diff --git a/pkg/recon/stealth.go b/pkg/recon/stealth.go
new file mode 100644
index 0000000..ec11e77
--- /dev/null
+++ b/pkg/recon/stealth.go
@@ -0,0 +1,36 @@
+package recon
+
+import "math/rand"
+
+// userAgents is a curated pool of 10 realistic desktop/mobile browser
+// User-Agent strings used when Config.Stealth is enabled. The pool covers
+// Chrome/Firefox/Safari/Edge across Windows, macOS, Linux, iOS, and Android
+// to avoid UA-fingerprint blocking by OSINT targets.
+var userAgents = []string{
+	"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+	"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36",
+	"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 14.2; rv:121.0) Gecko/20100101 Firefox/121.0",
+	"Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0",
+	"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15",
+	"Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Mobile/15E148 Safari/604.1",
+	"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.2210.61",
+	"Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36",
+}
+
+// RandomUserAgent returns a pseudo-random browser User-Agent from the pool.
+// Used when Config.Stealth is true to rotate UA per outbound request.
+func RandomUserAgent() string {
+	return userAgents[rand.Intn(len(userAgents))]
+}
+
+// StealthHeaders returns a minimal header map carrying a rotated User-Agent
+// plus a stable Accept-Language. Recon sources merge this into their
+// outbound requests when stealth mode is enabled.
+func StealthHeaders() map[string]string {
+	return map[string]string{
+		"User-Agent":      RandomUserAgent(),
+		"Accept-Language": "en-US,en;q=0.9",
+	}
+}