# Trickest Platform Documentation ## Docs - [Blog](https://trickest.com/docs/blog.md): Trickest blog and updates - [Community](https://trickest.com/docs/community.md): Join the Trickest community on Discord - [CLI](https://trickest.com/docs/developer-tools/cli.md): Run Trickest workflows from your terminal with the official Trickest CLI. - [Solutions API](https://trickest.com/docs/developer-tools/solutions-api.md): Access and filter Live Table data programmatically using the Solutions API. - [Trickest Platform Documentation](https://trickest.com/docs/introduction.md) - [Building Blocks](https://trickest.com/docs/key-concepts/building-blocks/introduction.md): Scripts, tools, and modules as the executable nodes in your workflows. - [Modules](https://trickest.com/docs/key-concepts/building-blocks/modules.md): Module nodes as reusable subgraphs in workflows. - [Scripts](https://trickest.com/docs/key-concepts/building-blocks/scripts.md): Script nodes for custom automation and glue logic in workflows. - [Tools](https://trickest.com/docs/key-concepts/building-blocks/tools.md): Tool nodes as pre-packaged command-line programs in workflows. - [Introduction](https://trickest.com/docs/key-concepts/introduction.md): Core concepts that power the Trickest platform and how they work together. - [Machines & Fleet](https://trickest.com/docs/key-concepts/machines-and-fleet.md): Compute resources and fleets for running workflows. - [Roles & Permissions](https://trickest.com/docs/key-concepts/roles-and-permissions.md): Role-based access control and permissions in Trickest. - [Solutions & Database](https://trickest.com/docs/key-concepts/solutions-database.md): Solutions and live tables for storing and analyzing workflow results. - [Workflows](https://trickest.com/docs/key-concepts/workflows.md): What workflows are, how they work, and how they relate to runs and nodes. - [Workspaces & Projects](https://trickest.com/docs/key-concepts/workspaces-and-projects.md): How workspaces and projects organize your work in Trickest. - [Workflows](https://trickest.com/docs/library/attack-surface-management/workflows.md): Explore a collection of powerful and efficient workflows in the Attack Surface Management category to enhance your productivity and security. - [34 M Wordlist Subdomain Brute-Force](https://trickest.com/docs/library/attack-surface-management/workflows/34-m-wordlist-subdomain-brute-force.md): Brute-Force subdomain with a huge wordlist - [ASN Based Network Scan](https://trickest.com/docs/library/attack-surface-management/workflows/asn-based-network-scan.md): Expand ASNs to CIDR ranges and do port scan the top 1000 ports. - [Asset Discovery & Vulnerability Scanning](https://trickest.com/docs/library/attack-surface-management/workflows/asset-discovery-and-vulnerability-scanning.md): Discover hostnames comprehensively through passive and active techniques, enumerate web servers, scan for open ports, and discover vulnerabilities, disclosed secrets, exposed panels, and more. The… - [Custom subdomain brute-force wordlist from IP ranges](https://trickest.com/docs/library/attack-surface-management/workflows/custom-subdomain-brute-force-wordlist-from-ip-ranges.md): Generate a custom subdomain brute-force wordlist from a list of CIDRs/IP ranges - [Enumerate AWS SSL Certificates](https://trickest.com/docs/library/attack-surface-management/workflows/enumerate-aws-ssl-certificates.md): Scan AWS's IP space to enumerate SSL certificates info like CNs, SANs, and SOs., and more. - [Enumerate AWS web servers](https://trickest.com/docs/library/attack-surface-management/workflows/enumerate-aws-web-servers.md): Scan AWS's IP space for http ports as seen on https://trickest.com/blog/cloudflare-bypass-discover-ip-addresses-aws and https://trickest.com/blog/hundreds-of-ssrfs - [Enumerate cloud resources](https://trickest.com/docs/library/attack-surface-management/workflows/enumerate-cloud-resources.md): Find cloud resources across different providers based on a target's name and hostnames - [Enumerate GCP web servers](https://trickest.com/docs/library/attack-surface-management/workflows/enumerate-gcp-web-servers.md): Scan GCP's IP space for http ports as seen on https://trickest.com/blog/cloudflare-bypass-discover-ip-addresses-aws and https://trickest.com/blog/hundreds-of-ssrfs - [Find a server's origin IP address](https://trickest.com/docs/library/attack-surface-management/workflows/find-a-server-origin-ip-address.md): Search for the origin IP address of a web server by scanning a list of IP addresses as seen on https://trickest.com/blog/cloudflare-bypass-discover-ip-addresses-aws and https://trickest.com/blog/hu… - [Full Subdomain Enumeration](https://trickest.com/docs/library/attack-surface-management/workflows/full-subdomain-enumeration.md): Enumerate subdomains for a list of domains using multiple effective techniques. Follow along the workflow creation process on https://trickest.com/blog/full-subdomain-brute-force-discovery-using-wo… - [Get IPs and CNAMEs](https://trickest.com/docs/library/attack-surface-management/workflows/get-ips-and-cnames.md): Get a list of IP addresses and CNAME values from a list of hosts. - [Hostnames S3 Bucket Finder](https://trickest.com/docs/library/attack-surface-management/workflows/hostnames-s3-bucket-finder.md): Find s3 buckets by permutations of already known hostnames. - [Inventory 1.0](https://trickest.com/docs/library/attack-surface-management/workflows/inventory-1-0.md): Create a comprehensive and organized asset inventory of one or more companies - Check out the inventories of public bug bounty programs on https://github.com/trickest/inventory - [Inventory 1.0](https://trickest.com/docs/library/attack-surface-management/workflows/inventory-1.0.md): Create a comprehensive and organized asset inventory of one or more companies - Check out the inventories of public bug bounty programs on https://github.com/trickest/inventory - [Inventory 2.0 - Cloud Assets](https://trickest.com/docs/library/attack-surface-management/workflows/inventory-2-0-cloud-assets.md): Enumerate cloud assets for a list of companies/hosts, across AWS, GCP, Azure, DigitalOcean, Linode, and other cloud providers. Check out the cloud assets of public bug bounty programs on https://gi… - [Inventory 2.0 - Hostnames](https://trickest.com/docs/library/attack-surface-management/workflows/inventory-2-0-hostnames.md): Enumerate hostnames/subdomains for a list of domains using multiple passive and active techniques. Check out the hostnames of public bug bounty programs on https://github.com/trickest/inventory - [Inventory 2.0 - Web Servers](https://trickest.com/docs/library/attack-surface-management/workflows/inventory-2-0-web-servers.md): Find live web servers for a list of subdomains. Check out the web servers of public bug bounty programs on https://github.com/trickest/inventory - [Inventory 3.0](https://trickest.com/docs/library/attack-surface-management/workflows/inventory-3-0.md): Completely Transparent Attack Surface Management designed to monitor companies for new assets and streamline the asset management through easily readable CSV files. - [IP Ranges Port Scan](https://trickest.com/docs/library/attack-surface-management/workflows/ip-ranges-port-scan.md): Port-scan a list of IP ranges - [Levels-deep Subdomain Enumeration](https://trickest.com/docs/library/attack-surface-management/workflows/levels-deep-subdomain-enumeration.md): Discover overlooked assets by enumerating subdomains, sub-subdomains, sub-sub-subdomains, ... - [Mass Web Server Discovery](https://trickest.com/docs/library/attack-surface-management/workflows/mass-web-server-discovery.md): Efficiently discover live web servers across a large list of hosts - [ProjectDiscovery Chaos - Gatherer](https://trickest.com/docs/library/attack-surface-management/workflows/projectdiscovery-chaos-gatherer.md): Gather all subdomains from ProjectDiscovery's Chaos. - [Resolve and port scan a list of hosts](https://trickest.com/docs/library/attack-surface-management/workflows/resolve-and-port-scan-a-list-of-hosts.md): Resolving host names first can lead to a faster port scan and give you more visibility into your target's IP space - [Screenshots and Analysis](https://trickest.com/docs/library/attack-surface-management/workflows/screenshots-and-analysis.md): Take screenshots of a list of web servers (in parallel) and analyze the screenshots using eyeballer - [Simple Visual Recon](https://trickest.com/docs/library/attack-surface-management/workflows/simple-visual-recon.md): Find subdomains, check for available web servers and screenshot them. - [Subdomain Enumeration - @trick3st_bot Edition](https://trickest.com/docs/library/attack-surface-management/workflows/subdomain-enumeration-trick3st-bot-edition.md): The workflow that powers the subdomain enumeration feature of the best security automation Twitter bot https://twitter.com/trick3st_bot - [Subdomain Enumeration - @trick3st_bot Edition](https://trickest.com/docs/library/attack-surface-management/workflows/subdomain-enumeration-trick3stbot-edition.md): The workflow that powers the subdomain enumeration feature of the best security automation Twitter bot https://twitter.com/trick3st_bot - [Subdomain Port Scan](https://trickest.com/docs/library/attack-surface-management/workflows/subdomain-port-scan.md): Resolve and port-scan a list of subdomains - [Cloud Storage Tools](https://trickest.com/docs/library/cloud-storage/tools.md): Explore a collection of powerful and efficient tools in the Cloud Storage category to enhance your productivity and security. - [mass3](https://trickest.com/docs/library/cloud-storage/tools/mass3.md): Quickly enumerate through a pre-compiled list of AWS S3 buckets using DNS instead of HTTP with a list of DNS resolvers and multi-threading. Warning: Be aware that this is really shitty golang code.… - [s3reverse](https://trickest.com/docs/library/cloud-storage/tools/s3reverse.md): The format of various s3 buckets is convert in one format. for bugbounty and security testing. - [s3scanner](https://trickest.com/docs/library/cloud-storage/tools/s3scanner.md): A tool to find open S3 buckets and dump their contents. - [scant3r](https://trickest.com/docs/library/cloud-storage/tools/scant3r.md): Scant3r Scans all URLs with multiple HTTP Methods and Tries to look for bugs with basic exploits from Headers and URL Parameters By chaining waybackurls or gau with Scant3r you will have more time… - [Containers Tools](https://trickest.com/docs/library/containers/tools.md): Explore a collection of powerful and efficient tools in the Containers category to enhance your productivity and security. - [trivy-ecr-scan](https://trickest.com/docs/library/containers/tools/trivy-ecr-scan.md): Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues - [trivy-image-scan](https://trickest.com/docs/library/containers/tools/trivy-image-scan.md): Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues - [Workflows](https://trickest.com/docs/library/content-discovery/workflows.md): Explore a collection of powerful and efficient workflows in the Content Discovery category to enhance your productivity and security. - [APK Discovery - Urls & Paths](https://trickest.com/docs/library/content-discovery/workflows/apk-discovery-urls-and-paths.md): Find URLs & Paths in an APK file - [Brute-Force Files & Directories on a List of Hosts](https://trickest.com/docs/library/content-discovery/workflows/brute-force-files-and-directories-on-a-list-of-hosts.md): Fuzz a list of hosts for files/directories with a wordlist - [Brute-Force Parameters - Single URL](https://trickest.com/docs/library/content-discovery/workflows/brute-force-parameters-single-url.md): Get all of the parameters that are used by a single url passed. - [Check URLs and send notification on diff](https://trickest.com/docs/library/content-discovery/workflows/check-urls-and-send-notification-on-diff.md): Take a list of URLs, request them, and send notification if changes occur in title, status code or content-length - [Crawl URLs and Discover JavaScript URLs & Endpoints](https://trickest.com/docs/library/content-discovery/workflows/crawl-urls-and-discover-javascript-urls-and-endpoints.md): Crawl a web host and extract endpoints and URLs from its JavaScript code - [Crawl URLs and Discover JavaScript URLs & Endpoints](https://trickest.com/docs/library/content-discovery/workflows/crawl-urls-and-discover-javascript-urls-endpoints.md): Crawl a web host and extract endpoints and URLs from its JavaScript code - [Custom Parameter Discovery Wordlist](https://trickest.com/docs/library/content-discovery/workflows/custom-parameter-discovery-wordlist.md): Collect URLs of a list of domains and generate a custom parameter discovery wordlist - [Fuzz URL levels](https://trickest.com/docs/library/content-discovery/workflows/fuzz-url-levels.md): Enumerate URLs for a host, then use a wordlist to fuzz for additional directories at each level. - [Fuzz URL Levels - Multiple](https://trickest.com/docs/library/content-discovery/workflows/fuzz-url-levels-multiple.md): Enumerate URLs for a list of hosts, then use a wordlist to fuzz for additional directories at each level. - [Get All Public Urls](https://trickest.com/docs/library/content-discovery/workflows/get-all-public-urls.md): Get all archived urls for a list of subdomains. - [Get all urls and classify by vulnerability type](https://trickest.com/docs/library/content-discovery/workflows/get-all-urls-and-classify-by-vulnerability-type.md): This workflow is used to gather ALL URLs and sort them by common vulnerabilities - [Get Firebase Databases from Hosts](https://trickest.com/docs/library/content-discovery/workflows/get-firebase-databases-from-hosts.md): Permutate and alter hosts in order to find firebase instances. - [Inventory 2.0 - URL enumeration](https://trickest.com/docs/library/content-discovery/workflows/inventory-2-0-url-enumeration.md): Enumerate URLs from passive sources and classify them based on potential vulnerabilities. Check out the URLs of public bug bounty programs on https://github.com/trickest/inventory - [Inventory 2.0 - Web Spider](https://trickest.com/docs/library/content-discovery/workflows/inventory-2-0-web-spider.md): Actively crawl a list of web servers. Check out the crawled URLs of public bug bounty programs on https://github.com/trickest/inventory - [JavaScript Links and Paths](https://trickest.com/docs/library/content-discovery/workflows/javascript-links-and-paths.md): Find URLs/endpoints in a list of JavaScript files - [NPM Wordlist & NPM Package Finder](https://trickest.com/docs/library/content-discovery/workflows/npm-wordlist-and-npm-package-finder.md): Find package.json files on list of hosts by creating wordlist by cloning OneListForAll and then brute-forcing list of hosts. - [NPM Wordlist & NPM Package Finder](https://trickest.com/docs/library/content-discovery/workflows/npm-wordlist-npm-package-finder.md): Find package.json files on list of hosts by creating wordlist by cloning OneListForAll and then brute-forcing list of hosts. - [Simple Content Discovery](https://trickest.com/docs/library/content-discovery/workflows/simple-content-discovery.md): Enumerate subdomains and discover URLs through multiple ways - [Single Web App Fuzz](https://trickest.com/docs/library/content-discovery/workflows/single-web-app-fuzz.md): Fuzz and spider a web application, get responses and zip files for further examination. - [Spider All Subdomains](https://trickest.com/docs/library/content-discovery/workflows/spider-all-subdomains.md): Spider all subdomains and merge all results. - [Ultimate Web Brute-Forcer](https://trickest.com/docs/library/content-discovery/workflows/ultimate-web-brute-forcer.md): Get all possible URLs for a web app through js extraction, fuzzing per dir level, wayback archive, remove false positives and do everything in parallel - [Virtual Host Discovery](https://trickest.com/docs/library/content-discovery/workflows/virtual-host-discovery.md): Enumerate virtual hosts - [Discovery Tools](https://trickest.com/docs/library/discovery/tools.md): Explore a collection of powerful and efficient tools in the Discovery category to enhance your productivity and security. - [404checker](https://trickest.com/docs/library/discovery/tools/404checker.md): Auxiliary script thought to be used in Red Team exercises to check if a URL redirects to a masked 404 (such as 200 that redirects to a Not found page or similars). URLs must be passed sorted in ord… - [anew](https://trickest.com/docs/library/discovery/tools/anew.md): Append lines from stdin to a file, but only if they don't already appear in the file. Outputs new lines to stdout too, making it a bit like a tee -a that removes duplicates. - [apkurlgrep](https://trickest.com/docs/library/discovery/tools/apkurlgrep.md): ApkUrlGrep is a tool that allows extract endpoints from APK files. - [aquatone](https://trickest.com/docs/library/discovery/tools/aquatone.md): Aquatone is a tool for visual inspection of websites across a large number of hosts and is convenient for quickly gaining an overview of HTTP-based attack surface. - [aws-s3-data-finder](https://trickest.com/docs/library/discovery/tools/aws-s3-data-finder.md): Find suspicious files (e.g. data backups, PII, credentials) across a large set of AWS S3 buckets and write the first 200k keys (by default) of listable buckets to a .json or .xml file (in buckets/)… - [bfac](https://trickest.com/docs/library/discovery/tools/bfac.md): BFAC (Backup File Artifacts Checker) is an automated tool that checks for backup artifacts that may disclose the web-application's source code. The artifacts can also lead to leakage of sensitive i… - [cariddi](https://trickest.com/docs/library/discovery/tools/cariddi.md): Take a list of domains, crawl URLs, and scan for endpoints, secrets, API keys, file extensions, tokens, and more... - [carlospolop-hakoriginfinder](https://trickest.com/docs/library/discovery/tools/carlospolop-hakoriginfinder.md): Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs! - [cloudscraper](https://trickest.com/docs/library/discovery/tools/cloudscraper.md): CloudScraper is a Tool to spider and scrape targets in search of cloud resources. Plug in a URL and it will spider and search the source of spidered pages for strings such as 's3.amazonaws.com', 'w… - [crawlergo](https://trickest.com/docs/library/discovery/tools/crawlergo.md): A powerful browser crawler for web vulnerability scanners - [dirsearch](https://trickest.com/docs/library/discovery/tools/dirsearch.md): Web path scanner - [dora](https://trickest.com/docs/library/discovery/tools/dora.md): Find exposed API keys based on RegEx and get exploitation methods for some of the keys that are found. - [fallparams](https://trickest.com/docs/library/discovery/tools/fallparams.md): Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist - [feroxbuster](https://trickest.com/docs/library/discovery/tools/feroxbuster.md): A fast, simple, recursive content discovery tool written in Rust. - [fuzzuli](https://trickest.com/docs/library/discovery/tools/fuzzuli.md): URL fuzzing tool that aims to find critical backup files by creating a dynamic wordlist based on the domain. - [gau](https://trickest.com/docs/library/discovery/tools/gau.md): getallurls (gau) fetches known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl for any given domain. - [gauplus](https://trickest.com/docs/library/discovery/tools/gauplus.md): A modified version of (http://wwww.github.com/lc/gau) - [getjs](https://trickest.com/docs/library/discovery/tools/getjs.md): getJS is a tool to extract all the javascript files from a set of given urls. The urls can also be piped to gets, or you can specify a single url. - [git-wild-hunt](https://trickest.com/docs/library/discovery/tools/git-wild-hunt.md): A tool to hunt for credentials in the GitHub wild AKA git*hunt. - [gittools-dumper](https://trickest.com/docs/library/discovery/tools/gittools-dumper.md): Download .git repositories from webservers which do not have directory listing enabled - [gittools-dumper-extractor](https://trickest.com/docs/library/discovery/tools/gittools-dumper-extractor.md): Download .git repositories from webservers which do not have directory listing enabled and try to recover incomplete repositories - [gittools-extractor](https://trickest.com/docs/library/discovery/tools/gittools-extractor.md): Try to recover incomplete git repositories; this can be used in combination with gittools-dumper in case the downloaded repository is incomplete - [gittools-finder](https://trickest.com/docs/library/discovery/tools/gittools-finder.md): Identify websites with publicly accessible .git repositories - [gobuster-dir](https://trickest.com/docs/library/discovery/tools/gobuster-dir.md): A tool to brute-force directories and files in web sites. - [golinkfinder](https://trickest.com/docs/library/discovery/tools/golinkfinder.md): A minimal JS endpoint extractor. It's used to extract endpoints in both HTML source and embedded javascript files. Useful for bug hunters, red teamers, infosec ninjas. - [gospider](https://trickest.com/docs/library/discovery/tools/gospider.md): Fast web spider written in Go - [gowitness](https://trickest.com/docs/library/discovery/tools/gowitness.md): gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process result… - [gowitness-db](https://trickest.com/docs/library/discovery/tools/gowitness-db.md): gowitness version that outputs a sqlite3 database. gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command… - [gowitness-nmap](https://trickest.com/docs/library/discovery/tools/gowitness-nmap.md): gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line, with a handy report viewer to process result… - [hakcheckurl](https://trickest.com/docs/library/discovery/tools/hakcheckurl.md): Takes a list of URLs and returns their HTTP response codes. - [hakrawler](https://trickest.com/docs/library/discovery/tools/hakrawler.md): Fast golang web crawler for gathering URLs and JavaSript file locations. This is basically a simple implementation of the awesome Gocolly library. - [httpx-screenshot](https://trickest.com/docs/library/discovery/tools/httpx-screenshot.md): Take screenshots with httpx. Httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increas… - [httpx-screenshot-zip](https://trickest.com/docs/library/discovery/tools/httpx-screenshot-zip.md): Take screenshots with httpx and export them to a zip archive. Httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain th… - [jsluice](https://trickest.com/docs/library/discovery/tools/jsluice.md): Extract URLs, paths, secrets, and other interesting bits from JavaScript - [katana](https://trickest.com/docs/library/discovery/tools/katana.md): A next-generation crawling and spidering framework. - [kiterunner](https://trickest.com/docs/library/discovery/tools/kiterunner.md): Kiterunner is a tool that is capable of not only performing traditional content discovery at lightning-fast speeds but also brute-forcing routes/endpoints in modern applications. - [linkfinder](https://trickest.com/docs/library/discovery/tools/linkfinder.md): LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. It does so by using jsbeautifier for python in combination with a fairly large regular expressi… - [mass-gitfinder](https://trickest.com/docs/library/discovery/tools/mass-gitfinder.md): Identify websites with publicly accessible .git repositories - [mass-linkfinder](https://trickest.com/docs/library/discovery/tools/mass-linkfinder.md): A wrapper around LinkFinder to input a list of JS URLs. LinkFinder is a python script written to discover endpoints and their parameters in JavaScript files. It does so by using jsbeautifier for py… - [meg](https://trickest.com/docs/library/discovery/tools/meg.md): Meg is a tool for fetching lots of URLs but still being 'nice' to servers. It can be used to fetch many paths for many hosts; fetching one path for all hosts before moving on to the next path and r… - [scanless](https://trickest.com/docs/library/discovery/tools/scanless.md): This is a Python 3 command-line utility and library for using websites that can perform port scans on your behalf. Scanners list: hackertaget: https://hackertarget.com; ipfingerprints: https://www.… - [securitytrails-sql](https://trickest.com/docs/library/discovery/tools/securitytrails-sql.md): Query Securitytrails API endpoint and embed the desired SQL queries. - [sourcemapper](https://trickest.com/docs/library/discovery/tools/sourcemapper.md): Extract JavaScript source trees from Sourcemap files - [swagger-jacker](https://trickest.com/docs/library/discovery/tools/swagger-jacker.md): A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files. - [urlfinder](https://trickest.com/docs/library/discovery/tools/urlfinder.md): A high-speed tool for passively gathering URLs, optimized for efficient and comprehensive web asset discovery without active scanning. - [urlhunter](https://trickest.com/docs/library/discovery/tools/urlhunter.md): Urlhunter is a recon tool that allows searching on URLs that are exposed via shortener services such as bit.ly and goo.gl. The project is written in Go. It works by brute forcing the URL shortener… - [wappalyzer](https://trickest.com/docs/library/discovery/tools/wappalyzer.md): Wappalyzer identifies technologies on websites, including content management systems, eCommerce platforms, JavaScript frameworks, analytics tools and much more. - [waybackrobots](https://trickest.com/docs/library/discovery/tools/waybackrobots.md): Enumerate old versions of robots.txt paths using Wayback Machine for content discovery - [webanalyze](https://trickest.com/docs/library/discovery/tools/webanalyze.md): This is a port of Wappalyzer in Go. This tool is designed to be performant and allows to test huge lists of hosts. - [webscreenshot](https://trickest.com/docs/library/discovery/tools/webscreenshot.md): A simple script to screenshot a list of websites, based on the url-to-image PhantomJS script. - [witnessme-grab](https://trickest.com/docs/library/discovery/tools/witnessme-grab.md): WitnessMe grab mode. WitnessMe is a primarily a Web Inventory tool inspired by Eyewitness, its also written to be extensible allowing you to create custom functionality that can take advantage of… - [witnessme-screenshot](https://trickest.com/docs/library/discovery/tools/witnessme-screenshot.md): WitnessMe screenshot mode. WitnessMe is a primarily a Web Inventory tool inspired by Eyewitness, its also written to be extensible allowing you to create custom functionality that can take advanta… - [xnlinkfinder](https://trickest.com/docs/library/discovery/tools/xnlinkfinder.md): A python tool used to discover endpoints (and potential parameters) for a given target - [xurlfind3r](https://trickest.com/docs/library/discovery/tools/xurlfind3r.md): xurlfind3r is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources. - [Fuzzing Tools](https://trickest.com/docs/library/fuzzing/tools.md): Explore a collection of powerful and efficient tools in the Fuzzing category to enhance your productivity and security. - [crithit](https://trickest.com/docs/library/fuzzing/tools/crithit.md): Website Directory and file brute forcing at extreme scale. CritHit takes a single wordlist item and tests it one by one over a large collection of hosts before moving onto the next wordlist item. T… - [ffuf](https://trickest.com/docs/library/fuzzing/tools/ffuf.md): A fast web fuzzer written in Go. - [ffuf-multi](https://trickest.com/docs/library/fuzzing/tools/ffuf-multi.md): A fast web fuzzer written in Go. - [ffuf-multi-od](https://trickest.com/docs/library/fuzzing/tools/ffuf-multi-od.md): A fast web fuzzer written in Go. - [ffuf-od](https://trickest.com/docs/library/fuzzing/tools/ffuf-od.md): A fast web fuzzer written in Go. - [ffuf-virtual-hosts](https://trickest.com/docs/library/fuzzing/tools/ffuf-virtual-hosts.md): A fast web fuzzer written in Go, packaged for virtual host discovery - [medusa](https://trickest.com/docs/library/fuzzing/tools/medusa.md): Fastest recursive HTTP fuzzer, like a Ferrari. Known issues socket: too many open file The solution to this is to increase ulimit, you can solve this problem by typing ulimit -n 8129 before runn… - [paramspider](https://trickest.com/docs/library/fuzzing/tools/paramspider.md): Finds parameters from web archives of the entered domain. Finds parameters from subdomains as well. Gives support to exclude urls with specific extensions. It mines the parameters from web archives… - [shortscan](https://trickest.com/docs/library/fuzzing/tools/shortscan.md): An IIS short filename enumeration tool - [wfuzz](https://trickest.com/docs/library/fuzzing/tools/wfuzz.md): Wfuzz can be used to look for hidden content, such as files and directories, within a web server, allowing to find further attack vectors. It is worth noting that, the success of this task depends… - [x8](https://trickest.com/docs/library/fuzzing/tools/x8.md): The tool helps to find hidden parameters that can be vulnerable or can reveal interesting functionality that other hunters miss. Greater accuracy is achieved thanks to the line-by-line comparison o… - [Trickest Library](https://trickest.com/docs/library/introduction.md): Explore the components of the Trickest platform - [Machine Learning Tools](https://trickest.com/docs/library/machine-learning/tools.md): Explore a collection of powerful and efficient tools in the Machine Learning category to enhance your productivity and security. - [eyeballer](https://trickest.com/docs/library/machine-learning/tools/eyeballer.md): Eyeballer is meant for large-scope network penetration tests where you need to find interesting targets from a huge set of web-based hosts. Go ahead and use your favorite screenshotting tool like n… - [Misconfiguration Tools](https://trickest.com/docs/library/misconfiguration/tools.md): Explore a collection of powerful and efficient tools in the Misconfiguration category to enhance your productivity and security. - [crlfuzz](https://trickest.com/docs/library/misconfiguration/tools/crlfuzz.md): A fast tool to scan CRLF vulnerability written in Go - [gitjacker](https://trickest.com/docs/library/misconfiguration/tools/gitjacker.md): Gitjacker downloads git repositories and extracts their contents from sites where the .git directory has been mistakenly uploaded. It will still manage to recover a significant portion of a reposit… - [hinject](https://trickest.com/docs/library/misconfiguration/tools/hinject.md): Host Header Injection Vulnerability Checker - [snallygaster](https://trickest.com/docs/library/misconfiguration/tools/snallygaster.md): snallygaster is a tool that looks for files accessible on web servers that shouldn't be public and can pose a security risk. Typical examples include publicly accessible git repositories, backup fi… - [subjack](https://trickest.com/docs/library/misconfiguration/tools/subjack.md): Subjack is a Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool reall… - [whatweb](https://trickest.com/docs/library/misconfiguration/tools/whatweb.md): WhatWeb identifies websites. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and… - [Attack Surface Management Modules](https://trickest.com/docs/library/modules/attack-surface-management.md): Explore a collection of powerful and efficient modules in the Attack Surface Management category to enhance your workflows. - [Enumerate DNS Records](https://trickest.com/docs/library/modules/attack-surface-management/enumerate-dns-records.md): Enumerate DNS records for a list of hostnames, IP addresses, or IP ranges - [Enumerate Hostnames via Crawling](https://trickest.com/docs/library/modules/attack-surface-management/enumerate-hostnames-via-crawling.md): Enumerate subdomains by crawling web servers and analyzing their HTML content and headers - [Enumerate Hostnames via DNS Permutations Brute Force](https://trickest.com/docs/library/modules/attack-surface-management/enumerate-hostnames-via-dns-permutations-brute-force.md): Enumerate hostnames by checking for permutations of known hostnames - [Enumerate Hostnames via OSINT Sources](https://trickest.com/docs/library/modules/attack-surface-management/enumerate-hostnames-via-osint-sources.md): Enumerate subdomains and hostnames passively using OSINT data sources - [Enumerate Hostnames via Recursive DNS Brute Force](https://trickest.com/docs/library/modules/attack-surface-management/enumerate-hostnames-via-recursive-dns-brute-force.md): Enumerate sub-subdomains of a list of hostnames using DNS brute force on the most likely hostnames - [Enumerate Hostnames via Root Domain DNS Brute Force](https://trickest.com/docs/library/modules/attack-surface-management/enumerate-hostnames-via-root-domain-dns-brute-force.md): Enumerate subdomains of a list of domains via DNS brute force - [Fingerprint Network Services](https://trickest.com/docs/library/modules/attack-surface-management/fingerprint-network-services.md): Identify services running on network ports - [Fingerprint Web Technologies](https://trickest.com/docs/library/modules/attack-surface-management/fingerprint-web-technologies.md): Identify technologies running on a list of web servers - [Generate Custom DNS Wordlists](https://trickest.com/docs/library/modules/attack-surface-management/generate-custom-dns-wordlists.md): Generate custom DNS brute force wordlists using known hostnames - [Probe for Web Servers](https://trickest.com/docs/library/modules/attack-surface-management/probe-for-web-servers.md): Probe for web servers on a list of hostnames, IP addresses, or IP ranges - [Scan for Open Ports](https://trickest.com/docs/library/modules/attack-surface-management/scan-for-open-ports.md): Scan for the top 1000 most common open ports on a list of hostnames, IP addresses, or IP ranges - [Content Discovery Modules](https://trickest.com/docs/library/modules/content-discovery.md): Explore a collection of powerful and efficient modules in the Content Discovery category to enhance your workflows. - [Discover Paths via Crawling](https://trickest.com/docs/library/modules/content-discovery/discover-paths-via-crawling.md): Crawl a list of web server URLs to discover endpoints and form a comprehensive map of each asset on your attack surface - [Discover Paths via Directory Brute Force](https://trickest.com/docs/library/modules/content-discovery/discover-paths-via-directory-brute-force.md): Brute force a list of web server URLs to discover hidden paths and endpoints - [Discover Paths via OSINT Sources](https://trickest.com/docs/library/modules/content-discovery/discover-paths-via-osint-sources.md): Search OSINT sources for a list of hosts to discover hidden paths and endpoints - [Utilities Modules](https://trickest.com/docs/library/modules/utilities.md): Explore a collection of powerful and efficient modules in the Utilities category to enhance your workflows. - [Generate Scan Report](https://trickest.com/docs/library/modules/utilities/generate-scan-report.md): Aggregates diverse data types from various modules into a consolidated, easy-to-review report - [Get Cookies via Puppeteer Recording](https://trickest.com/docs/library/modules/utilities/get-cookies-via-puppeteer-recording.md): Process a Puppeteer script that records an authentication flow and generate a Cookie header. - [Get Data from Dataset](https://trickest.com/docs/library/modules/utilities/get-data-from-dataset.md): Get data from a solution's dataset - [Vulnerability Scanning Modules](https://trickest.com/docs/library/modules/vulnerability-scanning.md): Explore a collection of powerful and efficient modules in the Vulnerability Scanning category to enhance your workflows. - [Analyze JavaScript Code](https://trickest.com/docs/library/modules/vulnerability-scanning/analyze-javascript-code.md): Identify vulnerabilities, collect useful data, and prepare JavaScript code for manual review - [Fuzz Web Applications for Vulnerabilities](https://trickest.com/docs/library/modules/vulnerability-scanning/fuzz-web-applications-for-vulnerabilities.md): Scan for vulnerabilities in web applications actively by crawling the app and fuzzing inputs - [Scan for Exposed Admin Panels](https://trickest.com/docs/library/modules/vulnerability-scanning/scan-for-exposed-admin-panels.md): Scan for web administrative panels that may provide an entry point to an asset, and check them for default credentials - [Scan for Exposed Backups](https://trickest.com/docs/library/modules/vulnerability-scanning/scan-for-exposed-backups.md): Scan for exposed backup files that may leak sensitive information - [Scan for Exposed Secrets](https://trickest.com/docs/library/modules/vulnerability-scanning/scan-for-exposed-secrets.md): Scan HTTP responses for exposed tokens, credentials, and other sensitive information - [Scan for Misconfigured Software](https://trickest.com/docs/library/modules/vulnerability-scanning/scan-for-misconfigured-software.md): Scan for web misconfigurations that can expose sensitive functionality - [Scan for Outdated Software](https://trickest.com/docs/library/modules/vulnerability-scanning/scan-for-outdated-software.md): Scan for outdated software with known publicly exploitable vulnerabilities from the CVE and CNVD databases - [Scan for Sensitive Files](https://trickest.com/docs/library/modules/vulnerability-scanning/scan-for-sensitive-files.md): Scan for exposed sensitive files that may leak sensitive information - [Scan for Technology-Specific Vulnerabilities](https://trickest.com/docs/library/modules/vulnerability-scanning/scan-for-technology-specific-vulnerabilities.md): Scan the identified technologies on your attack surface using tailored checks and methodologies for each - [Scan Network Services for Misconfigurations](https://trickest.com/docs/library/modules/vulnerability-scanning/scan-network-services-for-misconfigurations.md): Scan for network service misconfigurations that range from disclosing information and exposing sensitive functionality to enabling complete - [Scan Network Services for Weak Credentials](https://trickest.com/docs/library/modules/vulnerability-scanning/scan-network-services-for-weak-credentials.md): Scan the identified network services on your attack surface for weak credentials - [Network Tools](https://trickest.com/docs/library/network/tools.md): Explore a collection of powerful and efficient tools in the Network category to enhance your productivity and security. - [asnmap](https://trickest.com/docs/library/network/tools/asnmap.md): Go CLI for quickly mapping organization network ranges using ASN information. - [bass](https://trickest.com/docs/library/network/tools/bass.md): Bass aim's at maximizing your resolver count wherever it can by combining different valid dns servers from the targets DNS Providers & adding them to your initial set of public resolvers thereby al… - [decant](https://trickest.com/docs/library/network/tools/decant.md): Decant can be used to expand CIDR ranges into a list of IP addresses easily. - [decant-file](https://trickest.com/docs/library/network/tools/decant-file.md): Decant can be used to expand CIDR ranges into a list of IP addresses easily. - [dnsvalidator](https://trickest.com/docs/library/network/tools/dnsvalidator.md): Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. - [dnsvalidator-patch](https://trickest.com/docs/library/network/tools/dnsvalidator-patch.md): Maintains a list of IPv4 DNS servers by verifying them against baseline servers, and ensuring accurate responses. - [evilscan](https://trickest.com/docs/library/network/tools/evilscan.md): Nodejs Simple Network Scanner - [evilscan-loop](https://trickest.com/docs/library/network/tools/evilscan-loop.md): Nodejs Simple Network Scanner with a wrapper to run on a list of targets - [fingerprintx](https://trickest.com/docs/library/network/tools/fingerprintx.md): Standalone utility for service discovery on open ports. - [fping](https://trickest.com/docs/library/network/tools/fping.md): fping is a program like ping which uses the Internet Control Message Protocol (ICMP) echo request to determine if a target host is responding. fping differs from ping in that you can specify any n… - [get-asn-prefixes](https://trickest.com/docs/library/network/tools/get-asn-prefixes.md): Get prefixes by asn. - [httprobe](https://trickest.com/docs/library/network/tools/httprobe.md): Take a list of domains and probe for working http and https servers. - [httpx](https://trickest.com/docs/library/network/tools/httpx.md): Httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads - [ipinfo](https://trickest.com/docs/library/network/tools/ipinfo.md): Command Line Interface for the IPinfo API (IP geolocation and other types of IP data) - [mapcidr](https://trickest.com/docs/library/network/tools/mapcidr.md): Perform multiple operations for a given subnet/CIDR ranges. - [masscan](https://trickest.com/docs/library/network/tools/masscan.md): This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine. - [masscan-json](https://trickest.com/docs/library/network/tools/masscan-json.md): This is an Internet-scale port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second, from a single machine. - [naabu](https://trickest.com/docs/library/network/tools/naabu.md): Naabu is a port scanning tool written in Go that allows you to enumerate valid ports for hosts in a fast and reliable manner. It is a really simple tool that does fast SYN scans on the host/list of… - [netexec](https://trickest.com/docs/library/network/tools/netexec.md): NetExec (a.k.a nxc) is a network service exploitation tool that helps automate assessing the security of large networks. - [netscan](https://trickest.com/docs/library/network/tools/netscan.md): Scan a network for ports that are open on an ip/ip range, and ips that are in use on that network. - [nscan](https://trickest.com/docs/library/network/tools/nscan.md): Nscan is a fast Network scanner optimized for internet-wide scanning purposes and inspired by Masscan and Zmap. It has it's own tiny TCP/IP stack and uses Raw sockets to send TCP SYN probes. It doe… - [onesixtyone](https://trickest.com/docs/library/network/tools/onesixtyone.md): The SNMP protocol is a stateless, datagram oriented protocol. An SNMP scanner is a program that sends SNMP requests to multiple IP addresses, trying different community strings and waiting for a re… - [prips](https://trickest.com/docs/library/network/tools/prips.md): tool that prints the IP addresses in a given range - [prips-sh](https://trickest.com/docs/library/network/tools/prips-sh.md): Print the IP addresses in a given range. - [rustscan](https://trickest.com/docs/library/network/tools/rustscan.md): The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported). - [rustscan-loop](https://trickest.com/docs/library/network/tools/rustscan-loop.md): The Modern Port Scanner. Find ports quickly (3 seconds at its fastest). Run scripts through our scripting engine (Python, Lua, Shell supported). - [uncover](https://trickest.com/docs/library/network/tools/uncover.md): Quickly discover exposed hosts on the internet using multiple search engines. - [zmap](https://trickest.com/docs/library/network/tools/zmap.md): ZMap is a fast single packet network scanner designed for Internet-wide network surveys. - [OSINT Tools](https://trickest.com/docs/library/osint/tools.md): Explore a collection of powerful and efficient tools in the OSINT category to enhance your productivity and security. - [dnsdumpster-dns-lookup](https://trickest.com/docs/library/osint/tools/dnsdumpster-dns-lookup.md): Look up DNS records on DNSDumpster - [dnsdumpster-host-search](https://trickest.com/docs/library/osint/tools/dnsdumpster-host-search.md): Look up a host on DNSDumpster - [dnstwist](https://trickest.com/docs/library/osint/tools/dnstwist.md): See what sort of trouble users can get in trying to type your domain name. Find lookalike domains that adversaries can use to attack you. Can detect typosquatters, phishing attacks, fraud, and bran… - [enumerepo](https://trickest.com/docs/library/osint/tools/enumerepo.md): List all public repositories for (valid) Github usernames - [favup](https://trickest.com/docs/library/osint/tools/favup.md): Lookups for real IP starting from the favicon icon and using Shodan. - [infoga](https://trickest.com/docs/library/osint/tools/infoga.md): Infoga is a tool gathering email accounts informations (ip,hostname,country,...) from different public source (search engines, pgp key servers and shodan) and check if emails was leaked using havei… - [maigret](https://trickest.com/docs/library/osint/tools/maigret.md): Collect a dossier on a person by username from thousands of sites - [pastos](https://trickest.com/docs/library/osint/tools/pastos.md): Search for strings in paste sites - [pymeta](https://trickest.com/docs/library/osint/tools/pymeta.md): Search the web for files on a domain to download and extract metadata. This technique can be used to identify: domains, usernames, software/version numbers and naming conventions. - [shodan-download](https://trickest.com/docs/library/osint/tools/shodan-download.md): Download json.gz data from shodan. - [shodan-python](https://trickest.com/docs/library/osint/tools/shodan-python.md): Shodan is a search engine for Internet-connected devices. Google lets you search for websites, Shodan lets you search for devices. - [socialscan](https://trickest.com/docs/library/osint/tools/socialscan.md): Socialscan offers accurate and fast checks for email address and username usage on online platforms. Given an email or username, socialscan returns whether it is available, taken or invalid on onli… - [Passwords Tools](https://trickest.com/docs/library/passwords/tools.md): Explore a collection of powerful and efficient tools in the Passwords category to enhance your productivity and security. - [hydra](https://trickest.com/docs/library/passwords/tools/hydra.md): Parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consu… - [phpmyadmin-auth-bruteforce](https://trickest.com/docs/library/passwords/tools/phpmyadmin-auth-bruteforce.md): phpmyadmin-authentication-bruteforce is a tool designed to brute-force PHPMyAdmin authentification - [pydictor](https://trickest.com/docs/library/passwords/tools/pydictor.md): pydictor - A powerful and useful hacker dictionary builder for a brute-force attack - [ssb](https://trickest.com/docs/library/passwords/tools/ssb.md): Secure Shell Bruteforcer: A faster & simpler way to bruteforce SSH servers - [Recon Tools](https://trickest.com/docs/library/recon/tools.md): Explore a collection of powerful and efficient tools in the Recon category to enhance your productivity and security. - [aiodnsbrute](https://trickest.com/docs/library/recon/tools/aiodnsbrute.md): A Python 3.5+ tool that uses asyncio to brute force domain names asynchronously. It's fast. Benchmarks on small VPS hosts put around 100k DNS resolutions at 1.5-2mins. An amazon M3 box was used to… - [amass](https://trickest.com/docs/library/recon/tools/amass.md): The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. - [amass-intel](https://trickest.com/docs/library/recon/tools/amass-intel.md): The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. - [amass-json](https://trickest.com/docs/library/recon/tools/amass-json.md): The OWASP Amass Project performs network mapping of attack surfaces and external asset discovery using open source information gathering and active reconnaissance techniques. This version produces… - [analyticsrelationships](https://trickest.com/docs/library/recon/tools/analyticsrelationships.md): Get related domains / subdomains by looking at Google Analytics IDs - [assetfinder](https://trickest.com/docs/library/recon/tools/assetfinder.md): Find domains and subdomains potentially related to a given domain. - [bbot](https://trickest.com/docs/library/recon/tools/bbot.md): OSINT automation for hackers - [bevigil](https://trickest.com/docs/library/recon/tools/bevigil.md): bevigil-cli provides a unified command line interface and python library for using BeVigil OSINT API - [bigip-scanner](https://trickest.com/docs/library/recon/tools/bigip-scanner.md): Determine the running software version of a remote F5 BIG-IP management interface - [ccpy](https://trickest.com/docs/library/recon/tools/ccpy.md): Extracting URLs of a specific target based on the results of commoncrawl.org. - [cdncheck](https://trickest.com/docs/library/recon/tools/cdncheck.md): A utility to detect various technology for a given IP address. - [cero](https://trickest.com/docs/library/recon/tools/cero.md): Scrape domain names from SSL certificates of arbitrary hosts - [certsh-subdomains](https://trickest.com/docs/library/recon/tools/certsh-subdomains.md): Connect to the crt.sh database and get the subdomains of a domain - [chaos-client](https://trickest.com/docs/library/recon/tools/chaos-client.md): Go client to communicate with Chaos DB API. - [chronos](https://trickest.com/docs/library/recon/tools/chronos.md): Extract pieces of info from a web page's Wayback Machine history - [cloud-enum](https://trickest.com/docs/library/recon/tools/cloud-enum.md): Multi-cloud enumeration utility - [cloudlist](https://trickest.com/docs/library/recon/tools/cloudlist.md): Cloudlist is a tool for listing Assets from multiple Cloud Providers. - [crosslinked](https://trickest.com/docs/library/recon/tools/crosslinked.md): LinkedIn enumeration tool to extract valid employee names from an organization through search engine scraping - [csprecon](https://trickest.com/docs/library/recon/tools/csprecon.md): Discover new target domains using Content Security Policy - [dmut](https://trickest.com/docs/library/recon/tools/dmut.md): A tool written in golang to perform permutations, mutations and alteration of subdomains and brute force the result. - [dnsrecon](https://trickest.com/docs/library/recon/tools/dnsrecon.md): Author description - DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality… - [dnsx](https://trickest.com/docs/library/recon/tools/dnsx.md): dnsx is a fast and multi-purpose DNS toolkit allow to run multiple probers using retryabledns library, that allows you to perform multiple DNS queries of your choice with a list of user supplied re… - [dorky](https://trickest.com/docs/library/recon/tools/dorky.md): A tool to automate dorking of GitHub/GitLab - [favfreak](https://trickest.com/docs/library/recon/tools/favfreak.md): FavFreak takes a list of urls from stdin, fetches favicon.ico , calculate tha hash value and matches the calculated favicon hashes with the favicon hashes present in the fingerprint dictionary - [findomain](https://trickest.com/docs/library/recon/tools/findomain.md): The complete solution for domain recognition. Supports screenshotting, port scan, HTTP check, data import from other tools, subdomain monitoring. - [get-acq](https://trickest.com/docs/library/recon/tools/get-acq.md): GET-ACQ is a python tool used to gather all companies acquired by a given company domain name. It is done by calling SecurityTrails API. - [gh-downloader](https://trickest.com/docs/library/recon/tools/gh-downloader.md): Process GitHub Archive URLs and generate unique repositories and users CSV files - [gh-enhancer](https://trickest.com/docs/library/recon/tools/gh-enhancer.md): Process GitHub Archive URLs and generate unique repositories and users CSV files - [gh-investigator](https://trickest.com/docs/library/recon/tools/gh-investigator.md): Use the generated CSV files to get interesting information. - [gh-scraper](https://trickest.com/docs/library/recon/tools/gh-scraper.md): Process GitHub Archive URLs and generate unique repositories and users CSV files - [github-endpoints](https://trickest.com/docs/library/recon/tools/github-endpoints.md): Find endpoints on GitHub - [github-subdomains](https://trickest.com/docs/library/recon/tools/github-subdomains.md): Find subdomains on GitHub - [goaltdns](https://trickest.com/docs/library/recon/tools/goaltdns.md): GoAltdns is a permutation generation tool that can take a list of subdomains, permute them using a wordlist, insert indexes, numbers, dashes and increase your chance of finding that estoeric subdom… - [gobuster-dns](https://trickest.com/docs/library/recon/tools/gobuster-dns.md): A tool used to brute-force DNS subodmains(with wildcard support) - [gorks](https://trickest.com/docs/library/recon/tools/gorks.md): Search google dorks in the specified GCSE id - [gotator](https://trickest.com/docs/library/recon/tools/gotator.md): Gotator is a tool to generate DNS wordlists through permutations. - [hakrevdns](https://trickest.com/docs/library/recon/tools/hakrevdns.md): Small, fast, simple tool for performing reverse DNS lookups en masse. You feed it IP addresses, it returns hostnames. This can be a useful way of finding domains and subdomains belonging to a compa… - [haktrails](https://trickest.com/docs/library/recon/tools/haktrails.md): Golang client for querying SecurityTrails API data - [hosthunter](https://trickest.com/docs/library/recon/tools/hosthunter.md): A tool to efficiently discover and extract hostnames providing a large set of target IP addresses. HostHunter utilises simple OSINT techniques to map IP addresses with virtual hostnames. It generat… - [jldc-subdomains](https://trickest.com/docs/library/recon/tools/jldc-subdomains.md): Get subdomains from jldc.me. - [massdns](https://trickest.com/docs/library/recon/tools/massdns.md): MassDNS is a simple high-performance DNS stub resolver targeting those who seek to resolve a massive amount of domain names in the order of millions or even billions. Without special configuration,… - [mksub](https://trickest.com/docs/library/recon/tools/mksub.md): Make subdomains using a wordlistRead a wordlist file (lowercase, remove [^a-zA-Z0-9-_.]+), filter unique words and generate subdomains. - [nrich](https://trickest.com/docs/library/recon/tools/nrich.md): Analyze a list of IP addresses and see which ones have open ports/vulnerabilities through Shodan - [oneforall](https://trickest.com/docs/library/recon/tools/oneforall.md): Multi-featured subdomain recon tool - [puredns](https://trickest.com/docs/library/recon/tools/puredns.md): Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries. - [second-order](https://trickest.com/docs/library/recon/tools/second-order.md): Crawler and second-order subdomain takeover scanner - [securitytrails-subdomains](https://trickest.com/docs/library/recon/tools/securitytrails-subdomains.md): Get subdomains for root domain from SecurityTrails. - [shuffledns](https://trickest.com/docs/library/recon/tools/shuffledns.md): shuffleDNS is a wrapper around massdns written in go that allows you to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard handling and easy input-output… - [spiderfoot](https://trickest.com/docs/library/recon/tools/spiderfoot.md): OSINT for threat intelligence and attack surface mapping - [subbrute](https://trickest.com/docs/library/recon/tools/subbrute.md): SubBrute is a community driven project with the goal of creating the fastest, and most accurate subdomain enumeration tool. Some of the magic behind SubBrute is that it uses open resolvers as a kin… - [subdomainizer](https://trickest.com/docs/library/recon/tools/subdomainizer.md): SubDomainizer is a tool designed to find hidden subdomains and secrets present is either webpage, Github, and external javascripts present in the given URL. - [subfinder](https://trickest.com/docs/library/recon/tools/subfinder.md): Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. Subfinder is b… - [sublist3r](https://trickest.com/docs/library/recon/tools/sublist3r.md): Sublist3r is a python tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Su… - [sudomy](https://trickest.com/docs/library/recon/tools/sudomy.md): Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting - [theharvester](https://trickest.com/docs/library/recon/tools/theharvester.md): E-mails, subdomains and names enumeration tool - [tlsx](https://trickest.com/docs/library/recon/tools/tlsx.md): Fast and configurable TLS grabber focused on TLS based data collection. - [vhostscan](https://trickest.com/docs/library/recon/tools/vhostscan.md): A virtual host scanner that can be used with pivot tools, detect catch-all scenarios, aliases and dynamic default pages. - [vita](https://trickest.com/docs/library/recon/tools/vita.md): Vita is a tool to gather subdomains from passive sources. - [waymore](https://trickest.com/docs/library/recon/tools/waymore.md): Find way more from the Wayback Machine - [whatwaf](https://trickest.com/docs/library/recon/tools/whatwaf.md): Detect and bypass web application firewalls and protection systems - [whatweb](https://trickest.com/docs/library/recon/tools/whatweb.md): WhatWeb identifies websites. WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and… - [whois-with-ripe](https://trickest.com/docs/library/recon/tools/whois-with-ripe.md): Get whois data through ripe.net - [whoisninja](https://trickest.com/docs/library/recon/tools/whoisninja.md): Reverse WHOIS lookup script - [xsubfind3r](https://trickest.com/docs/library/recon/tools/xsubfind3r.md): xsubfind3r is designed to efficiently identify known subdomains of given domains by tapping into a multitude of curated online passive sources. - [zdns](https://trickest.com/docs/library/recon/tools/zdns.md): Fast CLI DNS Lookup Tool - [zgrab2-http](https://trickest.com/docs/library/recon/tools/zgrab2-http.md): Fast Go Application Scanner - [zgrab2-http-simple](https://trickest.com/docs/library/recon/tools/zgrab2-http-simple.md): Fast Go Application Scanner, parsed to print out title status and content length - [zgrab2-jarm](https://trickest.com/docs/library/recon/tools/zgrab2-jarm.md): Fast Go Application Scanner - [zgrab2-multiple](https://trickest.com/docs/library/recon/tools/zgrab2-multiple.md): Fast Go Application Scanner - [zgrab2-tls](https://trickest.com/docs/library/recon/tools/zgrab2-tls.md): Fast Go Application Scanner - [Workflows](https://trickest.com/docs/library/recon/workflows.md): Explore a collection of powerful and efficient workflows in the Recon category to enhance your productivity and security. - [5WP Subdomain Recon by NahamSec](https://trickest.com/docs/library/recon/workflows/5wp-subdomain-recon-by-nahamsec.md): NahamSec's 5WP recon workflow to identify subdomains across multiple domains and different ports - [Scanners Tools](https://trickest.com/docs/library/scanners/tools.md): Explore a collection of powerful and efficient tools in the Scanners category to enhance your productivity and security. - [airixss](https://trickest.com/docs/library/scanners/tools/airixss.md): Finding XSS during recon - [alterx](https://trickest.com/docs/library/scanners/tools/alterx.md): Fast and customizable vulnerability scanner based on simple YAML based DSL. - [bomber](https://trickest.com/docs/library/scanners/tools/bomber.md): Scans SBoMs for security vulnerabilities - [broken-link-checker](https://trickest.com/docs/library/scanners/tools/broken-link-checker.md): Find broken links, missing images, etc within your HTML. - [chopchop](https://trickest.com/docs/library/scanners/tools/chopchop.md): ChopChop is a command-line tool for dynamic application security testing on web applications, initially written by the Michelin CERT.Its goal is to scan several endpoints and identify exposition of… - [cmseek](https://trickest.com/docs/library/scanners/tools/cmseek.md): CMSeeK is content management system(CMS) is detection & exploitation suite - [jaeles](https://trickest.com/docs/library/scanners/tools/jaeles.md): The Swiss Army knife for automated Web Application Testing - [joomscan](https://trickest.com/docs/library/scanners/tools/joomscan.md): OWASP Joomla! Vulnerability Scanner (JoomScan) is an open source project, developed with the aim of automating the task of vulnerability detection and reliability assurance in Joomla CMS deployment… - [nikto](https://trickest.com/docs/library/scanners/tools/nikto.md): Nikto is web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over… - [nikto-list](https://trickest.com/docs/library/scanners/tools/nikto-list.md): [DEPRECATED: use nikto directly instead] A wrapper around nikto with support for multiple targets. Nikto is web server scanner which performs comprehensive tests against web servers for multiple it… - [nomore403](https://trickest.com/docs/library/scanners/tools/nomore403.md): Advanced tool for security researchers to bypass 403/40X restrictions through smart techniques and adaptive request manipulation. Fast. Precise. Effective. - [nuclei](https://trickest.com/docs/library/scanners/tools/nuclei.md): Fast and customizable vulnerability scanner based on simple YAML based DSL. - [nuclei-markdown](https://trickest.com/docs/library/scanners/tools/nuclei-markdown.md): Run a Nuclei scan and export the results in markdown format. Nuclei is a fast and customizable vulnerability scanner based on simple YAML based DSL. - [patator](https://trickest.com/docs/library/scanners/tools/patator.md): Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage - [socialhunter](https://trickest.com/docs/library/scanners/tools/socialhunter.md): Crawls the website and finds broken social media links that can be hijacked - [sslyze](https://trickest.com/docs/library/scanners/tools/sslyze.md): Fast and powerful SSL/TLS scanner - [twa](https://trickest.com/docs/library/scanners/tools/twa.md): A tiny web auditor with strong opinions. - [twa-loop](https://trickest.com/docs/library/scanners/tools/twa-loop.md): A tiny web auditor with strong opinions. - [wafw00f](https://trickest.com/docs/library/scanners/tools/wafw00f.md): WAFW00F allows one to identify and fingerprint Web Application Firewall (WAF) products protecting a website. - [wapiti](https://trickest.com/docs/library/scanners/tools/wapiti.md): Web vulnerability scanner written in Python3 - [wascan](https://trickest.com/docs/library/scanners/tools/wascan.md): WAScan ((W)eb (A)pplication (Scan)ner) is a Open Source web application security scanner. It is designed to find various vulnerabilities using black-box method, that means it won't study the source… - [wpscan](https://trickest.com/docs/library/scanners/tools/wpscan.md): WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. - [wpscan-loop](https://trickest.com/docs/library/scanners/tools/wpscan-loop.md): WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. - [zap-api-scan](https://trickest.com/docs/library/scanners/tools/zap-api-scan.md): Run a full scan against an API defined by OpenAPI/Swagger, SOAP or GraphQL using ZAP - [zap-automation-framework](https://trickest.com/docs/library/scanners/tools/zap-automation-framework.md): Run ZAP via a single YAML file - [zap-full-scan](https://trickest.com/docs/library/scanners/tools/zap-full-scan.md): Run a full scan against a target URL using ZAP - [Workflows](https://trickest.com/docs/library/secret-discovery/workflows.md): Explore a collection of powerful and efficient workflows in the Secret Discovery category to enhance your productivity and security. - [Find secrets in GitHub gists](https://trickest.com/docs/library/secret-discovery/workflows/find-secrets-in-github-gists.md): Scan for secrets in a list of users' GitHub gists - [Get Secrets From WayBack HTTP Responses](https://trickest.com/docs/library/secret-discovery/workflows/get-secrets-from-wayback-http-responses.md): Gather all wayback urls, request them, and search for secrets inside of http responses. - [Search for leaks in Web Servers](https://trickest.com/docs/library/secret-discovery/workflows/search-for-leaks-in-web-servers.md): Starting with a list of web servers, search for leaked credentials, access tokens, and interesting endpoints in the responses (including JavaScript files) - [Social Engineering Tools](https://trickest.com/docs/library/social-engineering/tools.md): Explore a collection of powerful and efficient tools in the Social Engineering category to enhance your productivity and security. - [h8mail](https://trickest.com/docs/library/social-engineering/tools/h8mail.md): h8mail is an email OSINT and breach hunting tool using different breach and reconnaissance services. - [sherlock](https://trickest.com/docs/library/social-engineering/tools/sherlock.md): A tool for finding usernames across many social networks - [Static Code Analysis Tools](https://trickest.com/docs/library/static-code-analysis/tools.md): Explore a collection of powerful and efficient tools in the Static Code Analysis category to enhance your productivity and security. - [bandit](https://trickest.com/docs/library/static-code-analysis/tools/bandit.md): Bandit is a tool designed to find common security issues in Python code. To do this Bandit processes each file, builds an AST from it, and runs appropriate plugins against the AST nodes. Once Bandi… - [dawnscanner](https://trickest.com/docs/library/static-code-analysis/tools/dawnscanner.md): Dawnscanner is a source code scanner designed to review your ruby code for security issues.Dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are u… - [dumpsterdiver](https://trickest.com/docs/library/static-code-analysis/tools/dumpsterdiver.md): DumpsterDiver is a tool, which can analyze big volumes of data in search of hardcoded secrets like keys (e.g. AWS Access Key, Azure Share Key or SSH keys) or passwords. Additionally, it allows crea… - [dvcsripper-git](https://trickest.com/docs/library/static-code-analysis/tools/dvcsripper-git.md): Git ripper. It can rip repositories even when directory browsing is turned off. - [git-log4j](https://trickest.com/docs/library/static-code-analysis/tools/git-log4j.md): Git-LOG4J is checking if the git repo is using Log4J. Also, prints files that use LOG4J - [gitleaks](https://trickest.com/docs/library/static-code-analysis/tools/gitleaks.md): Gitleaks is a SAST tool for detecting hard coded secrets like passwords, API keys, and tokens in git repos. Gitleaks is an easy-to-use, all-in-one solution for finding secrets, past or present, in… - [gosec](https://trickest.com/docs/library/static-code-analysis/tools/gosec.md): Inspecting source code for security problems by scanning the Go AST. Rules can be found on the tool's Github page. Unfortunately, the recursive scan is not yet available on this platform, but it's… - [javascript-deobfuscator](https://trickest.com/docs/library/static-code-analysis/tools/javascript-deobfuscator.md): General purpose JavaScript deobfuscator - [leakos](https://trickest.com/docs/library/static-code-analysis/tools/leakos.md): Search leaks in a github org or in the responses of urls - [noseyparker](https://trickest.com/docs/library/static-code-analysis/tools/noseyparker.md): Nosey Parker is a command-line program that finds secrets and sensitive information in textual data and Git history. - [reposcanner](https://trickest.com/docs/library/static-code-analysis/tools/reposcanner.md): Reposcanner is a python script to search through the commit history of Git repositories looking for interesting strings such as API keys. - [retire-js](https://trickest.com/docs/library/static-code-analysis/tools/retire-js.md): There is a plethora of JavaScript libraries for use on the Web and in Node.JS apps out there. This greatly simplifies development,but we need to stay up-to-date on security fixes. Using Components… - [rex](https://trickest.com/docs/library/static-code-analysis/tools/rex.md): regexFinder gives the matches with a directory (or github repository) of the regexes, and saves the matches of found secrets in a json format. - [secretfinder](https://trickest.com/docs/library/static-code-analysis/tools/secretfinder.md): SecretFinder is a python script based on LinkFinder (version for burpsuite here), written to discover sensitive data like apikeys, accesstoken, authorizations, jwt,..etc in JavaScript files. It doe… - [semgrep-scan](https://trickest.com/docs/library/static-code-analysis/tools/semgrep-scan.md): Lightweight static analysis for many languages. Find bug variants with patterns that look like source code. - [trufflehog](https://trickest.com/docs/library/static-code-analysis/tools/trufflehog.md): Find credentials all over the place - [Workflows](https://trickest.com/docs/library/threat-intelligence/workflows.md): Explore a collection of powerful and efficient workflows in the Threat Intelligence category to enhance your productivity and security. - [Enumerate GitHub resources](https://trickest.com/docs/library/threat-intelligence/workflows/enumerate-github-resources.md): Enumerate a list of GitHub users' repositories and gists - [Enumerate GitHub users](https://trickest.com/docs/library/threat-intelligence/workflows/enumerate-github-users.md): Enumerate GitHub users connected to a particular organization - [Extensive OSINT](https://trickest.com/docs/library/threat-intelligence/workflows/extensive-osint.md): Collect IP addresses, open ports, vulnerabilities, technologies, DNS records, related domains, lookalike domains, documents, email addresses, and user accounts - [[GitHub Logs] Enhance repos](https://trickest.com/docs/library/threat-intelligence/workflows/github-logs-enhance-repos.md): Enhance the data of each repository by retrieving additional information about them through the GitHub API. - [[GitHub Logs] Enhance usernames](https://trickest.com/docs/library/threat-intelligence/workflows/github-logs-enhance-usernames.md): Enhance the data of each user by retrieving additional information about them through the GitHub API. - [[GitHub Logs] Extract info from GitHub Archive](https://trickest.com/docs/library/threat-intelligence/workflows/github-logs-extract-info-from-github-archive.md): Download and parse the GH Archive dataset to extract user and repository information - [Insiders](https://trickest.com/docs/library/threat-intelligence/workflows/insiders.md): Archive of Potential Insider Threats - Check out example results on https://github.com/trickest/insiders - [OSINT - List of Users](https://trickest.com/docs/library/threat-intelligence/workflows/osint-list-of-users.md): Collect social accounts, GitHub repositories, and GitHub gists for a list of users - [Shodan Threat Intelligence](https://trickest.com/docs/library/threat-intelligence/workflows/shodan-threat-intelligence.md): Get information from Shodan API, organize it into meaningful categories, get alternative org names, gather hostnames, web servers, screenshot them and port scan all the collected IP addresses. - [Utilities Tools](https://trickest.com/docs/library/utilities/tools.md): Explore a collection of powerful and efficient tools in the Utilities category to enhance your productivity and security. - [airtable-integration](https://trickest.com/docs/library/utilities/tools/airtable-integration.md): Airtable integration for importing/exporting/linking data. - [apktool-decode](https://trickest.com/docs/library/utilities/tools/apktool-decode.md): A tool for reverse engineering Android apk files - [assert-tool](https://trickest.com/docs/library/utilities/tools/assert-tool.md): Interprets a file as a list of values, checks if required conditions are met and exits with corresponding message and code. - [aws-route53-zones](https://trickest.com/docs/library/utilities/tools/aws-route53-zones.md): Extract all hosted zones from AWS Route53 - [batch-output](https://trickest.com/docs/library/utilities/tools/batch-output.md): Output file lines by batch size represented by START_LINE, END_LINE - [cent](https://trickest.com/docs/library/utilities/tools/cent.md): Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place. - [cewl](https://trickest.com/docs/library/utilities/tools/cewl.md): CeWL is a ruby app which spiders a given URL to a specified depth, optionally following external links, and returns a list of words which can then be used for password crackers such as John the Rip… - [clean-wordlist](https://trickest.com/docs/library/utilities/tools/clean-wordlist.md): Clean up a wordlist by running a series of regexes against it - [diff-trickest-files](https://trickest.com/docs/library/utilities/tools/diff-trickest-files.md): Diff an input file against a file from your Trickest file storage - [dnsgen](https://trickest.com/docs/library/utilities/tools/dnsgen.md): This tool generates a combination of domain names from the provided input. Combinations are created based on wordlist. Custom words are extracted per execution. - [docker-exec-sh](https://trickest.com/docs/library/utilities/tools/docker-exec-sh.md): Execute custom script for provided docker image - [dsieve](https://trickest.com/docs/library/utilities/tools/dsieve.md): Take a list of urls and filter or extract domains by level. - [duplicut](https://trickest.com/docs/library/utilities/tools/duplicut.md): Remove duplicates from a wordlist without sorting it to maintain order of probability. - [elasticsearch-index](https://trickest.com/docs/library/utilities/tools/elasticsearch-index.md): Manage attack surface data on Elasticsearch - [execute-nodejs](https://trickest.com/docs/library/utilities/tools/execute-nodejs.md): Execute a Node.js script - [export-to-azure-blob](https://trickest.com/docs/library/utilities/tools/export-to-azure-blob.md): Export a file or folder to Azure Blob Storage - [fgrep-by-string](https://trickest.com/docs/library/utilities/tools/fgrep-by-string.md): Fgrep content in files by input string. - [generate-yaml-report](https://trickest.com/docs/library/utilities/tools/generate-yaml-report.md): Generate a yaml report from the outputs of multiple tools - [get-trickest-files](https://trickest.com/docs/library/utilities/tools/get-trickest-files.md): Get a file from your Trickest file storage - [get-trickest-output](https://trickest.com/docs/library/utilities/tools/get-trickest-output.md): [DEPRECATED] Get trickest workflow output by node id. - [gf](https://trickest.com/docs/library/utilities/tools/gf.md): A wrapper around grep to avoid typing common patterns. - [gron](https://trickest.com/docs/library/utilities/tools/gron.md): Make JSON greppable - [httpie](https://trickest.com/docs/library/utilities/tools/httpie.md): HTTPie (pronounced aitch-tee-tee-pie) is a command-line HTTP client. Its goal is to make CLI interaction with web services as human-friendly as possible. HTTPie is designed for testing, debugging,… - [json2html](https://trickest.com/docs/library/utilities/tools/json2html.md): Convert complex JSON data to HTML Table representation - [mgwls](https://trickest.com/docs/library/utilities/tools/mgwls.md): mgwls is a simple script written in GO to merge 2 wordlists - [mkpath](https://trickest.com/docs/library/utilities/tools/mkpath.md): Make URL paths using a wordlist - [notify](https://trickest.com/docs/library/utilities/tools/notify.md): Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms. - [openai-file](https://trickest.com/docs/library/utilities/tools/openai-file.md): A CLI utility and Python library for interacting with OpenAI and generating AI response through input file. - [portboozle](https://trickest.com/docs/library/utilities/tools/portboozle.md): Portboozle is a script written as a substitute for masscan. - [prefix-file-lines](https://trickest.com/docs/library/utilities/tools/prefix-file-lines.md): Add prefix string on each line in files. - [pup](https://trickest.com/docs/library/utilities/tools/pup.md): pup is a command-line tool for processing HTML. It reads from stdin, prints to stdout, and allows the user to filter parts of the page using CSS selectors. - [put-trickest-files](https://trickest.com/docs/library/utilities/tools/put-trickest-files.md): Upload a file(s) into your Trickest file storage - [qsreplace](https://trickest.com/docs/library/utilities/tools/qsreplace.md): Accept URLs on stdin, replace all query string values with a user-supplied value - [string-to-file](https://trickest.com/docs/library/utilities/tools/string-to-file.md): Write strings to a file - [suffix-file-lines](https://trickest.com/docs/library/utilities/tools/suffix-file-lines.md): Add suffix (string) on each line in files. - [trickest-execute](https://trickest.com/docs/library/utilities/tools/trickest-execute.md): Execute a Trickest workflow - [trickest-output](https://trickest.com/docs/library/utilities/tools/trickest-output.md): Download the output of a Trickest workflow - [unfurl](https://trickest.com/docs/library/utilities/tools/unfurl.md): Pull out bits of URLs provided on stdin - [ungrep-by-string](https://trickest.com/docs/library/utilities/tools/ungrep-by-string.md): Ungrep content in files by input string. - [urldedupe](https://trickest.com/docs/library/utilities/tools/urldedupe.md): urldedupe is a tool to quickly pass in a list of URLs, and get back a list of deduplicated (unique) URL and query string combination. This is useful to ensure you don't have a URL list will hundred… - [wget](https://trickest.com/docs/library/utilities/tools/wget.md): Wget is a software package for retrieving files using HTTP, HTTPS, FTP, and FTPS, the most widely used Internet protocols. - [whois-verify-targets](https://trickest.com/docs/library/utilities/tools/whois-verify-targets.md): Verify target organization from whois results and get ip-ranges for further scanning. - [xurl](https://trickest.com/docs/library/utilities/tools/xurl.md): A CLI utility to pull out bits of URLs. - [Workflows](https://trickest.com/docs/library/utilities/workflows.md): Explore a collection of powerful and efficient workflows in the Utilities category to enhance your productivity and security. - [Alexa's Top 1000 robots.txt](https://trickest.com/docs/library/utilities/workflows/alexa-top-1000-robots-txt.md): Get all the robots.txt files and directories from Alexa's Top 1000 websites. - [Alexa's Top 1000 robots.txt](https://trickest.com/docs/library/utilities/workflows/alexas-top-1000-robots-txt.md): Get all the robots.txt files and directories from Alexa's Top 1000 websites. - [CVEs](https://trickest.com/docs/library/utilities/workflows/cves.md): Almost every publicly available CVE PoC - https://github.com/trickest/cve - [Diff subdomain enumeration results](https://trickest.com/docs/library/utilities/workflows/diff-subdomain-enumeration-results.md): This workflow demonstrates how to compare the output of the current run with previous runs. Use this pattern as a guide and customize it for your own workflow. For more information, refer to the do… - [Enumerate TLD domain names](https://trickest.com/docs/library/utilities/workflows/enumerate-tld-domain-names.md): Find registered domains for a specific TLD - [GetDNS](https://trickest.com/docs/library/utilities/workflows/getdns.md): Get DNS servers using Masscan and dnsvalidator. - [Github Recon & Scanner](https://trickest.com/docs/library/utilities/workflows/github-recon-and-scanner.md): Create your own recon & vulnerability scanner with Trickest and GitHub - https://github.com/trickest/recon-and-vulnerability-scanner-template - [Historical workflow data](https://trickest.com/docs/library/utilities/workflows/historical-workflow-data.md): Example workflow to show how to access the historical data of a Trickest workflow - [Port-scan and send results to slack](https://trickest.com/docs/library/utilities/workflows/port-scan-and-send-results-to-slack.md): Use masscan to do a portscan on a list of IP addresses and receive the results via a slack webhook - [Resolvers](https://trickest.com/docs/library/utilities/workflows/resolvers.md): The most exhaustive list of reliable DNS resolvers - https://github.com/trickest/resolvers - [Safe Harbour](https://trickest.com/docs/library/utilities/workflows/safe-harbour.md): Security.txt collection of the most popular world-wide domains - [Vulnerabilities Tools](https://trickest.com/docs/library/vulnerabilities/tools.md): Explore a collection of powerful and efficient tools in the Vulnerabilities category to enhance your productivity and security. - [bypass-403](https://trickest.com/docs/library/vulnerabilities/tools/bypass-403.md): Go script for bypassing 403 forbidden - [commix](https://trickest.com/docs/library/vulnerabilities/tools/commix.md): Commix (short for [comm]and [i]njection e[x]ploiter) is an open-source penetration testing tool, written by Anastasios Stasinopoulos (@ancst), that automates the detection and exploitation of comma… - [cookiemonster](https://trickest.com/docs/library/vulnerabilities/tools/cookiemonster.md): CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions. - [corstest](https://trickest.com/docs/library/vulnerabilities/tools/corstest.md): CORStest is a Python 3 tool to find Cross-Origin resource Sharing (CORS) misconfiguration - [crlfmap](https://trickest.com/docs/library/vulnerabilities/tools/crlfmap.md): CRLFMap is a tool to find HTTP Splitting vulnerabilities - [cve-2018-15473](https://trickest.com/docs/library/vulnerabilities/tools/cve-2018-15473.md): Multi-threaded, IPv6 aware, wordlists/single-user username enumeration via CVE-2018-15473 - [cve-2023-3519-inspector](https://trickest.com/docs/library/vulnerabilities/tools/cve-2023-3519-inspector.md): Accurately fingerprint and detect vulnerable versions of Netscaler / Citrix ADC to CVE-2023-3519 - [dalfox](https://trickest.com/docs/library/vulnerabilities/tools/dalfox.md): DalFox is a fast, powerful parameter analysis and XSS scanner, based on a golang/DOM parser. - [dnsreaper](https://trickest.com/docs/library/vulnerabilities/tools/dnsreaper.md): subdomain takeover tool for attackers, bug bounty hunters and the blue team! - [dsss](https://trickest.com/docs/library/vulnerabilities/tools/dsss.md): Damn Small SQLi Scanner (DSSS) is a fully functional SQL injection vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. As of optional settings it supports… - [dsxs](https://trickest.com/docs/library/vulnerabilities/tools/dsxs.md): Damn Small XSS Scanner (DSXS) is a fully functional Cross-site scripting vulnerability scanner (supporting GET and POST parameters) written in under 100 lines of code. - [fdsploit](https://trickest.com/docs/library/vulnerabilities/tools/fdsploit.md): FDsploit can be used to discover and exploit Local/Remote File Inclusion and directory traversal vulnerabilities automatically. - [find-gh-poc](https://trickest.com/docs/library/vulnerabilities/tools/find-gh-poc.md): Find CVE PoCs on GitHub - [findom-xss](https://trickest.com/docs/library/vulnerabilities/tools/findom-xss.md): FinDOM-XSS with file input. FinDOM-XSS is a tool that allows you to finding for possible and/ potential DOM based XSS vulnerability in a fast manner. - [http-request-smuggling](https://trickest.com/docs/library/vulnerabilities/tools/http-request-smuggling.md): http-request-smuggling is a python tool used to detect if target/list of targets are vulnerable against HTTP Request Smuggling vulnerability - [jwt-tool](https://trickest.com/docs/library/vulnerabilities/tools/jwt-tool.md): jwt_tool.py is a toolkit for validating, forging, scanning, and tampering JWTs (JSON Web Tokens). - [kxss](https://trickest.com/docs/library/vulnerabilities/tools/kxss.md): Find unfiltered special characters from urls. - [log4j-scan](https://trickest.com/docs/library/vulnerabilities/tools/log4j-scan.md): A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 - [nosqli](https://trickest.com/docs/library/vulnerabilities/tools/nosqli.md): A fast NoSQL scanner and injector. For finding sites vulnerable to NoSQL injection, Mongo in particular. - [openredirex](https://trickest.com/docs/library/vulnerabilities/tools/openredirex.md): Asynchronous Open redirect Fuzzer. Key features are: taking a url or list of urls and fuzzes them for Open redirect issues, specifying own payloads through 'payloads.txt' and showing Location heade… - [oralyzer](https://trickest.com/docs/library/vulnerabilities/tools/oralyzer.md): Oralyzer, a simple python script that is capable of finding the open redirection vulnerability in a website. It does that by fuzzing the url i.e. provided as the input. - [searchsploit](https://trickest.com/docs/library/vulnerabilities/tools/searchsploit.md): Search through exploits and shellcodes - [smuggler](https://trickest.com/docs/library/vulnerabilities/tools/smuggler.md): An HTTP Request Smuggling / Desync testing tool written in Python 3 - [sqlmap](https://trickest.com/docs/library/vulnerabilities/tools/sqlmap.md): sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers - [ssrfuzz](https://trickest.com/docs/library/vulnerabilities/tools/ssrfuzz.md): SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities - [subzy](https://trickest.com/docs/library/vulnerabilities/tools/subzy.md): Subzy is subdomain takeover tool which works based on matching response fingerprings from can-i-take-over-xyz. - [tko-subs](https://trickest.com/docs/library/vulnerabilities/tools/tko-subs.md): A tool that can help detect and takeover subdomains with dead DNS records - [tplmap](https://trickest.com/docs/library/vulnerabilities/tools/tplmap.md): Server-Side Template Injection and Code Injection Detection and Exploitation Tool - [xforwardy](https://trickest.com/docs/library/vulnerabilities/tools/xforwardy.md): XForwardy is a Host Header Injection scanning tool that can detect misconfigurations, where Host Header Injections are potentially possible. It also checks for CORS Misconfig in a URL. - [xspear](https://trickest.com/docs/library/vulnerabilities/tools/xspear.md): XSpear is XSS Scanner on ruby gems. - [Workflows](https://trickest.com/docs/library/vulnerability-scanning/workflows.md): Explore a collection of powerful and efficient workflows in the Vulnerability Scanning category to enhance your productivity and security. - [ASN Vulnerability Scanning](https://trickest.com/docs/library/vulnerability-scanning/workflows/asn-vulnerability-scanning.md): Scan web servers for vulnerabilities using ASNs as input - [Bypassing 403 Endpoints](https://trickest.com/docs/library/vulnerability-scanning/workflows/bypassing-403-endpoints.md): Test for ways to bypass 403 responses through 6 different techniques that are found to be effective, quick, and capable of scanning numerous endpoints in no time. - [Check for DNS Takeover with dnsReaper](https://trickest.com/docs/library/vulnerability-scanning/workflows/check-for-dns-takeover-with-dnsreaper.md): Use dnsReaper along with a batching pattern to check for DNS takeover en masse - [Check for DNS Takeover with dnsX](https://trickest.com/docs/library/vulnerability-scanning/workflows/check-for-dns-takeover-with-dnsx.md): Use dnsX to fetch hosts which respond with either servfail or refused status codes, which may be susceptible to DNS takeover - [Check For Subdomain Takeover](https://trickest.com/docs/library/vulnerability-scanning/workflows/check-for-subdomain-takeover.md): Scan a list of subdomains for subdomain takeover - [Citrix CVE-2023-3519](https://trickest.com/docs/library/vulnerability-scanning/workflows/citrix-cve-2023-3519.md): Check for CVE-2023-3519, an unauthenticated remote code execution (RCE) vulnerability affecting NetScaler (formerly Citrix) Application Delivery Controller (ADC) and NetScaler Gateway. - [CVE-2021-41773](https://trickest.com/docs/library/vulnerability-scanning/workflows/cve-2021-41773.md): https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41773 - [CVE-2021-42013 & CVE-2021-41773](https://trickest.com/docs/library/vulnerability-scanning/workflows/cve-2021-42013-and-cve-2021-41773.md): Do check and verify if vulnerable for CVE-2021-42013 & CVE-2021-41773 (Apache) - [CVE-2022-36804](https://trickest.com/docs/library/vulnerability-scanning/workflows/cve-2022-36804.md): Test a list of hosts for CVE-2022-36804 which could allow remote attackers to execute arbitrary code on Atlassian Bitbucket Server and Data Center installations. - [CVE-2022-41040](https://trickest.com/docs/library/vulnerability-scanning/workflows/cve-2022-41040.md): Test a list of hosts for CVE-2022-41040 which is an SSRF vulnerability affecting several versions of Microsoft Exchange Server - [CVE-2022-42889](https://trickest.com/docs/library/vulnerability-scanning/workflows/cve-2022-42889.md): Test a list of hosts for CVE-2022-42889 - [Dynamic Web App Scanner](https://trickest.com/docs/library/vulnerability-scanning/workflows/dynamic-web-app-scanner.md): Finding paths and parameters with various techniques and creating a templates for finding LFI,SSRF,XSS,SQLI,RCE based on user-supplied payloads - [Fuzz new endpoints for vulnerabilities](https://trickest.com/docs/library/vulnerability-scanning/workflows/fuzz-new-endpoints-for-vulnerabilities.md): Discover a web app's endpoints, diff them, and fuzz newly discovered endpoints for common vulnerabilities like SQL injection, SSRF, XSS, and more. - [Fuzz web app for vulnerabilities](https://trickest.com/docs/library/vulnerability-scanning/workflows/fuzz-web-app-for-vulnerabilities.md): Efficiently discover and scan a web app's content for common vulnerabilities. Identify potential SQL injection, SSRF, XSS, and more. - [IDOR Checker for GET HTTP requests](https://trickest.com/docs/library/vulnerability-scanning/workflows/idor-checker-for-get-http-requests.md): Check list of URLs with three different authorization headers for legitimate user, attacker users and anonymous user and compare responses - [Open Redirect Finder](https://trickest.com/docs/library/vulnerability-scanning/workflows/open-redirect-finder.md): Get a list of URLs from WaybackMachine and scan for open redirects - [PHP File Upload Bypass Generator](https://trickest.com/docs/library/vulnerability-scanning/workflows/php-file-upload-bypass-generator.md): Using a reverse shell template create different variations of file-upload bypasses for PHP Applications. - [Random Parameter SSRF Finder](https://trickest.com/docs/library/vulnerability-scanning/workflows/random-parameter-ssrf-finder.md): Fire random SSRF checks through user-supplied parameters for GET and POST requests, additionally crawl the app and add SSRF payload to each GET parameter - [Scan container images with trivy](https://trickest.com/docs/library/vulnerability-scanning/workflows/scan-container-images-with-trivy.md): Scan a container image for CVEs, exposed secrets, open ports, and more - [Scan Github Actions For Org](https://trickest.com/docs/library/vulnerability-scanning/workflows/scan-github-actions-for-org.md): Scan GitHub Actions misconfiguration for a particular org - [Scan hosts with Nuclei & Cent](https://trickest.com/docs/library/vulnerability-scanning/workflows/scan-hosts-with-nuclei-and-cent.md): Get all the open-source templates for nuclei with cent, and scan the list of hosts. - [Web Cache Poisoning Finder](https://trickest.com/docs/library/vulnerability-scanning/workflows/web-cache-poisoning-finder.md): Attempts to cause web cache poisoning attacks on several hosts - [XSS Finder](https://trickest.com/docs/library/vulnerability-scanning/workflows/xss-finder.md): Get all Wayback URLs for the domain and find XSS. - [ZAP API Scan](https://trickest.com/docs/library/vulnerability-scanning/workflows/zap-api-scan.md): Use OWASP ZAP to scan an authenticated API - [ZAP Full Scan](https://trickest.com/docs/library/vulnerability-scanning/workflows/zap-full-scan.md): Use OWASP ZAP to spider and scan a website while authenticated - [Trickest Changelog 2026](https://trickest.com/docs/releases/changelog.md): Platform updates and improvements in 2026 - [Trickest Changelog 2024](https://trickest.com/docs/releases/changelog-2024.md): Platform updates and improvements in 2024 - [Trickest Changelog 2025](https://trickest.com/docs/releases/changelog-2025.md): Platform updates and improvements in 2025 - [Creating a Database](https://trickest.com/docs/using-the-app/database-management/creating-database.md): Let the platform detect structured output from your workflows and turn it into a live, auto-updating database table. - [Creating Views](https://trickest.com/docs/using-the-app/database-management/creating-views.md): Save queries and column layouts as named views for quick reuse across your team. - [Exporting](https://trickest.com/docs/using-the-app/database-management/exporting.md): Export Live Table query results to CSV for use in external tools and reports. - [Querying](https://trickest.com/docs/using-the-app/database-management/querying.md): Filter Live Table data using the Trickest Query Language. - [Using the App](https://trickest.com/docs/using-the-app/introduction.md): Step-by-step guides for the main features of the Trickest platform. - [Adding Private Tools](https://trickest.com/docs/using-the-app/private-execution-networking/adding-private-tools.md): Import custom Docker-based tools into your Vault and use them in workflows like any public tool. - [Connecting a Private Container Registry](https://trickest.com/docs/using-the-app/private-execution-networking/connecting-private-registry.md): Connect a private Docker registry to your Vault so private images can be used in your tools. - [Managing IP Addresses](https://trickest.com/docs/using-the-app/private-execution-networking/extracting-ip-addresses.md): View static IP addresses for your fleet, and export the IP addresses used during workflow runs and individual jobs. - [Using Self-Hosted Machines](https://trickest.com/docs/using-the-app/private-execution-networking/using-self-hosted-machines.md): Create a self-hosted fleet and attach your own machines to run workflows on your infrastructure. - [Deactivating Users](https://trickest.com/docs/using-the-app/users-access-management/deactivating-users.md): Deactivate and reactivate users in your Vault. - [Inviting Users](https://trickest.com/docs/using-the-app/users-access-management/inviting-users.md): Invite new users to your Vault, manage pending invitations, and view active users. - [Teams and Roles](https://trickest.com/docs/using-the-app/users-access-management/teams-and-roles.md): Assign roles to users, create teams, and manage permissions across your Vault. - [Building and Debugging a Workflow](https://trickest.com/docs/using-the-app/workflow-and-executions/building-and-debugging-a-workflow.md): Add a node to the canvas, configure it, run it, and inspect inputs/outputs to validate behavior before you connect additional steps. - [Copying Workflows](https://trickest.com/docs/using-the-app/workflow-and-executions/copying-workflows.md): Duplicate an existing workflow from the Workflows page and move the copy into a workspace or project. - [Creating and Using Modules](https://trickest.com/docs/using-the-app/workflow-and-executions/creating-and-using-modules.md): Create custom modules from the Modules page, define their inputs and outputs in the Module I/O panel, and use them as nodes in other workflows. - [Distributing and Scaling Jobs](https://trickest.com/docs/using-the-app/workflow-and-executions/distributing-and-scaling-jobs.md): Split a file or folder coming from an upstream node into many parallel jobs, so the destination node runs once per line, per file, or per batch. - [Executing and Scheduling Workflows](https://trickest.com/docs/using-the-app/workflow-and-executions/executing-and-scheduling-workflows.md): Run a workflow with Execute, Smart Execute, or Advanced Execute, and schedule recurring runs from the editor. - [Managing Variables](https://trickest.com/docs/using-the-app/workflow-and-executions/managing-variables.md): Learn how to create and use variables in Trickest workflows and nodes - [Navigating the Editor](https://trickest.com/docs/using-the-app/workflow-and-executions/navigating-the-editor.md): Learn how to navigate the Workflow Editor, switch between execution views, and inspect workflow runs and data. - [Uploading Files](https://trickest.com/docs/using-the-app/workflow-and-executions/uploading-files.md): Upload and organize files in storage, then use them as inputs in your workflows. - [Using Scripts](https://trickest.com/docs/using-the-app/workflow-and-executions/using-scripts.md): Add a script node to a workflow, configure its arguments and inputs, run it, and create private scripts in the Library. - [Using Workflows From the Library](https://trickest.com/docs/using-the-app/workflow-and-executions/using-workflows-from-the-library.md): Copy a workflow template from the Library into your workspace and project so you can customize and run it. - [Working with Runs](https://trickest.com/docs/using-the-app/workflow-and-executions/working-with-runs.md): Review workflow runs, navigate between the Run list and the Editor, and inspect a past run on the canvas.