Workflows

Discover overlooked assets by enumerating subdomains, sub-subdomains, sub-sub-subdomains, ...

Completely Transparent Attack Surface Management designed to monitor companies for new assets and streamline the asset management through easily readable CSV files.

Efficiently discover live web servers across a large list of hosts

Scan AWS's IP space to enumerate SSL certificates info like CNs, SANs, and SOs., and more.

Expand ASNs to CIDR ranges and do port scan the top 1000 ports.

Resolving host names first can lead to a faster port scan and give you more visibility into your target's IP space

Search for the origin IP address of a web server by scanning a list of IP addresses as seen on https://trickest.com/blog/cloudflare-bypass-discover-ip-addresses-aws and https://trickest.com/blog/hundreds-of-ssrfs

Scan GCP's IP space for http ports as seen on https://trickest.com/blog/cloudflare-bypass-discover-ip-addresses-aws and https://trickest.com/blog/hundreds-of-ssrfs

Scan AWS's IP space for http ports as seen on https://trickest.com/blog/cloudflare-bypass-discover-ip-addresses-aws and https://trickest.com/blog/hundreds-of-ssrfs

The workflow that powers the subdomain enumeration feature of the best security automation Twitter bot https://twitter.com/trick3st_bot

Discover hostnames comprehensively through passive and active techniques, enumerate web servers, scan for open ports, and discover vulnerabilities, disclosed secrets, exposed panels, and more. The workflow uses previous results as seeds; run it regularly and it may discover new assets every time. To start, set your domain name, wordlist limit, vulnerability filter, Trickest token, and workflow ID

Enumerate subdomains for a list of domains using multiple effective techniques. Follow along the workflow creation process on https://trickest.com/blog/full-subdomain-brute-force-discovery-using-workflow/

Take screenshots of a list of web servers (in parallel) and analyze the screenshots using eyeballer

Find subdomains, check for available web servers and screenshot them.

Generate a custom subdomain brute-force wordlist from a list of CIDRs/IP ranges

Find live web servers for a list of subdomains. Check out the web servers of public bug bounty programs on https://github.com/trickest/inventory

Enumerate cloud assets for a list of companies/hosts, across AWS, GCP, Azure, DigitalOcean, Linode, and other cloud providers. Check out the cloud assets of public bug bounty programs on https://github.com/trickest/inventory

Enumerate hostnames/subdomains for a list of domains using multiple passive and active techniques. Check out the hostnames of public bug bounty programs on https://github.com/trickest/inventory

Brute-Force subdomain with a huge wordlist

Find s3 buckets by permutations of already known hostnames.

Get a list of IP addresses and CNAME values from a list of hosts.

Create a comprehensive and organized asset inventory of one or more companies - Check out the inventories of public bug bounty programs on https://github.com/trickest/inventory

Find cloud resources across different providers based on a target's name and hostnames

Port-scan a list of IP ranges

Resolve and port-scan a list of subdomains

Gather all subdomains from ProjectDiscovery's Chaos.