Library
- Trickest Library
- Modules
- Attack Surface Management
- Cloud Storage
- Containers
- Content Discovery
- Discovery
- Fuzzing
- Machine Learning
- Misconfiguration
- Network
- OSINT
- Passwords
- Recon
- Scanners
- Secret Discovery
- Social Engineering
- Static Code Analysis
- Threat Intelligence
- Utilities
- Vulnerabilities
- Vulnerability Scanning
Workflows
Explore a collection of powerful and efficient workflows in the Content Discovery category to enhance your productivity and security.
Ultimate Web Brute-Forcer
Get all possible URLs for a web app through js extraction, fuzzing per dir level, wayback archive, remove false positives and do everything in parallel
Fuzz URL Levels - Multiple
Enumerate URLs for a list of hosts, then use a wordlist to fuzz for additional directories at each level.
Fuzz URL levels
Enumerate URLs for a host, then use a wordlist to fuzz for additional directories at each level.
Check URLs and send notification on diff
Take a list of URLs, request them, and send notification if changes occur in title, status code or content-length
Custom Parameter Discovery Wordlist
Collect URLs of a list of domains and generate a custom parameter discovery wordlist
Simple Content Discovery
Enumerate subdomains and discover URLs through multiple ways
Inventory 2.0 - URL enumeration
Enumerate URLs from passive sources and classify them based on potential vulnerabilities. Check out the URLs of public bug bounty programs on https://github.com/trickest/inventory
Inventory 2.0 - Web Spider
Actively crawl a list of web servers. Check out the crawled URLs of public bug bounty programs on https://github.com/trickest/inventory
Get Firebase Databases from Hosts
Permutate and alter hosts in order to find firebase instances.
Brute-Force Parameters - Single URL
Get all of the parameters that are used by a single url passed.
Single Web App Fuzz
Fuzz and spider a web application, get responses and zip files for further examination.
NPM Wordlist & NPM Package Finder
Find package.json files on list of hosts by creating wordlist by cloning OneListForAll and then brute-forcing list of hosts.
JavaScript Links and Paths
Find URLs/endpoints in a list of JavaScript files
Virtual Host Discovery
Enumerate virtual hosts
Crawl URLs and Discover JavaScript URLs & Endpoints
Crawl a web host and extract endpoints and URLs from its JavaScript code
Brute-Force Files & Directories on a List of Hosts
Fuzz a list of hosts for files/directories with a wordlist
Spider All Subdomains
Spider all subdomains and merge all results.
APK Discovery - Urls & Paths
Find URLs & Paths in an APK file
Get All Public Urls
Get all archived urls for a list of subdomains.
Get all urls and classify by vulnerability type
This workflow is used to gather ALL URLs and sort them by common vulnerabilities