","aioseo_head_json":{"title":"Active Reconnaissance: Techniques and Tools (2026)","description":"Active reconnaissance for 2026 - port scanning, service and tech fingerprinting, screenshots and endpoint discovery - the tools, the scope rules, and how Sn1per automates it safely.","canonical_url":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/","robots":"max-image-preview:large","keywords":"","webmasterTools":{"miscellaneous":""},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"BlogPosting","@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#blogposting","name":"Active Reconnaissance: Techniques and Tools (2026)","headline":"Active Reconnaissance: Techniques, Tools and Workflow (2026)","author":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/author\/xer0dayz\/#author"},"publisher":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/#organization"},"image":{"@type":"ImageObject","url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/active-reconnaissance.png","width":1200,"height":630,"caption":"Sn1perSecurity guide cover: Active Reconnaissance - port scanning, service and technology fingerprinting, screenshots and endpoint discovery, automated by Sn1per"},"datePublished":"2026-07-04T11:39:36-07:00","dateModified":"2026-07-04T11:39:36-07:00","inLanguage":"en-US","mainEntityOfPage":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#webpage"},"isPartOf":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#webpage"},"articleSection":"Attack Surface Management, Bug Bounties, Penetration Testing, Red Team, 2026, active-reconnaissance, attack-surface-management, bug-bounty, fingerprinting, NMap, offensive-security, port-scanning, reconnaissance, red-team, sn1per"},{"@type":"BreadcrumbList","@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#breadcrumblist","itemListElement":[{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress#listItem","position":1,"name":"Home","item":"https:\/\/sn1persecurity.com\/wordpress","nextItem":{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/#listItem","name":"Bug Bounties"}},{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/#listItem","position":2,"name":"Bug Bounties","item":"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/","nextItem":{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#listItem","name":"Active Reconnaissance: Techniques, Tools and Workflow (2026)"},"previousItem":{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress#listItem","name":"Home"}},{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#listItem","position":3,"name":"Active Reconnaissance: Techniques, Tools and Workflow (2026)","previousItem":{"@type":"ListItem","@id":"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/#listItem","name":"Bug Bounties"}}]},{"@type":"Organization","@id":"https:\/\/sn1persecurity.com\/wordpress\/#organization","name":"Sn1perSecurity","description":"Get an attacker's view of your organization with our all-in-one offensive security platform","url":"https:\/\/sn1persecurity.com\/wordpress\/","email":"support@sn1persecurity.com","foundingDate":"2021-10-05","numberOfEmployees":{"@type":"QuantitativeValue","value":2},"logo":{"@type":"ImageObject","url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/06\/Sn1perwhiteandcircleicontwitter.jpg","@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#organizationLogo","width":500,"height":500,"caption":"Sn1perSecurity Logo"},"image":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#organizationLogo"},"sameAs":["https:\/\/www.facebook.com\/Sn1persecurity-105784611869093","https:\/\/x.com\/sn1persecurity","https:\/\/www.instagram.com\/sn1persecurity","https:\/\/www.youtube.com\/sn1persecurity","https:\/\/www.linkedin.com\/in\/sn1persecurity\/","https:\/\/github.com\/1N3\/Sn1per"]},{"@type":"Person","@id":"https:\/\/sn1persecurity.com\/wordpress\/author\/xer0dayz\/#author","url":"https:\/\/sn1persecurity.com\/wordpress\/author\/xer0dayz\/","name":"xer0dayz","image":{"@type":"ImageObject","@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#authorImage","url":"https:\/\/secure.gravatar.com\/avatar\/60111840c4f5a576635c5b9169e7322cec38bea67f56f0c141021c7579f230a4?s=96&d=mm&r=g","width":96,"height":96,"caption":"xer0dayz"}},{"@type":"WebPage","@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#webpage","url":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/","name":"Active Reconnaissance: Techniques and Tools (2026)","description":"Active reconnaissance for 2026 - port scanning, service and tech fingerprinting, screenshots and endpoint discovery - the tools, the scope rules, and how Sn1per automates it safely.","inLanguage":"en-US","isPartOf":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/#website"},"breadcrumb":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#breadcrumblist"},"author":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/author\/xer0dayz\/#author"},"creator":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/author\/xer0dayz\/#author"},"image":{"@type":"ImageObject","url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/active-reconnaissance.png","@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#mainImage","width":1200,"height":630,"caption":"Sn1perSecurity guide cover: Active Reconnaissance - port scanning, service and technology fingerprinting, screenshots and endpoint discovery, automated by Sn1per"},"primaryImageOfPage":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/#mainImage"},"datePublished":"2026-07-04T11:39:36-07:00","dateModified":"2026-07-04T11:39:36-07:00"},{"@type":"WebSite","@id":"https:\/\/sn1persecurity.com\/wordpress\/#website","url":"https:\/\/sn1persecurity.com\/wordpress\/","name":"Sn1perSecurity","alternateName":"Sn1per","description":"Get an attacker's view of your organization with our all-in-one offensive security platform","inLanguage":"en-US","publisher":{"@id":"https:\/\/sn1persecurity.com\/wordpress\/#organization"}}]},"og:locale":"en_US","og:site_name":"Sn1perSecurity","og:type":"article","og:title":"Active Reconnaissance: Techniques and Tools (2026)","og:description":"Active reconnaissance for 2026 - port scanning, service and tech fingerprinting, screenshots and endpoint discovery - the tools, the scope rules, and how Sn1per automates it safely.","og:url":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/","og:image":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/active-reconnaissance.png","og:image:secure_url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/active-reconnaissance.png","og:image:width":"1200","og:image:height":"630","article:published_time":"2026-07-04T18:39:36+00:00","article:modified_time":"2026-07-04T18:39:36+00:00","article:publisher":"https:\/\/www.facebook.com\/Sn1persecurity-105784611869093","twitter:card":"summary_large_image","twitter:site":"@sn1persecurity","twitter:title":"Active Reconnaissance: Techniques and Tools (2026)","twitter:description":"Active reconnaissance for 2026 - port scanning, service and tech fingerprinting, screenshots and endpoint discovery - the tools, the scope rules, and how Sn1per automates it safely.","twitter:creator":"@sn1persecurity","twitter:image":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/active-reconnaissance.png"},"aioseo_meta_data":{"post_id":"65004","title":"Active Reconnaissance: Techniques and Tools (2026)","description":"Active reconnaissance for 2026 - port scanning, service and tech fingerprinting, screenshots and endpoint discovery - the tools, the scope rules, and how Sn1per automates it safely.","keywords":null,"keyphrases":{"focus":{"keyphrase":"active reconnaissance","score":0,"analysis":[]}},"primary_term":null,"canonical_url":null,"og_title":null,"og_description":null,"og_object_type":"default","og_image_type":"featured","og_image_url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/active-reconnaissance.png","og_image_width":"1200","og_image_height":"630","og_image_custom_url":null,"og_image_custom_fields":null,"og_video":null,"og_custom_url":null,"og_article_section":null,"og_article_tags":null,"twitter_use_og":true,"twitter_card":"summary_large_image","twitter_image_type":"featured","twitter_image_url":null,"twitter_image_custom_url":null,"twitter_image_custom_fields":null,"twitter_title":null,"twitter_description":null,"schema":{"blockGraphs":[],"customGraphs":[],"default":{"data":{"Article":[],"Course":[],"Dataset":[],"FAQPage":[],"Movie":[],"Person":[],"Product":[],"ProductReview":[],"Car":[],"Recipe":[],"Service":[],"SoftwareApplication":[],"WebPage":[]},"graphName":"BlogPosting","isEnabled":true},"graphs":[]},"schema_type":"default","schema_type_options":null,"pillar_content":false,"robots_default":true,"robots_noindex":false,"robots_noarchive":false,"robots_nosnippet":false,"robots_nofollow":false,"robots_noimageindex":false,"robots_noodp":false,"robots_notranslate":false,"robots_max_snippet":null,"robots_max_videopreview":null,"robots_max_imagepreview":"large","priority":null,"frequency":null,"local_seo":null,"breadcrumb_settings":null,"limit_modified_date":false,"ai":null,"created":"2026-07-04 18:39:40","updated":"2026-07-04 18:50:29","seo_analyzer_scan_date":null},"aioseo_breadcrumb":"<div class=\"aioseo-breadcrumbs\"><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sn1persecurity.com\/wordpress\" title=\"Home\">Home<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">\u00bb<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\t<a href=\"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/\" title=\"Bug Bounties\">Bug Bounties<\/a>\n\t\t<\/span><span class=\"aioseo-breadcrumb-separator\">\u00bb<\/span><span class=\"aioseo-breadcrumb\">\n\t\t\tActive Reconnaissance: Techniques, Tools and Workflow (2026)\n\t\t<\/span><\/div>","aioseo_breadcrumb_json":[{"label":"Home","link":"https:\/\/sn1persecurity.com\/wordpress"},{"label":"Bug Bounties","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/bug-bounties\/"},{"label":"Active Reconnaissance: Techniques, Tools and Workflow (2026)","link":"https:\/\/sn1persecurity.com\/wordpress\/active-reconnaissance\/"}],"jetpack_featured_media_url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2026\/07\/active-reconnaissance.png","jetpack_shortlink":"https:\/\/wp.me\/pdnW96-gUs","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack-related-posts":[],"_links":{"self":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/65004","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/comments?post=65004"}],"version-history":[{"count":0,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/65004\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media\/65005"}],"wp:attachment":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media?parent=65004"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/categories?post=65004"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/tags?post=65004"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}