Library
- Trickest Library
- Modules
- Attack Surface Management
- Cloud Storage
- Containers
- Content Discovery
- Discovery
- Fuzzing
- Machine Learning
- Misconfiguration
- Network
- OSINT
- Passwords
- Recon
- Scanners
- Secret Discovery
- Social Engineering
- Static Code Analysis
- Threat Intelligence
- Utilities
- Vulnerabilities
- Vulnerability Scanning
Discovery Tools
Explore a collection of powerful and efficient tools in the Discovery category to enhance your productivity and security.
404checker
Auxiliary script thought to be used in Red Team exercises to check if a URL redirects to a masked 404 (such as 200 that redirects to a Not found page or similars). URLs must be passed sorted in order to improve performance.
anew
Append lines from stdin to a file, but only if they don't already appear in the file. Outputs new lines to stdout too, making it a bit like a tee -a that removes duplicates.
apkurlgrep
ApkUrlGrep is a tool that allows extract endpoints from APK files.
aquatone
Aquatone is a tool for visual inspection of websites across a large number of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface.
aws-s3-data-finder
Find suspicious files (e.g. data backups, PII, credentials) across a large set of AWS S3 buckets and write the first 200k keys (by default) of listable buckets to a .json or .xml file (in buckets/) via AWS CLI or unauthenticated via HTTP requests.
bfac
BFAC (Backup File Artifacts Checker) is an automated tool that checks for backup artifacts that may disclose the web-application's source code. The artifacts can also lead to leakage of sensitive information, such as passwords, directory structure, etc.
cariddi
Take a list of domains, crawl URLs, and scan for endpoints, secrets, API keys, file extensions, tokens, and more...
carlospolop-hakoriginfinder
Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
cloudscraper
CloudScraper is a Tool to spider and scrape targets in search of cloud resources. Plug in a URL and it will spider and search the source of spidered pages for strings such as 's3.amazonaws.com', 'windows.net' and 'digitaloceanspaces'. AWS, Azure, Digital Ocean resources are currently supported.
crawlergo
A powerful browser crawler for web vulnerability scanners
dirsearch
Web path scanner
dora
Find exposed API keys based on RegEx and get exploitation methods for some of the keys that are found.
fallparams
Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
feroxbuster
A fast, simple, recursive content discovery tool written in Rust.
fuzzuli
URL fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain.
gau
getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain.
gauplus
A modified version of (http://wwww.github.com/lc/gau)
getjs
getJS is a tool to extract all the javascript files from a set of given urls. The urls can also be piped to gets, or you can specify a single url.
gittools-dumper
Download .git repositories from webservers which do not have directory listing enabled
gittools-dumper-extractor
Download .git repositories from webservers which do not have directory listing enabled and try to recover incomplete repositories
gittools-extractor
Try to recover incomplete git repositories; this can be used in combination with gittools-dumper in case the downloaded repository is incomplete
gittools-finder
Identify websites with publicly accessible .git repositories
git-wild-hunt
A tool to hunt for credentials in the GitHub wild AKA git*hunt.
gobuster-dir
A tool to brute-force directories and files in web sites.
golinkfinder
A minimal JS endpoint extractor. It's used to extract endpoints in both HTML source and embedded javascript files. Useful for bug hunters, red teamers, infosec ninjas.
gospider
Fast web spider written in Go
gowitness
gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. Both Linux and macOS is supported, with Windows support mostly working.
gowitness-db
gowitness version that outputs a sqlite3 database. gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. Both Linux and macOS is supported, with Windows support mostly working.
gowitness-nmap
gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process results. Both Linux and macOS is supported, with Windows support mostly working.
hakcheckurl
Takes a list of URLs and returns their HTTP response codes.
hakrawler
Fast golang web crawler for gathering URLs and JavaSript file locations. This is basically a simple implementation of the awesome Gocolly library.
httpx-screenshot
Take screenshots with httpx. Httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads
httpx-screenshot-zip
Take screenshots with httpx and export them to a zip archive. Httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads
jsluice
Extract URLs, paths, secrets, and other interesting bits from JavaScript
katana
A next-generation crawling and spidering framework.
kiterunner
Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning-fast speeds but also brute-forcing routes/endpoints in modern applications.
linkfinder
LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression.
mass-gitfinder
Identify websites with publicly accessible .git repositories
mass-linkfinder
A wrapper around LinkFinder to input a list of JS URLs. LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expression.
meg
Meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and repeating.
scanless
This is a Python 3 command-line utility and library for using websites that can perform port scans on your behalf. Scanners list: hackertaget: https://hackertarget.com; ipfingerprints: https://www.ipfingerprints.com; spirderip: https://spiderip.com; standingtech: https://portscanner.standingtech.com; t1shopper: http://www.t1shopper.com; viewdns: https://viewdns.info; yougetsignal: https://www.yougetsignal.com.
securitytrails-sql
Query Securitytrails API endpoint and embed the desired SQL queries.
sourcemapper
Extract JavaScript source trees from Sourcemap files
urlhunter
Urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go. It works by brute forcing the URL shortener services and publishing matched results on a daily basis. Urlhunter downloads their collections and lets you analyse them.
wappalyzer
Wappalyzer identifies technologies on websites, including content management systems, eCommerce platforms, JavaScript frameworks, analytics tools and much more.
waybackrobots
Enumerate old versions of robots.txt paths using Wayback Machine for content discovery
webanalyze
This is a port of Wappalyzer in Go. This tool is designed to be performant and allows to test huge lists of hosts.
webscreenshot
A simple script to screenshot a list of websites, based on the url-to-image PhantomJS script.
witnessme-grab
WitnessMe grab mode. WitnessMe is a primarily a Web Inventory tool inspired by Eyewitness, its also written to be extensible allowing you to create custom functionality that can take advantage of the headless browser it drives in the back-end.
witnessme-screenshot
WitnessMe screenshot mode. WitnessMe is a primarily a Web Inventory tool inspired by Eyewitness, its also written to be extensible allowing you to create custom functionality that can take advantage of the headless browser it drives in the back-end.
xnlinkfinder
A python tool used to discover endpoints (and potential parameters) for a given target
xurlfind3r
xurlfind3r is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.