Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
osint-personal
command
osint-personal — valida módulos OSINT contra dados pessoais reais.
|
osint-personal — valida módulos OSINT contra dados pessoais reais. |
|
testrun
command
testrun — runner temporário para testar módulos blackhorn contra um alvo real.
|
testrun — runner temporário para testar módulos blackhorn contra um alvo real. |
|
modules
|
|
|
addresssearch
Package addresssearch realiza busca e enriquecimento de endereços brasileiros.
|
Package addresssearch realiza busca e enriquecimento de endereços brasileiros. |
|
alterx
Package alterx generates subdomain permutations using configurable word lists and pattern templates.
|
Package alterx generates subdomain permutations using configurable word lists and pattern templates. |
|
anatel
Package anatel realiza consultas públicas sobre numeração telefônica brasileira.
|
Package anatel realiza consultas públicas sobre numeração telefônica brasileira. |
|
apiaudit
Package apiaudit implements API Security Audit based on OWASP API Security Top 10 (2023).
|
Package apiaudit implements API Security Audit based on OWASP API Security Top 10 (2023). |
|
apkosint
Package apkosint performs passive OSINT on Android APK packages without downloading or decompiling the APK directly.
|
Package apkosint performs passive OSINT on Android APK packages without downloading or decompiling the APK directly. |
|
asnmap
Package asnmap performs ASN (Autonomous System Number) to IP range mapping.
|
Package asnmap performs ASN (Autonomous System Number) to IP range mapping. |
|
bgpinfo
Package bgpinfo realiza análise de segurança BGP de ASNs e prefixos IP.
|
Package bgpinfo realiza análise de segurança BGP de ASNs e prefixos IP. |
|
brandmon
Package brandmon performs brand monitoring: typosquatting detection, look-alike domain discovery, social media impersonation and trademark abuse detection across multiple sources.
|
Package brandmon performs brand monitoring: typosquatting detection, look-alike domain discovery, social media impersonation and trademark abuse detection across multiple sources. |
|
brazilinfo
Package brazilinfo queries multiple Brazilian public APIs to retrieve structured information about companies, phones, emails, CEPs, CPFs, names, addresses and CNPJs.
|
Package brazilinfo queries multiple Brazilian public APIs to retrieve structured information about companies, phones, emails, CEPs, CPFs, names, addresses and CNPJs. |
|
bypass403
Package bypass403 tests HTTP 403 Forbidden bypass techniques.
|
Package bypass403 tests HTTP 403 Forbidden bypass techniques. |
|
cacheprobe
Package cacheprobe detects web cache poisoning vulnerabilities.
|
Package cacheprobe detects web cache poisoning vulnerabilities. |
|
cdncheck
Package cdncheck detects whether a host is fronted by a CDN, WAF, or cloud provider by performing multi-signal analysis:
|
Package cdncheck detects whether a host is fronted by a CDN, WAF, or cloud provider by performing multi-signal analysis: |
|
certs
Package certs queries Certificate Transparency logs to discover subdomains and certificate metadata for a target domain.
|
Package certs queries Certificate Transparency logs to discover subdomains and certificate metadata for a target domain. |
|
clickjacking
Package clickjacking detects missing or misconfigured Clickjacking protections.
|
Package clickjacking detects missing or misconfigured Clickjacking protections. |
|
cloudlist
Package cloudlist enumerates cloud assets across major providers.
|
Package cloudlist enumerates cloud assets across major providers. |
|
cloudosint
Package cloudosint discovers exposed cloud storage resources — S3 buckets, Azure Blob containers, GCP Cloud Storage buckets and DigitalOcean Spaces — using passive DNS, HTTP probing and public cloud APIs.
|
Package cloudosint discovers exposed cloud storage resources — S3 buckets, Azure Blob containers, GCP Cloud Storage buckets and DigitalOcean Spaces — using passive DNS, HTTP probing and public cloud APIs. |
|
cmdi
Package cmdi implements OS Command Injection detection.
|
Package cmdi implements OS Command Injection detection. |
|
companyosint
Package companyosint realiza OSINT empresarial profundo sobre empresas brasileiras.
|
Package companyosint realiza OSINT empresarial profundo sobre empresas brasileiras. |
|
cors2
Package cors2 implements Advanced CORS Misconfiguration detection.
|
Package cors2 implements Advanced CORS Misconfiguration detection. |
|
corsaudit
Package corsaudit detects CORS misconfiguration vulnerabilities.
|
Package corsaudit detects CORS misconfiguration vulnerabilities. |
|
cpflookup
Package cpflookup realiza consultas de CPF via fontes legalmente permitidas.
|
Package cpflookup realiza consultas de CPF via fontes legalmente permitidas. |
|
crawler
Package crawler is a faithful port of projectdiscovery/katana (MIT License).
|
Package crawler is a faithful port of projectdiscovery/katana (MIT License). |
|
credleak
Package credleak realiza análise combinada de credenciais vazadas.
|
Package credleak realiza análise combinada de credenciais vazadas. |
|
credstuffing
Package credstuffing performs authorized credential stuffing simulation to measure account takeover risk.
|
Package credstuffing performs authorized credential stuffing simulation to measure account takeover risk. |
|
crlf
Package crlf implements CRLF Injection detection.
|
Package crlf implements CRLF Injection detection. |
|
darkweb
Package darkweb monitora menções a um alvo em fontes OSINT de dark web e serviços de inteligência sobre ameaças que indexam conteúdo onion.
|
Package darkweb monitora menções a um alvo em fontes OSINT de dark web e serviços de inteligência sobre ameaças que indexam conteúdo onion. |
|
dehashed
Package dehashed integra a API DeHashed para busca em bancos de dados de credenciais vazadas.
|
Package dehashed integra a API DeHashed para busca em bancos de dados de credenciais vazadas. |
|
deserial
Package deserial implements Insecure Deserialization detection.
|
Package deserial implements Insecure Deserialization detection. |
|
dnsaudit
Package dnsaudit performs DNS-level security audit: SPF, DMARC, DKIM, DNSSEC, zone transfer, wildcard DNS, dangling NS records, and email security posture.
|
Package dnsaudit performs DNS-level security audit: SPF, DMARC, DKIM, DNSSEC, zone transfer, wildcard DNS, dangling NS records, and email security posture. |
|
dnsprobe
Package dnsprobe performs DNS lookups via Go's stdlib net package — a faithful port of the projectdiscovery/dnsx library (MIT license).
|
Package dnsprobe performs DNS lookups via Go's stdlib net package — a faithful port of the projectdiscovery/dnsx library (MIT license). |
|
dnsrecon
Package dnsrecon performs advanced DNS reconnaissance: zone transfer attempts, DNSSEC validation, email security records (SPF/DMARC/DKIM), CAA, NSEC walking and comprehensive record enumeration.
|
Package dnsrecon performs advanced DNS reconnaissance: zone transfer attempts, DNSSEC validation, email security records (SPF/DMARC/DKIM), CAA, NSEC walking and comprehensive record enumeration. |
|
emailosint
Package emailosint realiza investigação profunda de endereços de email.
|
Package emailosint realiza investigação profunda de endereços de email. |
|
emailspoof
Package emailspoof audits a domain's email authentication posture to determine whether it can be spoofed.
|
Package emailspoof audits a domain's email authentication posture to determine whether it can be spoofed. |
|
emailverify
Package emailverify verifica e enriquece informações sobre endereços de email.
|
Package emailverify verifica e enriquece informações sobre endereços de email. |
|
ffuf
Package ffuf implements a pure-Go HTTP fuzzer that mirrors the core behavior of ffuf (ffuf/ffuf, MIT) — directory busting, parameter fuzzing, and virtual-host fuzzing — without external dependencies.
|
Package ffuf implements a pure-Go HTTP fuzzer that mirrors the core behavior of ffuf (ffuf/ffuf, MIT) — directory busting, parameter fuzzing, and virtual-host fuzzing — without external dependencies. |
|
fingerprint
Package fingerprint is a port of the WhatWeb technology fingerprinting engine, using the Wappalyzer community dataset (MIT) as its signature database.
|
Package fingerprint is a port of the WhatWeb technology fingerprinting engine, using the Wappalyzer community dataset (MIT) as its signature database. |
|
gau
Package gau aggregates historical URLs from multiple passive sources: Wayback Machine (CDX API), Common Crawl (CC Index API), AlienVault OTX, and URLScan.io.
|
Package gau aggregates historical URLs from multiple passive sources: Wayback Machine (CDX API), Common Crawl (CC Index API), AlienVault OTX, and URLScan.io. |
|
gitdorker
Package gitdorker busca segredos e informações sensíveis em repositórios públicos do GitHub e GitLab usando técnicas de dorking (GitHub Search API).
|
Package gitdorker busca segredos e informações sensíveis em repositórios públicos do GitHub e GitLab usando técnicas de dorking (GitHub Search API). |
|
githistory
Package githistory audits Git repository history for secrets, sensitive files, and commit metadata that should never have been committed.
|
Package githistory audits Git repository history for secrets, sensitive files, and commit metadata that should never have been committed. |
|
googledork
Package googledork performs Google Dorking (advanced search queries) using multiple search APIs to discover exposed information about a target.
|
Package googledork performs Google Dorking (advanced search queries) using multiple search APIs to discover exposed information about a target. |
|
govbr
Package govbr integra APIs públicas do governo brasileiro.
|
Package govbr integra APIs públicas do governo brasileiro. |
|
graphql
Package graphql implements a GraphQL security audit module.
|
Package graphql implements a GraphQL security audit module. |
|
headeraudit
Package headeraudit performs an HTTP Security Headers audit against one or more URLs, detecting missing, misconfigured, or weak security-related response headers.
|
Package headeraudit performs an HTTP Security Headers audit against one or more URLs, detecting missing, misconfigured, or weak security-related response headers. |
|
hibp
Package hibp realiza consultas ao HaveIBeenPwned (HIBP) com suporte a verificação de senhas via k-anonymity (SHA-1 prefix).
|
Package hibp realiza consultas ao HaveIBeenPwned (HIBP) com suporte a verificação de senhas via k-anonymity (SHA-1 prefix). |
|
hostinjection
Package hostinjection implements Host Header Injection detection.
|
Package hostinjection implements Host Header Injection detection. |
|
httpxpro
Package httpxpro extends the core webprobe module with advanced httpx features:
|
Package httpxpro extends the core webprobe module with advanced httpx features: |
|
idor
Package idor implements Insecure Direct Object Reference (IDOR) detection.
|
Package idor implements Insecure Direct Object Reference (IDOR) detection. |
|
interactsh
Package interactsh implements an out-of-band (OOB) interaction server for detecting blind vulnerabilities: SSRF, XXE, blind SQL injection, blind XSS, DNS rebinding, and any other vulnerability that triggers an external callback.
|
Package interactsh implements an out-of-band (OOB) interaction server for detecting blind vulnerabilities: SSRF, XXE, blind SQL injection, blind XSS, DNS rebinding, and any other vulnerability that triggers an external callback. |
|
ipgeolocation
Package ipgeolocation realiza geolocalização e análise de reputação de endereços IP.
|
Package ipgeolocation realiza geolocalização e análise de reputação de endereços IP. |
|
ipintel
Package ipintel agrega inteligência sobre endereços IP de múltiplas fontes OSINT.
|
Package ipintel agrega inteligência sobre endereços IP de múltiplas fontes OSINT. |
|
jwt
Package jwt implements JWT (JSON Web Token) security analysis.
|
Package jwt implements JWT (JSON Web Token) security analysis. |
|
jwtaudit
Package jwtaudit implements JWT (JSON Web Token) security auditing.
|
Package jwtaudit implements JWT (JSON Web Token) security auditing. |
|
katana
Package katana is an extended web crawler that goes beyond the basic BFS of the crawler module.
|
Package katana is an extended web crawler that goes beyond the basic BFS of the crawler module. |
|
leakosint
Package leakosint combina múltiplas fontes de OSINT de dados vazados.
|
Package leakosint combina múltiplas fontes de OSINT de dados vazados. |
|
lfi
Package lfi implements Local File Inclusion and Path Traversal detection.
|
Package lfi implements Local File Inclusion and Path Traversal detection. |
|
mapcidr
Package mapcidr provides IP/CIDR network utility operations: expansion, aggregation, filtering, splitting, and set operations (union, intersection, difference).
|
Package mapcidr provides IP/CIDR network utility operations: expansion, aggregation, filtering, splitting, and set operations (union, intersection, difference). |
|
metadata
Package metadata extracts OSINT-relevant metadata from publicly accessible files — EXIF from images (JPEG/PNG/TIFF/HEIC), PDF document properties, Office (DOCX/XLSX/PPTX) core properties and generic HTTP headers.
|
Package metadata extracts OSINT-relevant metadata from publicly accessible files — EXIF from images (JPEG/PNG/TIFF/HEIC), PDF document properties, Office (DOCX/XLSX/PPTX) core properties and generic HTTP headers. |
|
namesearch
Package namesearch realiza busca de pessoas por nome em fontes públicas brasileiras e internacionais.
|
Package namesearch realiza busca de pessoas por nome em fontes públicas brasileiras e internacionais. |
|
netmon
Package netmon queries internet-wide scanning services to discover exposed hosts, open ports, services, banners and vulnerabilities associated with a target IP, domain or ASN.
|
Package netmon queries internet-wide scanning services to discover exposed hosts, open ports, services, banners and vulnerabilities associated with a target IP, domain or ASN. |
|
nosqli
Package nosqli implements NoSQL Injection detection.
|
Package nosqli implements NoSQL Injection detection. |
|
notify
Package notify dispatches security findings to notification channels.
|
Package notify dispatches security findings to notification channels. |
|
oauth2
Package oauth2 implements OAuth 2.0 security misconfiguration detection.
|
Package oauth2 implements OAuth 2.0 security misconfiguration detection. |
|
oauthprobe
Package oauthprobe audits OAuth2/OIDC endpoint misconfigurations.
|
Package oauthprobe audits OAuth2/OIDC endpoint misconfigurations. |
|
openredirect
Package openredirect implements Open Redirect vulnerability detection.
|
Package openredirect implements Open Redirect vulnerability detection. |
|
osintbr
Package osintbr é o módulo integrador de OSINT brasileiro.
|
Package osintbr é o módulo integrador de OSINT brasileiro. |
|
osintleak
Package osintleak queries breach/leak intelligence APIs to discover exposed credentials, emails and data associated with a target.
|
Package osintleak queries breach/leak intelligence APIs to discover exposed credentials, emails and data associated with a target. |
|
paramdisc
Package paramdisc discovers hidden HTTP parameters in web endpoints.
|
Package paramdisc discovers hidden HTTP parameters in web endpoints. |
|
paramspider
Package paramspider mines URLs with parameters from the Wayback Machine CDX API and returns them with parameter values replaced by a configurable placeholder.
|
Package paramspider mines URLs with parameters from the Wayback Machine CDX API and returns them with parameter values replaced by a configurable placeholder. |
|
pastebin
Package pastebin busca vazamentos de dados em serviços de paste público.
|
Package pastebin busca vazamentos de dados em serviços de paste público. |
|
pathprobe
Package pathprobe probes for sensitive files and directories exposed on web servers.
|
Package pathprobe probes for sensitive files and directories exposed on web servers. |
|
phonelookup
Package phonelookup queries multiple APIs to enrich phone number intelligence.
|
Package phonelookup queries multiple APIs to enrich phone number intelligence. |
|
portscanner
Package portscanner realiza varredura de portas TCP com detecção de serviço.
|
Package portscanner realiza varredura de portas TCP com detecção de serviço. |
|
prototype
Package prototype implements Prototype Pollution detection.
|
Package prototype implements Prototype Pollution detection. |
|
proxify
Package proxify implements an intercepting HTTP proxy that captures requests and responses, applies match/replace rules, and emits structured findings.
|
Package proxify implements an intercepting HTTP proxy that captures requests and responses, applies match/replace rules, and emits structured findings. |
|
ratelimit
Package ratelimit detects missing, bypassable, or misconfigured rate limiting on API endpoints and authentication forms.
|
Package ratelimit detects missing, bypassable, or misconfigured rate limiting on API endpoints and authentication forms. |
|
recon
Package recon performs passive reconnaissance by aggregating multiple OSINT sources into a unified finding set.
|
Package recon performs passive reconnaissance by aggregating multiple OSINT sources into a unified finding set. |
|
registroempresas
Package registroempresas consulta registros empresariais em fontes públicas brasileiras.
|
Package registroempresas consulta registros empresariais em fontes públicas brasileiras. |
|
repochecker
Package repochecker performs deep analysis of public GitHub and GitLab repositories to find security-relevant information such as exposed secrets, leaked credentials, hardcoded API keys, sensitive file patterns, contributor metadata and repository health indicators.
|
Package repochecker performs deep analysis of public GitHub and GitLab repositories to find security-relevant information such as exposed secrets, leaked credentials, hardcoded API keys, sensitive file patterns, contributor metadata and repository health indicators. |
|
s3enum
Package s3enum enumerates S3-compatible storage buckets — AWS S3, Google Cloud Storage, DigitalOcean Spaces, and Backblaze B2 — via common naming patterns and HTTP probing.
|
Package s3enum enumerates S3-compatible storage buckets — AWS S3, Google Cloud Storage, DigitalOcean Spaces, and Backblaze B2 — via common naming patterns and HTTP probing. |
|
secretscan
Package secretscan scans text content for leaked secrets using regex patterns and Shannon entropy scoring — a faithful port of the gitleaks detection engine (MIT license: github.com/gitleaks/gitleaks).
|
Package secretscan scans text content for leaked secrets using regex patterns and Shannon entropy scoring — a faithful port of the gitleaks detection engine (MIT license: github.com/gitleaks/gitleaks). |
|
sherlock
Package sherlock performs username enumeration across social networks and online platforms, modelled after the sherlock-project/sherlock tool (MIT).
|
Package sherlock performs username enumeration across social networks and online platforms, modelled after the sherlock-project/sherlock tool (MIT). |
|
shodanwatch
Package shodanwatch provides continuous-monitoring-style Shodan queries: host info, CVE lookup by service, organization asset discovery, DNS resolve, and honeypot probability scoring.
|
Package shodanwatch provides continuous-monitoring-style Shodan queries: host info, CVE lookup by service, organization asset discovery, DNS resolve, and honeypot probability scoring. |
|
shuffledns
Package shuffledns performs high-speed subdomain resolution and bruteforce using a built-in wordlist and concurrent DNS resolution.
|
Package shuffledns performs high-speed subdomain resolution and bruteforce using a built-in wordlist and concurrent DNS resolution. |
|
smuggler
Package smuggler detects HTTP Request Smuggling vulnerabilities.
|
Package smuggler detects HTTP Request Smuggling vulnerabilities. |
|
smuggling
Package smuggling implements HTTP Request Smuggling detection.
|
Package smuggling implements HTTP Request Smuggling detection. |
|
socialmedia
Package socialmedia realiza coleta de dados públicos de múltiplas redes sociais.
|
Package socialmedia realiza coleta de dados públicos de múltiplas redes sociais. |
|
socialscan
Package socialscan performs OSINT on social media profiles and usernames across 100+ platforms.
|
Package socialscan performs OSINT on social media profiles and usernames across 100+ platforms. |
|
soft404
Package soft404 detects soft-404 responses — HTTP 200 pages that are semantically error pages, auth walls, anti-bot challenges, or wildcard-200 CMS templates.
|
Package soft404 detects soft-404 responses — HTTP 200 pages that are semantically error pages, auth walls, anti-bot challenges, or wildcard-200 CMS templates. |
|
sqli
Package sqli implements SQL Injection detection via three complementary techniques.
|
Package sqli implements SQL Injection detection via three complementary techniques. |
|
sslcheck
Package sslcheck analisa certificados TLS/SSL e configuração de segurança.
|
Package sslcheck analisa certificados TLS/SSL e configuração de segurança. |
|
ssrfprobe
Package ssrfprobe detects Server-Side Request Forgery (SSRF) vulnerabilities by injecting out-of-band (OOB) callback URLs and in-band cloud metadata endpoint payloads into every URL parameter and common header injection points.
|
Package ssrfprobe detects Server-Side Request Forgery (SSRF) vulnerabilities by injecting out-of-band (OOB) callback URLs and in-band cloud metadata endpoint payloads into every URL parameter and common header injection points. |
|
ssti
Package ssti implements Server-Side Template Injection (SSTI) detection.
|
Package ssti implements Server-Side Template Injection (SSTI) detection. |
|
sstiprobe
Package sstiprobe implements Server-Side Template Injection (SSTI) detection.
|
Package sstiprobe implements Server-Side Template Injection (SSTI) detection. |
|
subdiscovery
Package subdiscovery is a faithful port of projectdiscovery/subfinder (MIT License).
|
Package subdiscovery is a faithful port of projectdiscovery/subfinder (MIT License). |
|
swaggerfuzz
Package swaggerfuzz performs automated API fuzzing driven by an OpenAPI/Swagger specification.
|
Package swaggerfuzz performs automated API fuzzing driven by an OpenAPI/Swagger specification. |
|
takeover
Package takeover detects subdomain takeover candidates via CNAME dangling.
|
Package takeover detects subdomain takeover candidates via CNAME dangling. |
|
telegramosint
Package telegramosint gathers open-source intelligence from public Telegram resources without requiring a user session or MTProto credentials.
|
Package telegramosint gathers open-source intelligence from public Telegram resources without requiring a user session or MTProto credentials. |
|
threatintel
Package threatintel aggregates threat intelligence from multiple sources to classify IPs, domains, URLs, file hashes and email addresses.
|
Package threatintel aggregates threat intelligence from multiple sources to classify IPs, domains, URLs, file hashes and email addresses. |
|
tlsaudit
Package tlsaudit audits TLS/SSL configuration of a remote server — an algorithmic reimplementation of testssl.sh (GPL Bash, drwetter/testssl.sh).
|
Package tlsaudit audits TLS/SSL configuration of a remote server — an algorithmic reimplementation of testssl.sh (GPL Bash, drwetter/testssl.sh). |
|
tlsfinder
Package tlsfinder discovers subdomains via Certificate Transparency (CT) logs by querying the crt.sh public API and the Certspotter API.
|
Package tlsfinder discovers subdomains via Certificate Transparency (CT) logs by querying the crt.sh public API and the Certspotter API. |
|
tribunais
Package tribunais consulta processos judiciais em bases públicas brasileiras.
|
Package tribunais consulta processos judiciais em bases públicas brasileiras. |
|
truffler
Package truffler is a full reimplementation of trufflehog v3's secret detection engine, written from scratch to avoid the AGPL-3.0 license.
|
Package truffler is a full reimplementation of trufflehog v3's secret detection engine, written from scratch to avoid the AGPL-3.0 license. |
|
udpprobe
Package udpprobe implements UDP service discovery for common protocols.
|
Package udpprobe implements UDP service discovery for common protocols. |
|
uncover
Package uncover discovers exposed assets using internet-wide scanning engines.
|
Package uncover discovers exposed assets using internet-wide scanning engines. |
|
urldedup
Package urldedup reduces a large URL set to a minimal representative subset.
|
Package urldedup reduces a large URL set to a minimal representative subset. |
|
urlfinder
Package urlfinder extracts URLs from JavaScript files, HTML pages, and raw content by applying a set of regex and string-matching strategies.
|
Package urlfinder extracts URLs from JavaScript files, HTML pages, and raw content by applying a set of regex and string-matching strategies. |
|
urlparse
Package urlparse extracts and classifies components from URLs.
|
Package urlparse extracts and classifies components from URLs. |
|
userlookup
Package userlookup performs multi-source username enumeration across hundreds of online platforms, combining three public databases to maximize coverage.
|
Package userlookup performs multi-source username enumeration across hundreds of online platforms, combining three public databases to maximize coverage. |
|
verbtamper
Package verbtamper tests HTTP Verb Tampering on discovered endpoints.
|
Package verbtamper tests HTTP Verb Tampering on discovered endpoints. |
|
vulndb
Package vulndb queries public vulnerability databases for CVEs, advisories and known-exploited vulnerabilities affecting a target package, CPE or keyword.
|
Package vulndb queries public vulnerability databases for CVEs, advisories and known-exploited vulnerabilities affecting a target package, CPE or keyword. |
|
vulnscan
Package vulnscan is an algorithmic reimplementation of projectdiscovery/nuclei (MIT License) HTTP template matching engine.
|
Package vulnscan is an algorithmic reimplementation of projectdiscovery/nuclei (MIT License) HTTP template matching engine. |
|
vulnx
Package vulnx performs vulnerability scanning by combining technology fingerprinting with known CVE/exploit databases.
|
Package vulnx performs vulnerability scanning by combining technology fingerprinting with known CVE/exploit databases. |
|
wafscan
Package wafscan implements WAF (Web Application Firewall) Detection and Bypass.
|
Package wafscan implements WAF (Web Application Firewall) Detection and Bypass. |
|
wayback
Package wayback fetches historical URLs for a target domain from multiple sources: Wayback Machine CDX, Common Crawl, and VirusTotal (optional).
|
Package wayback fetches historical URLs for a target domain from multiple sources: Wayback Machine CDX, Common Crawl, and VirusTotal (optional). |
|
webdav
Package webdav implements WebDAV misconfiguration detection.
|
Package webdav implements WebDAV misconfiguration detection. |
|
webprobe
Package webprobe is a faithful port of projectdiscovery/httpx (MIT License).
|
Package webprobe is a faithful port of projectdiscovery/httpx (MIT License). |
|
whatsapp
Package whatsapp realiza OSINT de números de WhatsApp via fontes públicas.
|
Package whatsapp realiza OSINT de números de WhatsApp via fontes públicas. |
|
whois
Package whois performs WHOIS lookups via direct TCP connection to WHOIS servers (RFC 3912), with referral chaining (follow the "Registrar WHOIS Server" or "whois:" pointer in the response for authoritative results).
|
Package whois performs WHOIS lookups via direct TCP connection to WHOIS servers (RFC 3912), with referral chaining (follow the "Registrar WHOIS Server" or "whois:" pointer in the response for authoritative results). |
|
wifite2
Package wifite2 provides a wrapper around the wifite2 wireless auditing tool.
|
Package wifite2 provides a wrapper around the wifite2 wireless auditing tool. |
|
xssreflect
Package xssreflect detects reflected XSS candidates by injecting canary strings into URL parameters and checking whether dangerous characters survive unencoded in the response body.
|
Package xssreflect detects reflected XSS candidates by injecting canary strings into URL parameters and checking whether dangerous characters survive unencoded in the response body. |
|
xssscan
Package xssscan is an algorithmic reimplementation of hahwul/dalfox XSS scanning engine.
|
Package xssscan is an algorithmic reimplementation of hahwul/dalfox XSS scanning engine. |
|
xxeprobe
Package xxeprobe detects XML External Entity (XXE) injection vulnerabilities by injecting XXE payloads into XML-accepting endpoints and analysing in-band responses.
|
Package xxeprobe detects XML External Entity (XXE) injection vulnerabilities by injecting XXE payloads into XML-accepting endpoints and analysing in-band responses. |
|
pkg
|
|
|
httpclient
Package httpclient provides a shared, configurable HTTP client for all modules.
|
Package httpclient provides a shared, configurable HTTP client for all modules. |
|
module
Package module defines the core interface that every blackhorn-modules implementation must satisfy.
|
Package module defines the core interface that every blackhorn-modules implementation must satisfy. |
|
registry
Package registry — catalog.go registers all available blackhorn-modules into the global registry at program startup.
|
Package registry — catalog.go registers all available blackhorn-modules into the global registry at program startup. |
|
template
Package template implements the BLACKHORN internal template engine.
|
Package template implements the BLACKHORN internal template engine. |
|
urlutil
Package urlutil provides shared URL helpers used across multiple modules.
|
Package urlutil provides shared URL helpers used across multiple modules. |
Click to show internal directories.
Click to hide internal directories.