The tools directory covers the classics (Amass, httpx, nmap, gowitness...), but the ASM tooling landscape moves fast. Documenting a tool you use is a self-contained, high-value contribution — each documented tool automatically gets its own page on the website.
Candidate tools (or suggest your own)
- katana — next-gen crawling and spidering (ProjectDiscovery)
- naabu — fast port scanner designed for pipelines
- dnsx — fast DNS toolkit for resolution and bruteforcing
- trufflehog / gitleaks — secret scanning for exposed credentials
- uncover — wrapper to discover hosts across Shodan/Censys/Fofa
- cariddi — endpoint and secrets crawler
What a tool entry needs
Follow the existing format in recon_tools.md:
- Purpose — one sentence on what it does and where it fits in an ASM workflow
- Difficulty — 🟢 / 🟡 / 🔴
- Link to the project
- Installation — commands that you have actually run
- Usage examples — 2–3 realistic commands with brief comments
Please only document tools you've actually used, and keep examples pointed at safe targets (your own infrastructure or designated practice domains).
The tools directory covers the classics (Amass, httpx, nmap, gowitness...), but the ASM tooling landscape moves fast. Documenting a tool you use is a self-contained, high-value contribution — each documented tool automatically gets its own page on the website.
Candidate tools (or suggest your own)
What a tool entry needs
Follow the existing format in recon_tools.md:
Please only document tools you've actually used, and keep examples pointed at safe targets (your own infrastructure or designated practice domains).