reddit hackernews mail facebook facebook linkedin


A high performance offensive security tool for reconnaissance and vulnerability scanning.

- DNS details
- DNS visual mapping using DNS dumpster
- WHOIS information
- TLS Data - supported ciphers, TLS versions, certificate details and SANs
- Port Scan
- Services and scripts scan
- URL fuzzing and dir/file detection
- Subdomain enumeration - uses Google dorking, DNS dumpster queries, SAN discovery and bruteforce
- Web application data retrieval:
* CMS detection
* Web server info and X-Powered-By
* robots.txt and sitemap extraction
* Cookie inspection
* Extracts all fuzzable URLs
* Discovers HTML forms
* Retrieves all Email addresses
* Scans target for vulnerable S3 buckets and enumerates them for sensitive files
- Detects known WAFs
- Supports anonymous routing through Tor/Proxies
- Uses asyncio for improved performance
- Saves output to files - separates targets by folders and modules by files