ProjectDiscovery.io
@pdiscoveryio
Followers
29,761
Following
121
Media
374
Statuses
2,102
Making cybersecurity accessible to everyone. Join us for the security conference for all things open source: Hardly Strictly Security:
Joined July 2019
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Rio Grande do Sul
• 160450 Tweets
Madonna
• 125663 Tweets
Nathan
• 121544 Tweets
Tottenham
• 54943 Tweets
Spurs
• 45826 Tweets
#CHETOT
• 35127 Tweets
#الاهلي_ضمك
• 25911 Tweets
bruno mars
• 24842 Tweets
Ange
• 20528 Tweets
Guinea
• 19548 Tweets
Boris Johnson
• 19383 Tweets
Sundowns
• 19379 Tweets
Hayer
• 18299 Tweets
#debatBFMTV
• 16951 Tweets
Kaizer Chiefs
• 13978 Tweets
Mudryk
• 11862 Tweets
[NEW-PROJECT] 🥳🥳
Katana –– A next-generation crawling and spidering framework.
→ Standard / Headless
→ Customizable Config
→ Scope control
→ Output Filters
GitHub Project ––
#hackwithautomation
#cybersecurity
#crawler
#opensource
#bugbounty
78
571
2K
With the latest version of Uncover, now easily search for exposed assets using multiple search engines at once.
→ Shodan
→ Censys
→ FOFA
→ Hunter
→ Quake
GitHub Release:
#hackwithautomation
#recon
#assetdiscovery
#security
#bugbounty
#bugbountytips
26
365
1K
🚨 NEW Feature Alert! 🚨
📸 With the httpx v1.3.0 release you can now take screenshots of target URLs, pages, or endpoints along with the rendered DOM! 😱
⌨️ Update httpx with the -up option now to try it out!
What are you waiting for! 🤘
#hackwithautomation
#bugbounty
24
150
625
New Tool Announcement 🔊🔊
𝗖𝗹𝗼𝘂𝗱𝗹𝗶𝘀𝘁 — A multi-cloud tool for listing 𝗔𝘀𝘀𝗲𝘁𝘀 from various cloud providers, intended to used by 𝗯𝗹𝘂𝗲 𝘁𝗲𝗮𝗺𝘀 for attack surface management.
#hackwithautomation
#devops
#assetmanagement
3
172
599
[NEW - RELEASE]
Interactsh: Open-Source Solution for OOB Testing
Blog Release -
GitHub Project -
#opensource
#oob
#security
#pentest
#bugbounty
13
278
607
Did you know? You can pull subdomains using PTR records for a given list of IPs / CIDRs using 𝗗𝗡𝗦𝗫
𝘤𝘢𝘵 𝘪𝘱𝘴 | 𝘥𝘯𝘴𝘹 -𝘱𝘵𝘳 -𝘳𝘦𝘴𝘱-𝘰𝘯𝘭𝘺
Github:
#hackwithautomation
#recon
#bugbounty
#pentest
4
217
551
Exciting news! We're thrilled to announce the release of
#pdtm
, an
#opensource
tool manager for all the projects from ProjectDiscovery. Streamline your workflow and optimize your tools with ease.
Check it out ––
#toolmanagement
#bugbounty
#security
11
149
539
We just released another tool — 𝗣𝗿𝗼𝘅𝗶𝗳𝘆 💥💥
Swiss Army knife Proxy tool for HTTP/HTTPS traffic capture, manipulation and replay on the go.
𝗣𝗿𝗼𝘅𝗶𝗳𝘆:-
#hackwithautomation
#bugbountytools
#bugbounty
#proxy
#mitm
4
135
511
🥳🥳 WE ARE GOING FULL-TIME. We just secured $1.7mn of funding in our seed round from some amazing people from the security community. Here is the blog —
#opensource
#community
#security
#announcement
42
96
494
Worried about active port scanning? thanks to
@shodanhq
Internetdb API, with the latest release of Naabu, Now you can quickly pull all the open ports of your targets without actually scanning them 🎉
Shoutout to
@breno_css
for the idea 👐
GitHub Release:
14
149
484
We just
#opensourced
wappalyzergo — A high-performance go implementation of wappalyzer technology detection library.
already part of
#httpx
development version and will be part of next release.
#Library
—
#opensource
#osint
#recon
7
158
473
We are open-sourcing another utility yet powerful tool
#httpx
- A fast and multi-purpose HTTP toolkit allows us to run multiple probers.
Check out the latest addition in the opensource section at -
#opensourced
#security
#http
#bugbountytips
#bugbounty
11
181
478
[TOOL RELEASE] - 𝗦𝗶𝗺𝗽𝗹𝗲𝗛𝗧𝗧𝗣𝗦𝗲𝗿𝘃𝗲𝗿 - Go alternative of python SimpleHTTPServer
✅ TCP server with customizable response
✅ File server with an arbitrary directory
✅ File upload support
✅ HTTPS support
✅ Basic auth support
#opensource
2
151
453
🚨 New releases 🚨
🌀 dnsx v1.1.3
🌀 subfinder v2.5.7
🌀 naabu v2.1.4
🌀 mapcidr v1.1.1
🌀 interactsh v1.1.2
🌀 chaos-client v0.5.1
🌀 katana v1.0.0 🥳
🌀 simplehttpserver v0.0.6
🌀 proxify v0.0.9
🔥 Update all your tools with pdtm -ua! 🔥
#hackwithautomation
4
109
443
Use the powerful
@ipinfoio
CLI tool to quickly look at your target domain's IP space.
GitHub:
-
-
-
#hackwithautomation
#passive
#recon
#osint
#bugbounty
IPinfo can summarize IP details for you! We have two ✨free✨ options:
📊Our data visualization tool which accepts up to 500,000 IPs!
💻A magical little CLI tool, simply paste the following:
cat ips.txt | ipinfo summarize
0
5
33
18
125
396
We are open sourcing another handy tool for all types of your DNS queries.
#bugbounty
#security
#pentest
#dns
4
145
389
Use dnsx to bruteforce subdomains and filter the successful requests with httpx!
⌨️ dnsx -d roots.txt -w <key,words> | httpx -sc -mc 200
🌀 Install dnsx 👉
🌀 Install httpx 👉
#hackwithautomation
#security
#bugbounty
7
149
391
Tool update 🔊🔊
We reworked dnsprobe, fixed multiple bugs, added new features, added new flags tailored for better UX and use of data and new project. A simple DNS utility tool for all needs.
dnsx —
#hackwithautomation
#bugbounty
#pentest
#infosec
6
99
376
7
133
373
[NEW-RELEASE] 🔊🔊
Uncover - Go wrapper using APIs of well-known search engines to quickly discover exposed hosts on the internet.
GitHub Project:
#hackwithautomation
#recon
#osint
#security
#bugbounty
10
127
367
🚀 Introducing Alterx! A fast, customizable & target-aware subdomain wordlist generator using patterns!
🌐 Perfect for active subdomain enumeration pipelines, it allows users to create their own patterns for better efficiency & effectiveness 🔥
…
12
103
369
Speed up your subdomain port scanning by querying A records from a list subdomains and removing duplicate IP addresses 🏃♀️💨
You can do this easily by chaining subfinder, dnsx, sort and naabu together:
subfinder -d <domain> 🔗 dnsx -a -ro 🔗 sort -u 🔗 naabu
14
132
355
A Guide to DNS Takeovers: The Misunderstood Cousin of Subdomain Takeovers by
@pry0cc
/
@hakluke
#hackwithautomation
#security
#bugbounty
18
172
341
Use asnmap and tlsx to map out the IP ranges of an ASN and then extract domain names from their TLS certificates!
#HackwithAutomation
#ASNmap
#TLSx
3
97
331
#httpx
v1.0.2 is out with more probes.
- Added IP extraction
- Added CNAME extraction
- Added CDN check
- Added String based match/filter
- Added Regex based match/filter
and more
#bugbountytools
#hackwithautomation
#bugbountytips
6
95
331
Discover open ports for an IP address with uncover! 🤘
⏱ Get a quick, at-a-glance view of the type of device that is running behind an IP address to help you make decisions based on the open ports!
Install Uncover now 👉
#hackwithautomation
7
98
314
A remote source disclosure vulnerability was discovered in "PHP Development Server versions <= 7.4.21" by
@rootxharsh
@iamnoooob
Check out the blog for details ––
#php
#cybersecurity
#research
#appsec
#bugbounty
4
131
307
🚨 Major
#Nuclei
Update 🚨
Nuclei v3 is out TODAY! There are TONS of new features in this
#OpenSourceSecurity
update and we're excited to share it with our community. Check out some of the available features of Nuclei v3 in this blog 👇
8
116
312
Looking for ways to convert your target IPs into CIDR notation or the other way around? Using mapCIDR, perform multiple operations on a given set of CIDRs and IPs.
⚡️ IP to CIDR aggregation
⚡️ CIDR to IP expansion
for more details.
#hackwithautomation
12
83
311
We FOSS another tiny utility that let you post all your burp collab incoming connections directly to discord/slack, ease the automation process around blind testing for long running tests.
Notify —
#hackwithautomation
#bugbounty
#pentest
#infosec
7
89
303
We have updated the list of subdomains of all the public bug bounty programs on
@Hacker0x01
@Bugcrowd
platform and will be refreshed daily at
want to add more public programs? make a PR with details at
#bugbounty
#bugbountytips
7
107
297
🚀 Unveiling the power of DNS Recon with dnsX v1.2.0!
Get all the DNS data you need for your domain or subdomain list with the new "-recon" option 🔍
🔗 GitHub Release:
#dns
#recon
#opensource
💡 Improve your recon game with dnsX! 👨💻👩💻
1
68
277
We are so excited to be holding our first UX study! Help us shape the future of cybersecurity and get some awesome swag while doing it!
Are you interested, or do you know people who may be? here is the survey link to share/follow ––
45
67
299
DNS bruteforcing top level domains using dnsx 🧰
⌨️ dnsx -d example.FUZZ -w topleveldomains.txt -re
This is a quick way to generate a list of country specific domains ⏱
Install dnsx here 👉
5
83
296
[Release] 𝗣𝗗 𝗔𝗰𝘁𝗶𝗼𝗻𝘀 - Continuous reconnaissance and vulnerability assessment using GitHub Actions.
Project:-
Blog:-
#opensource
#bugbounty
#cybersecurity
#appsec
#pentest
5
133
289
Today, we are proud to announce the private beta of Nuclei Cloud – expanding the power of nuclei with enterprise-grade SaaS capabilities built on top of the open-source project.
Sign up today
7
56
289
[BLOG] An investigation on open reverse proxy misconfiguration and automating the misconfiguration using nuclei templates by our own
@chrissullo
Part: 1
Part: 2
#hackwithautomation
#infosec
#security
#bugbounty
3
115
293
🆕 NEW release: cdncheck v.1.0.0! 🆕
🌀 cdncheck is a tool for identifying the technology associated with dns and ip network addresses including:
📡 CDN detection
☁️ CLOUD detection
🔥 WAF detection
Full release details 👇
#hackwithautomation
🔗
6
89
290
🚨 Explore the CVE jungle with ProjectDiscovery's cvemap! 🌐🛡️
A powerful tool integrating KEV, EPSS, POCs, and more data, for a comprehensive threat analysis. Stay on top of cybersecurity challenges with
#cvemap
!
#CyberSecurity
#HackWithAutomation
1
75
277
Discover more subdomains by extracting DNS names from TLS certificates! 🚀
⌨️ echo <IP-ADDRESS> | tlsx -san -cn -resp-only
-cn = display subject common names
-san = display subject alternative names
Install tlsx now 🔗
#hackwithautomation
1
88
268
#naabu
1.1.2 update:-
☑ Added CIDR support for port scan
☑ Added socket-based port scan to drop root privilege requirement.
☑ Added support to exclude IP's for port scan
☑ Added nmap helper script.
#bugbounty
#security
#portscan
#hackwithautomation
3
65
264
Get CIDR ranges owned by an organisation with asnmap, extract domain names using dnsx then check for CDNs, WAFs and cloud providers with cdncheck! 💡
Install these tools:
asnmap 👉
dnsx 👉
cdncheck 👉
2
88
259
A bug bounty hunters guide to building a fast one-shot recon script! 🚀
🎯 DNS enum
subfinder, shuffldns, haktrails, puredns + dnsx
🚢 Port scanning
nmap, httpx (+ naabu)
🕷 Crawling
gospider (+ katana)
Learn how 👇
#hackwithautomation
9
78
246
How to get a list of endpoints using Katana! 🥷
Option - Field (-f): Allows you to select a specific field.
Field - qurl: Only display the urls with a query parameter in it
💉 Useful for XSS, Injection attacks, CSRF and more! 🚀
#hackwithautomation
6
73
246
#shuffledns
1.0.3 update:-
Wildcard handling has always been an issue in DNS brute-forcing (especially in targets that have large assets). With the latest update, shuffledns handles most of the edge cases and huge improvements in speed too.
3
67
241
Katana v0.0.3 now supports defining custom fields for data extraction/collection. Check out the changelog for new features & bug fixes!
Feature Link -
GH Release -
#hackwithautomation
#infosec
#bugbounty
#webcrawling
7
53
239
Screenshotting with httpx! 📸
🌀 Use the -screenshot (-ss) option to capture screenshots of specific URLs, pages, or endpoints, including the rendered DOM! 😱
Install now 👉
#hackwithAutomation
7
51
235
#httpx
v0.0.3 updates:-
☑Added CIDR support as input.
☑Added Color support.
☑Added server fingerprinting
☑Added docker support
☑Added response as JSON output
☑Added a conditional redirect.
#hackwithautomation
#bugbounty
#security
#bugbountytips
2
61
226
How to extract subdomains using dnsx PTR queries from network ranges associated with an ASN.
⌨️ echo <ASN> | asnmap | dnsx -ptr
🌀 Install asnmap 👉
🌀 Install dnsx 👉
#hackwithautomation
#security
#bugbounty
6
99
224
NEW-RELEASE 📢📢
We've opensourced a web client for interactsh - A web-based user interface to visualize all the interactions.
Web Client -
GitHub Project:
#hackwithautomation
#oob
#opensource
0
75
230
Scan all of the IPs associated with the DNS record for a target using the scan-all-ips flag!
⌨️ naabu -scan-all-ips -host <target>
Install naabu 🔗
#hackwithautomation
#portscanning
#security
1
70
223
"apt install" now lets you install nuclei and other tools on
@kalilinux
💙💜
#hackwithautomation
#foss
#security
3
44
222
📚 Learn about the MOVEit Transfer SQL Injection vulnerability (CVE-2023-36934) in our latest blog.
Plus, we've also released
@pdnuclei
template to detect and aid quick mitigation.
#MOVEit
#Cybersecurity
#hackwithautomation
4
92
214
How to use dnsx to extract subdomains from an ASN using PTR query! 👇
Install dnsx today 🔗
#hackwithautomation
#security
#recon
0
49
211
Find well-hidden subdomains using the power of ✨permutations✨ with chaos, alterx and dnsx! 💪
Generate subdomain permutations using alterx on an existing list of passive subdomains from chaos and resolve using dnsx!
This yielded us 7 new subdomains! 👇
3
79
205
#Naabu
v2 is public now 🔥🔥
🚀 Updated scan strategy for speed and reliability
🔗 Added config file support
🔗 Added native nmap support
🔗 Added CDN exclusion for full port scanning
More —
#hackwithautomation
#portscanner
#bugbountytools
#bugbounty
5
77
202
[RELEASE-UPDATE] TLSX has been updated to include new options for detecting TLS misconfigurations.
GitHub:
#hackwithautomation
#sslscan
#security
#appsec
1
64
205
[NEW RELEASE]
ASNmap - A Go CLI and Library for quickly mapping organization network ranges using ASN information.
GitHub Project ––
Release Blog ––
#hackwithautomation
#recon
#asn
#osint
#asm
#security
#bugbounty
20
75
200
Introducing AIx, A simple CLI tool for interacting with Large Language Models (LLM) APIs! With AIx, you can easily query OpenAI's LLM APIs to ask about anything and get the answers straight to your CLI.
GitHub Project -
#AI
#LLM
#CLI
#OpenAI
#Opensource
5
55
194
🔊🔊 Important update to
#SubFinder
v2.4.0
🔥 Speed improvements
💡 Better memory management
🔗 New sources
👍 More subdomain results
Download latest release:-
#hackwithautomation
#bugbountytools
#bugbountytips
#infosec
#security
3
62
193
A proud milestone for our team and community 💙 for putting all the efforts across various projects we published.
#opensource
7
18
189
The Ultimate Guide to Finding Bugs With Nuclei by
@v3natoris
#hackwithautomation
#cybersecurity
#infosec
#bugbounty
5
86
189
Get IP ranges from an ASN with asnmap!
🌀 ASNs are extremely useful for reconnaissance because they allow you to enumerate IP prefixes owned by that organization 💪
Install asnmap 👉 🔗
#hackwithautomation
#security
#bugbounty
5
71
183
SimpleHTTPserver is a go enhanced version of the well known python simplehttpserver with an additional, fully customizable TCP server supporting TLS!
Install today! 👇
#hackwithautomation
0
65
187
[RELEASE-UPDATE]
New release of Naabu include a lot of new and long awaited features like IPv6 Port scan and also starting with this release, now it's possible to perform Host Discovery before port scan.
Release changelog:
#hackwithautomation
#portscan
3
65
185
Did you know you can use subfinder to list the IP address of each subdomain?
🌀 Here's how you can do it 👇
⌨️ subfinder -d <target> -oI -active
#hackwithautomation
#bugbounty
#security
9
56
184
It's been a year since we published
@pdnuclei
project, We completed 1000+ templates including 300+ cves templates ready to scan/use by everyone, Community contributions have made the project what it is.
#Opensource
#Community
#CyberSecurity
2
56
182
Now easily control the response data of your interactsh payload or domain on the fly as you need.
More details -
GitHub Release -
#hackwithautomation
#oast
#security
#bugbounty
4
71
186
𝗡𝗮𝗮𝗯𝘂 — A fast port scanner written in go, new release (v2.0.3) is out now.
This release includes multiple bug fixes and improvements.
Release:-
#hackwithautomation
#pentest
#bugbountytools
#portscan
0
43
182
#httpx
v1.0.6 is out with multiple additions and fixes.
✅ Display redirect chain status code
✅ Added allow/deny flag whitelist/block IPs/CIDRs
✅ Added extract-regex flag to print custom data
GitHub Release:
#hackwithautomation
#bugbountytool
#pentest
6
43
180
🚀 Just released our in-depth analysis of CVE-2023-22527, a critical RCE vulnerability in Atlassian Confluence Data Center & Server. 🛡️ Don't miss out on our findings and learn how to detect and protect your systems! 🔍
#cybersecurity
#CVE
#RCE
…
4
60
181
Customizable Index page along with static file hosting for frequently used online payloads for attacks such as XSS/XXE and more is now supported with self-hosted interactsh server 🎉🎉
Changelog:
#hackwithautomation
#oast
#appsec
#security
6
50
181
How to set up an upstream proxy with Burpsuite 🏊♀️
✍️ Setting Proxify as an upstream proxy for your web browser or
@Burp_Suite
is a great way to keep fully detailed logs that can be reviewed later.
Install Proxify 👉
This is how it's done👇
1
64
172
How to use dnsx for subdomain bruteforcing for quick and easy enumeration 🚀
dnsx -d <domain> -w <subdomain-wordlist>
Install dnsx now and try for yourself 👉
#hackwithautomation
5
53
171
Now quickly fetch endpoints of your target passively using latest release of katana v1.10
Checkout GitHub release for more details -
#hackwithautomation
#crawling
#passive
#osint
#discovery
3
33
171
#shuffleDNS
is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output support.
#bugbounty
#subdomains
1
63
167
3
62
167
New release for httpx is out including new features and bug fixes.
GitHub Release:
#hackwithautomation
#recon
#osint
1
29
165
[RELEASE-UPDATE] –– dnsx - v1.1.1
→ Added CAA dns query
→ Added CDN detection
→ Added AXFR zone transfer detection
and multiple bug fixes.
GitHub Release:
#hackwithautomation
#dns
3
54
164
Nuclei V2.0 is here — a community powered scanner. We just wrote an article on its features and how could it fit in your security testing and DevOps workflow.
, do share feedbacks if you enjoyed reading it.
#hackwithautomation
#infosec
#pentesting
5
65
160
Proxify is a CLI tool for proxying, capturing, and manipulating HTTP(S) traffic 🚦
Runs in the CLI and written in Golang, proxify can be used on almost any device and is portable to remote servers without the need for a GUI! 😱
Try it now 👇
0
58
161
How to update all your projectdiscovery tools to their latest version with pdtm 🛍
All you need to do is use the Update All (-ua) option! 👇
Install pdtm now 👉
3
40
157
Latest subfinder release alert 🎉
Install v2.5.6 now: 👇
go install -v
Shout out to our new contributors:
👋 vzamanillo
👋 owenrumney
👋 EndPositive
See the full release details here 👇
2
30
149
A great addition to the templates by NkxxkN, Find all the GraphQL endpoint for your target to test further.
#bugbounty
#infosec
#security
0
47
146
Get a template started immediately while reading about the newest
#vulnerability
, by using
#opensourcesecurity
, AI, and the blog you read it in.
#Nuclei
Template AI Browser Extension. Now available.
2
48
151
Extract ASN records for a given list of domains or subdomains with dnsx 💪
Install dnsx 👉
#hackwithautomation
#security
#bugbounty
3
41
148
Unsure when your payload will get a pingback? And need to close the interactsh session for some reason? worry no more 😎 resumable session files are now supported in the newest Interactsh release.
Credits to
@ldionmarcil
for the idea.
#hackwithautomation
#bugbounty
#oast
6
28
147
Introducing openrisk, our first AI-powered tool! This new tool creates a simple risk score by feeding a nuclei scan output into OpenAI GPT-3.
Fun fact: Some code *in* openrisk was written by GPT-3 too.
3
40
147
#httpx
v0.0.7 updates:-
☑Added TLS Probe (Subdomains from SSL)
☑Added Path/File Request support
☑Added Content-type fingerprinting
☑Added Matcher/Filters for Status Code/Length
#hackwithautomation
#bugbounty
#security
#bugbountytips
4
54
146
Hot new blog today on a recent
#CVE
#vulnerability
:
#Atlassian
#confluence
authentication bypass.
For those keeping track, this CVE's release date was only 2 days ago, and we already have a template for you all. 🔥
Read all about it here:
2
39
144
CDN, CLOUD and WAF detection with cdncheck! 😱
🌀 Supports IP + DNS input
🌀 Text + JSONL output
🌀 Easily extendable providers
Install now 👉
#hackwithautomation
#security
#bugbounty
1
46
142
Did you know you can use 'tee' to pipe the output of one command into multiple commands simultaneously?
Subdomain enumeration one liner
🪄 Pass a domain to subfinder AND dnsx (subdomain bruteforcing) and output to a file.
Here's how 👇
#hackwithautomation
3
33
139
Quickly map organization network ranges using asnmap and then pipe them to mapcidr to print all IP addresses!
🌀 Install asnmap 👉
🌀 Install mapcidr 👉
#hackwithautomation
#networking
#security
1
65
138
Working with a large network?
Split an entire network range into manageable subnets of 256 hosts with mapcidr.
⏱ 65536 subnets in less than a second 😮
Install mapcidr now 👉
Here's how👇
#hackwithautomation
3
32
138
Unlock the potential of Alterx in your enumeration pipeline! 🔥
💎 Seamlessly integrate it with subfinder and dnsx for comprehensive subdomain discovery and unveil hidden treasures!
Read this blog to level up your recon 👇
#hackwithautomation
3
34
131
Proxify - A portable CLI-based HTTP/Socks proxy written in Golang
#hackwithautomation
#proxy
#security
#opensource
1
46
134