This repository aggregates AI-driven reconnaissance prompts, brute-force tooling, project discovery scripts, and specialized hunt engines.
Deep research for uncovering related domains using techniques like favicon fingerprinting, TLS certificate & WHOIS clustering, DNS history & subdomain enumeration, JS library/CDN pattern matching, and acquisition & affiliate research.
- Prompt: wide-recon.md
Identify the top weakest subdomains for bug bounty targeting, with a focus on XSS potential and prioritization strategies.
- Prompt: mass-hunt.md
Analyze specific HTML responses to pinpoint potential pivot points for smart XSS payload chaining within a given page context.
- Prompt: narrow-recon.md
Automated subdomain brute-forcing leveraging a controller/fan-out worker pattern for large-scale enumeration.
-
Caller script: caller.js
-
Workers
- Controller: controller.js
- Sender: sender.js
A suite of scripts for domain and subdomain enumeration, plus automated screenshot capture and cleaning.
- Capture script: shot.js
- Cleanup utility: clean_shot.py
- Chunk subdomains: chunk_subdomains.js
- Random subdomains: random_subdomains.js
- Async HTTP: aiohttp
- Synchronous HTTP: httpx / old school
Specialized engines for packet minification and AI-driven pentesting.