/* global React, ReactDOM */ const { useState, useEffect, useRef } = React; const Icon = ({ name, size = 20, stroke = 1.6 }) => { const props = { width: size, height: size, viewBox: "0 0 24 24", fill: "none", stroke: "currentColor", strokeWidth: stroke, strokeLinecap: "round", strokeLinejoin: "round" }; const paths = { arrow: <>, download: <>, }; return {paths[name]}; }; const Brand = () => ( beyondrecon ); const Nav = () => { const [scrolled, setScrolled] = useState(false); useEffect(() => { const onScroll = () => setScrolled(window.scrollY > 24); window.addEventListener("scroll", onScroll); return () => window.removeEventListener("scroll", onScroll); }, []); return ( ); }; /* TERMINAL */ const TERMINAL_SCRIPT = [ { type: "cmd", text: "recon --target acme-corp.io --scope external" }, { type: "out", text: "[*] Initializing reconnaissance against acme-corp.io" }, { type: "out", text: "[*] DNS enumeration · subdomain bruteforce · cert mining", delay: 400 }, { type: "ok", text: "[+] 247 subdomains · 41 IPs · 12 ASNs discovered", delay: 600 }, { type: "out", text: "[*] Service fingerprinting on 247 hosts...", delay: 300 }, { type: "warn", text: "[!] Port 8080 → Jenkins 2.289 (CVE-2021-2114)", delay: 500 }, { type: "warn", text: "[!] Port 6379 → Redis 5.0.3 · NO AUTH · publicly exposed", delay: 500 }, { type: "crit", text: "[CRIT] api-staging.acme-corp.io · default credentials", delay: 600 }, { type: "crit", text: "[CRIT] SSRF → AWS metadata · IAM role: prod-deploy-svc", delay: 700 }, { type: "crit", text: "[CRIT] s3://acme-customer-data · 4.2M records · world-readable", delay: 800 }, { type: "ok", text: "[+] Engagement complete · 14 findings · report drafted", delay: 600 }, { type: "dim", text: "──────────────────────────────────────────────────" }, { type: "dim", text: " CRITICAL 3 HIGH 5 MEDIUM 4 LOW 2" }, ]; const Terminal = () => { const [lines, setLines] = useState([]); const ref = useRef(); useEffect(() => { let cancelled = false; let i = 0; let buf = []; const loop = async () => { if (cancelled) return; if (i >= TERMINAL_SCRIPT.length) { await new Promise(r => setTimeout(r, 4000)); if (cancelled) return; i = 0; buf = []; setLines([]); loop(); return; } const item = TERMINAL_SCRIPT[i]; if (item.type === "cmd") { let typed = ""; setLines([...buf, { type: "cmd-typing", text: "" }]); for (let c = 0; c < item.text.length; c++) { if (cancelled) return; typed += item.text[c]; setLines([...buf, { type: "cmd-typing", text: typed }]); await new Promise(r => setTimeout(r, 18 + Math.random() * 30)); } buf = [...buf, { type: "cmd", text: item.text }]; setLines(buf); await new Promise(r => setTimeout(r, 350)); } else { buf = [...buf, item]; setLines(buf); await new Promise(r => setTimeout(r, item.delay || 250)); } i++; loop(); }; loop(); return () => { cancelled = true; }; }, []); useEffect(() => { if (ref.current) ref.current.scrollTop = ref.current.scrollHeight; }, [lines]); const renderLine = (l, idx) => { if (l.type === "cmd" || l.type === "cmd-typing") { return ( recon@beyondrecon : ~/engagements/acme $ {l.text} {l.type === "cmd-typing" && } ); } const cls = { ok: "term-ok", warn: "term-warn", crit: "term-crit", out: "term-out", dim: "term-dim" }[l.type] || "term-out"; return {l.text}; }; return (
recon-cli · acme-corp.io · external
{lines.map(renderLine)}
); }; const Hero = () => (
Founded by bug bounty hunters

We dig deeper
than the checklist.

Pentesting from people who hunt bugs for a living. We respect your scope. and inside it, we don't stop at the first finding. We keep going until we've actually understood what an attacker could do.

); const MARQUEE_ITEMS = ["Google", "Ubiquiti", "SoundCloud", "Private programs", "HackerOne", "Bugcrowd", "Fortune 500s", "+ undisclosed"]; const Marquee = () => (

Our hackers have been
acknowledged by

{[...MARQUEE_ITEMS, ...MARQUEE_ITEMS, ...MARQUEE_ITEMS].map((t, i) => (
{t}
))}
); const SERVICES = [ { num: "01", name: "Web Apps & APIs", desc: "The bread and butter. Auth flows, IDOR, business logic abuse, GraphQL, OAuth chains. The bugs scanners miss.", tags: ["OWASP", "GraphQL", "OAuth"] }, { num: "02", name: "Network & Infra", desc: "External perimeter, internal pivots, AD attack paths. We assume the phish landed and keep going from there.", tags: ["AD", "Pivot", "Lateral"] }, { num: "03", name: "Cloud", desc: "AWS, Azure, GCP. IAM weirdness, exposed metadata, escape paths from compromised workloads.", tags: ["IAM", "K8s", "S3"] }, { num: "04", name: "Mobile", desc: "iOS and Android. Binary analysis, runtime instrumentation, pinning bypass, the data your app leaks at rest.", tags: ["iOS", "Android", "Frida"] }, { num: "05", name: "Red Team", desc: "Pick an objective. We'll get there. Phish, foothold, persistence, exfil. the whole chain, end to end.", tags: ["MITRE", "C2", "Phish"] }, { num: "06", name: "Code Review", desc: "Manual review by hackers who've written the same bugs. We find what SAST and tired interns can't.", tags: ["Audit", "SDLC", "Source"] }, ]; const Services = () => (
What we do

An idea of
what we hack.

Not a service catalog. If your stack isn't here, ask anyway. we've probably broken it before.

{SERVICES.map(s => (
{s.num} / 06

{s.name}

{s.desc}

{s.tags.map(t => {t})}
))}
); const METHOD_STEPS = [ { num: "01", name: "You message us", time: "Same day", short: "No sales calls. No forms.", desc: "You email or DM. We reply. usually within hours, from a real hacker, not a sales engineer. Tell us what you have, what you're worried about, and we'll tell you straight whether we're a fit.", checks: ["You talk to a hacker on day one", "No qualifying calls, no funnels", "Straight answer in 24 hours or less", "NDA in your hands by tomorrow"] }, { num: "02", name: "We scope it", time: "30 minutes", short: "One call. That's the intake.", desc: "Half an hour on a call. We agree what's in scope, what's explicitly out, and what 'done' looks like. Then we send a fixed quote and a start date. usually next week.", checks: ["One thirty-minute call", "Fixed price, no surprise invoices", "Start date within 7–10 days", "Plain-English statement of work"] }, { num: "03", name: "We hack", time: "As long as it takes", short: "Inside scope, all the way down", desc: "Manual testing, bug-bounty instincts, custom tooling. Your scope is the perimeter. and inside it, we go deeper than a checklist would. We don't call it done at the first finding; we keep digging until we understand what a real attacker could do.", checks: ["Strict respect for agreed scope", "Manual testing, not just scanners", "Daily updates on a shared channel", "We chase every lead inside the line"] }, { num: "04", name: "You get the report", time: "A few days after", short: "Findings your devs can ship", desc: "Every finding has a working PoC, the exact request, business impact, and a fix you can apply. Markdown, PDF, or straight into your Jira. No 80-page filler.", checks: ["Working PoC for every critical", "Engineering-ready fix steps", "Live readout call with your team", "Markdown · PDF · Jira import"] }, { num: "05", name: "We retest free", time: "Anytime within 60 days", short: "Until it's actually fixed", desc: "You patch, we re-test. No clock, no extra invoice. We re-issue the report clean once it's closed. for your auditors, your board, or your own peace of mind.", checks: ["Free retest within 60 days", "Re-issued clean report on close", "Attestation letter on request", "Always one DM away after"] }, ]; const Methodology = () => { const [active, setActive] = useState(0); const cur = METHOD_STEPS[active]; return (
How we work

Zero bureaucracy.
Just hacking.

Five steps from first DM to fixed bug. Hover any one to see what happens inside.

{METHOD_STEPS.map((s, i) => (
setActive(i)} onClick={() => setActive(i)} >
{s.num}
{s.name}
{s.short}
{s.time}
))}
PHASE {cur.num} · {cur.time}

{cur.name}

{cur.desc}

    {cur.checks.map(c =>
  • {c}
    • )}
); }; const Stats = () => (
{[ { num: <>0, lbl: "Sales engineers", desc: "You talk to a hacker on day one. Always." }, { num: <>24h, lbl: "Reply window", desc: "From first email to a real human answering. same day, usually." }, { num: <>100%, lbl: "Manual testing", desc: "Scanners are a starting point, not a deliverable." }, { num: <>60d, lbl: "Free retest", desc: "You patch, we verify. No clock, no extra invoice." }, ].map((s, i) => (
{s.lbl}
{s.num}
{s.desc}
))}
); const ContactForm = () => { const [status, setStatus] = useState("idle"); // idle | sending | sent | error const [errorMsg, setErrorMsg] = useState(""); const formRef = useRef(); const onSubmit = async (e) => { e.preventDefault(); setStatus("sending"); setErrorMsg(""); try { const data = new FormData(formRef.current); const res = await fetch("https://api.web3forms.com/submit", { method: "POST", body: data }); const json = await res.json().catch(() => ({})); if (res.ok && json.success !== false) { setStatus("sent"); formRef.current.reset(); } else { setStatus("error"); setErrorMsg(json.message || "Something went wrong. Please email us directly."); } } catch (err) { setStatus("error"); setErrorMsg("Network error. Please email us directly at hello@beyondrecon.com."); } }; if (status === "sent") { return (

Message sent.

A hacker will read this and reply within 24 hours, usually sooner.

); } return (