Open Source Tools
Learn about ProjectDiscovery’s Open Source Tools
ProjectDiscovery produces a suite of open source tools tailored for offensive security: security engineers, bug bounty hunters, and red teamers. Our toolkit is structured around three distinct layers to optimize your security assessment and penetration testing processes. We also provide utilities and libraries as building blocks for an offensive security or bug bounty hunting program.
Let’s delve into the specifics of each category and its corresponding tools.
Discover
In the discovery phase, the goal is to map out the entire’s online presence, finding subdomains, open ports, and other valuable endpoints. The tools in this category are instrumental in revealing a comprehensive view of the target’s landscape. This stage includes tools like:
Subfinder
A robust tool focused on passive subdomain enumeration, providing a holistic view of a target’s online assets.
Cloudlist
A comprehensive tool for enumerating assets across multiple cloud providers, ensuring visibility into the cloud-based infrastructure of your target.
Naabu
A lightning-fast port scanner designed to swiftly identify open ports on target hosts, ensuring no potential entry point is overlooked.
Katana
A next-generation web crawling framework designed to navigate and parse web content efficiently, revealing hidden details of web assets.
Chaos
Offering an internet-wide asset data source, Chaos is crucial for expanding the scope of your asset discovery efforts.
Uncover
Designed to search and highlight exposed hosts across various APIs, ensuring that no stone is left unturned in the discovery phase.
ASNmap
Quickly map an organization’s network ranges using autonomous system number (ASN) information.
alterx
Fast and customizable subdomain wordlist generator using DSL.
shuffledns
massDNS wrapper to bruteforce and resolve the subdomains with wildcard handling support
Enrich
Once assets are discovered, the next step is to enrich the gathered data. This phase involves understanding the nature of the assets, the technologies behind them, and their exposure level. This stage includes tools like:
httpx
An essential HTTP toolkit that probes services, identifying crucial details about web servers, status codes, and other valuable metadata.
dnsx
A versatile DNS toolkit that allows for efficient operations such as mass DNS resolutions, wildcard testing, and more.
tlsx
Specialized for TLS-based data collection, Tlsx offers insights into certificates, cipher suites, and other SSL/TLS details of a target.
Detect
With the landscape mapped and details enriched, the next phase is detection. Here, the aim is to pinpoint exploitable vulnerabilities, ensuring a thorough risk assessment. This stage includes tools like:
Nuclei
A vulnerability scanner designed to identify exploitable weaknesses in the attack surface with a vast library of templates for various known vulnerabilities.
interactsh
An out-of-band (OOB) interaction gathering library, essential for identifying vulnerabilities that may not be immediately evident through conventional scanning methods.
cvemap
Navigate the Common Vulnerabilities and Exposures (CVE) jungle with ease using cvemap, a CLI tool designed to provide a structured and easily navigable interface to various vulnerability databases.
Notify
Streamlining the workflow, Notify allows users to stream the output of various tools to multiple platforms, ensuring real-time updates and alerts.
Utilities
These utilities can be combined with our other tooling based on the Unix philosophy to create pipelines and customize your offensive security or bug bounty hunting program.
pdtm
pdtm is a simple and easy-to-use tool for managing all of the open source projects from ProjectDiscovery.
mapcidr
A utility program to perform multiple operations for a given subnet/CIDR ranges.
cdncheck
A utility to detect various technologies for a given DNS / IP address.
aix
AIx is a cli tool to interact with Large Language Models (LLM) APIs.
proxify
Swiss Army Knife Proxy for rapid deployments.
simplehttpserver
A golang enhanced version of the well known python simplehttpserver.
Dive into the individual tool’s documentation to explore in-depth functionalities, usage examples, and best practices. Your journey into enhanced offensive security starts here!
Was this page helpful?