Why this exists

Talon started from a simple observation: the passive reconnaissance checks that security researchers run before an engagement are available to anyone, yet most founders who just shipped a product have never run them against their own domain.

The gap isn't knowledge or intent. It's prioritisation. When you're shipping fast, security headers and exposed debug endpoints don't make the sprint. The assumption is usually that the threat model doesn't apply yet, that attackers go after enterprises, not indie products with 50 users.

That assumption fails in a specific and predictable way. Automated credential harvesting doesn't distinguish between a startup and a Fortune 500. If a Stripe key is in a public GitHub commit, it will be found and used within hours. The attack is automated; the company size is irrelevant.

Talon automates the passive checks and delivers them as a plain-English report to the person who can actually fix it. Submit your domain, get a report. No access required, no exploitation.

The deep scan goes further: active endpoint probing, JS bundle analysis, CORS configuration, Firebase and Supabase live rule checks, and optional static analysis of your repo. These are the same categories a security engineer would cover in the first hour of an assessment.