The Reconnaissance & Enumeration Certified Professional (RECP) is an industry-standard cybersecurity certification exam designed to validate a professional’s ability to perform effective reconnaissance and enumeration across modern attack surfaces.

RECP focuses on real-world decision-making, not tool memorization. The exam evaluates how candidates gather, analyze, and prioritize intelligence during the early stages of a security assessment or penetration test. Candidates are tested on their understanding of passive and active reconnaissance, OSINT techniques, network and service enumeration, web and API discovery, Active Directory enumeration, cloud reconnaissance, and operational security (OPSEC).

This 6-hour, scenario-based exam consists of 600 multiple-choice questions built around realistic attack scenarios, logs, command outputs, and investigative workflows. RECP is vendor-neutral, methodology-driven, and aligned with professional penetration testing and red team practices.

RECP is ideal for cybersecurity professionals who want to demonstrate strong reconnaissance fundamentals, improve attack surface awareness, and validate skills required in real-world offensive security engagements.

✅ EXAM MODULES (30 MODULE STRUCTURE)

Module 1: Reconnaissance Methodology & Kill Chain Context

Module 2: Passive vs Active Reconnaissance

Module 3: Recon Planning & Target Profiling

Module 4: Legal Boundaries & Ethical Reconnaissance

Module 5: OPSEC & Anti-Detection Techniques

Module 6: Domain & DNS Enumeration

Module 7: WHOIS, ASN & Infrastructure Mapping

Module 8: Subdomain Discovery & Validation

Module 9: IP Range & Network Footprinting

Module 10: CDN, WAF & Cloud Front Recon

Module 11: OSINT Fundamentals

Module 12: Organization & Employee OSINT

Module 13: Email, Username & Credential OSINT

Module 14: Social Media & Public Exposure Analysis

Module 15: Dark Web & Breach Intelligence

Module 16: Network Scanning & Host Discovery

Module 17: Service & Port Enumeration

Module 18: Banner Grabbing & Fingerprinting

Module 19: SNMP, SMB & Legacy Protocol Enumeration

Module 20: Firewall & IDS Evasion During Recon

Module 21: Web Application Enumeration

Module 22: Directory, Parameter & Endpoint Discovery

Module 23: API Enumeration & Token Discovery

Module 24: CMS, Framework & Technology Detection

Module 25: Authentication & Access Control Recon

Module 26: Active Directory Enumeration Fundamentals

Module 27: Domain Trusts, Users & Group Enumeration

Module 28: Cloud Recon (AWS, Azure, GCP Exposure)

Module 29: Internal Network Reconnaissance

Module 30: Recon Reporting, Risk Mapping & Attack Surface Analysis