blackhorn-modules

module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 20, 2026 License: MIT

README

BLACKHORN Modules

Native Go security modules used by the BLACKHORN desktop orchestrator.

The repository contains 122 registered modules for reconnaissance, DNS, network discovery, HTTP auditing, web vulnerability checks, cloud analysis, threat intelligence, Brazilian OSINT, and utility workflows. Modules return typed findings and run in-process without requiring a separate executable.

Design goals

  • High precision: candidates and confirmed observations are explicitly separated.
  • Bounded execution: network fan-out has context, concurrency, response-size, runtime, and result limits.
  • Explainability: findings carry source, confidence, validation state, and context-promotion metadata.
  • Testability: network integrations use injected clients, resolvers, or dialers and local test servers.
  • Composability: every module implements one small interface and is described in the central registry.

Requirements

  • Go 1.26.4 or a newer compatible patch release.

Use

package main

import (
	"context"
	"log"

	"github.com/DonatoReis/blackhorn-modules/pkg/module"
	"github.com/DonatoReis/blackhorn-modules/pkg/registry"
)

func main() {
	native, err := registry.New("headeraudit")
	if err != nil {
		log.Fatal(err)
	}

	findings, err := native.Run(context.Background(), module.Input{
		Target: "https://example.com",
	})
	if err != nil {
		log.Fatal(err)
	}
	log.Printf("%d findings", len(findings))
}

Browse available modules through registry.All() or pkg/registry/catalog.go.

Validate

go fmt ./...
go vet ./...
go test -race ./...
go build ./...
go run golang.org/x/vuln/cmd/govulncheck@latest ./...

Benchmarks live in benchmarks, and fuzz targets live in fuzz.

Contributing

Read CONTRIBUTING.md, SECURITY.md, and the Code of Conduct. Contributions should include deterministic tests and explain how evidence, confidence, false positives, and execution limits are handled.

Responsible use

Use these modules only on assets you own or are explicitly authorized to assess. Do not submit real credentials, private target data, or unauthorized scan output.

License

MIT

Directories

Path Synopsis
cmd
osint-personal command
osint-personal — valida módulos OSINT contra dados pessoais reais.
osint-personal — valida módulos OSINT contra dados pessoais reais.
testrun command
testrun — runner temporário para testar módulos blackhorn contra um alvo real.
testrun — runner temporário para testar módulos blackhorn contra um alvo real.
modules
addresssearch
Package addresssearch realiza busca e enriquecimento de endereços brasileiros.
Package addresssearch realiza busca e enriquecimento de endereços brasileiros.
alterx
Package alterx generates subdomain permutations using configurable word lists and pattern templates.
Package alterx generates subdomain permutations using configurable word lists and pattern templates.
anatel
Package anatel realiza consultas públicas sobre numeração telefônica brasileira.
Package anatel realiza consultas públicas sobre numeração telefônica brasileira.
apiaudit
Package apiaudit implements API Security Audit based on OWASP API Security Top 10 (2023).
Package apiaudit implements API Security Audit based on OWASP API Security Top 10 (2023).
apkosint
Package apkosint performs passive OSINT on Android APK packages without downloading or decompiling the APK directly.
Package apkosint performs passive OSINT on Android APK packages without downloading or decompiling the APK directly.
asnmap
Package asnmap performs ASN (Autonomous System Number) to IP range mapping.
Package asnmap performs ASN (Autonomous System Number) to IP range mapping.
bgpinfo
Package bgpinfo realiza análise de segurança BGP de ASNs e prefixos IP.
Package bgpinfo realiza análise de segurança BGP de ASNs e prefixos IP.
brandmon
Package brandmon performs brand monitoring: typosquatting detection, look-alike domain discovery, social media impersonation and trademark abuse detection across multiple sources.
Package brandmon performs brand monitoring: typosquatting detection, look-alike domain discovery, social media impersonation and trademark abuse detection across multiple sources.
brazilinfo
Package brazilinfo queries multiple Brazilian public APIs to retrieve structured information about companies, phones, emails, CEPs, CPFs, names, addresses and CNPJs.
Package brazilinfo queries multiple Brazilian public APIs to retrieve structured information about companies, phones, emails, CEPs, CPFs, names, addresses and CNPJs.
bypass403
Package bypass403 tests HTTP 403 Forbidden bypass techniques.
Package bypass403 tests HTTP 403 Forbidden bypass techniques.
cacheprobe
Package cacheprobe detects web cache poisoning vulnerabilities.
Package cacheprobe detects web cache poisoning vulnerabilities.
cdncheck
Package cdncheck detects whether a host is fronted by a CDN, WAF, or cloud provider by performing multi-signal analysis:
Package cdncheck detects whether a host is fronted by a CDN, WAF, or cloud provider by performing multi-signal analysis:
certs
Package certs queries Certificate Transparency logs to discover subdomains and certificate metadata for a target domain.
Package certs queries Certificate Transparency logs to discover subdomains and certificate metadata for a target domain.
clickjacking
Package clickjacking detects missing or misconfigured Clickjacking protections.
Package clickjacking detects missing or misconfigured Clickjacking protections.
cloudlist
Package cloudlist enumerates cloud assets across major providers.
Package cloudlist enumerates cloud assets across major providers.
cloudosint
Package cloudosint discovers exposed cloud storage resources — S3 buckets, Azure Blob containers, GCP Cloud Storage buckets and DigitalOcean Spaces — using passive DNS, HTTP probing and public cloud APIs.
Package cloudosint discovers exposed cloud storage resources — S3 buckets, Azure Blob containers, GCP Cloud Storage buckets and DigitalOcean Spaces — using passive DNS, HTTP probing and public cloud APIs.
cmdi
Package cmdi implements OS Command Injection detection.
Package cmdi implements OS Command Injection detection.
companyosint
Package companyosint realiza OSINT empresarial profundo sobre empresas brasileiras.
Package companyosint realiza OSINT empresarial profundo sobre empresas brasileiras.
cors2
Package cors2 implements Advanced CORS Misconfiguration detection.
Package cors2 implements Advanced CORS Misconfiguration detection.
corsaudit
Package corsaudit detects CORS misconfiguration vulnerabilities.
Package corsaudit detects CORS misconfiguration vulnerabilities.
cpflookup
Package cpflookup realiza consultas de CPF via fontes legalmente permitidas.
Package cpflookup realiza consultas de CPF via fontes legalmente permitidas.
crawler
Package crawler is a faithful port of projectdiscovery/katana (MIT License).
Package crawler is a faithful port of projectdiscovery/katana (MIT License).
credleak
Package credleak realiza análise combinada de credenciais vazadas.
Package credleak realiza análise combinada de credenciais vazadas.
credstuffing
Package credstuffing performs authorized credential stuffing simulation to measure account takeover risk.
Package credstuffing performs authorized credential stuffing simulation to measure account takeover risk.
crlf
Package crlf implements CRLF Injection detection.
Package crlf implements CRLF Injection detection.
darkweb
Package darkweb monitora menções a um alvo em fontes OSINT de dark web e serviços de inteligência sobre ameaças que indexam conteúdo onion.
Package darkweb monitora menções a um alvo em fontes OSINT de dark web e serviços de inteligência sobre ameaças que indexam conteúdo onion.
dehashed
Package dehashed integra a API DeHashed para busca em bancos de dados de credenciais vazadas.
Package dehashed integra a API DeHashed para busca em bancos de dados de credenciais vazadas.
deserial
Package deserial implements Insecure Deserialization detection.
Package deserial implements Insecure Deserialization detection.
dnsaudit
Package dnsaudit performs DNS-level security audit: SPF, DMARC, DKIM, DNSSEC, zone transfer, wildcard DNS, dangling NS records, and email security posture.
Package dnsaudit performs DNS-level security audit: SPF, DMARC, DKIM, DNSSEC, zone transfer, wildcard DNS, dangling NS records, and email security posture.
dnsprobe
Package dnsprobe performs DNS lookups via Go's stdlib net package — a faithful port of the projectdiscovery/dnsx library (MIT license).
Package dnsprobe performs DNS lookups via Go's stdlib net package — a faithful port of the projectdiscovery/dnsx library (MIT license).
dnsrecon
Package dnsrecon performs advanced DNS reconnaissance: zone transfer attempts, DNSSEC validation, email security records (SPF/DMARC/DKIM), CAA, NSEC walking and comprehensive record enumeration.
Package dnsrecon performs advanced DNS reconnaissance: zone transfer attempts, DNSSEC validation, email security records (SPF/DMARC/DKIM), CAA, NSEC walking and comprehensive record enumeration.
emailosint
Package emailosint realiza investigação profunda de endereços de email.
Package emailosint realiza investigação profunda de endereços de email.
emailspoof
Package emailspoof audits a domain's email authentication posture to determine whether it can be spoofed.
Package emailspoof audits a domain's email authentication posture to determine whether it can be spoofed.
emailverify
Package emailverify verifica e enriquece informações sobre endereços de email.
Package emailverify verifica e enriquece informações sobre endereços de email.
ffuf
Package ffuf implements a pure-Go HTTP fuzzer that mirrors the core behavior of ffuf (ffuf/ffuf, MIT) — directory busting, parameter fuzzing, and virtual-host fuzzing — without external dependencies.
Package ffuf implements a pure-Go HTTP fuzzer that mirrors the core behavior of ffuf (ffuf/ffuf, MIT) — directory busting, parameter fuzzing, and virtual-host fuzzing — without external dependencies.
fingerprint
Package fingerprint is a port of the WhatWeb technology fingerprinting engine, using the Wappalyzer community dataset (MIT) as its signature database.
Package fingerprint is a port of the WhatWeb technology fingerprinting engine, using the Wappalyzer community dataset (MIT) as its signature database.
gau
Package gau aggregates historical URLs from multiple passive sources: Wayback Machine (CDX API), Common Crawl (CC Index API), AlienVault OTX, and URLScan.io.
Package gau aggregates historical URLs from multiple passive sources: Wayback Machine (CDX API), Common Crawl (CC Index API), AlienVault OTX, and URLScan.io.
gitdorker
Package gitdorker busca segredos e informações sensíveis em repositórios públicos do GitHub e GitLab usando técnicas de dorking (GitHub Search API).
Package gitdorker busca segredos e informações sensíveis em repositórios públicos do GitHub e GitLab usando técnicas de dorking (GitHub Search API).
githistory
Package githistory audits Git repository history for secrets, sensitive files, and commit metadata that should never have been committed.
Package githistory audits Git repository history for secrets, sensitive files, and commit metadata that should never have been committed.
googledork
Package googledork performs Google Dorking (advanced search queries) using multiple search APIs to discover exposed information about a target.
Package googledork performs Google Dorking (advanced search queries) using multiple search APIs to discover exposed information about a target.
govbr
Package govbr integra APIs públicas do governo brasileiro.
Package govbr integra APIs públicas do governo brasileiro.
graphql
Package graphql implements a GraphQL security audit module.
Package graphql implements a GraphQL security audit module.
headeraudit
Package headeraudit performs an HTTP Security Headers audit against one or more URLs, detecting missing, misconfigured, or weak security-related response headers.
Package headeraudit performs an HTTP Security Headers audit against one or more URLs, detecting missing, misconfigured, or weak security-related response headers.
hibp
Package hibp realiza consultas ao HaveIBeenPwned (HIBP) com suporte a verificação de senhas via k-anonymity (SHA-1 prefix).
Package hibp realiza consultas ao HaveIBeenPwned (HIBP) com suporte a verificação de senhas via k-anonymity (SHA-1 prefix).
hostinjection
Package hostinjection implements Host Header Injection detection.
Package hostinjection implements Host Header Injection detection.
httpxpro
Package httpxpro extends the core webprobe module with advanced httpx features:
Package httpxpro extends the core webprobe module with advanced httpx features:
idor
Package idor implements Insecure Direct Object Reference (IDOR) detection.
Package idor implements Insecure Direct Object Reference (IDOR) detection.
interactsh
Package interactsh implements an out-of-band (OOB) interaction server for detecting blind vulnerabilities: SSRF, XXE, blind SQL injection, blind XSS, DNS rebinding, and any other vulnerability that triggers an external callback.
Package interactsh implements an out-of-band (OOB) interaction server for detecting blind vulnerabilities: SSRF, XXE, blind SQL injection, blind XSS, DNS rebinding, and any other vulnerability that triggers an external callback.
ipgeolocation
Package ipgeolocation realiza geolocalização e análise de reputação de endereços IP.
Package ipgeolocation realiza geolocalização e análise de reputação de endereços IP.
ipintel
Package ipintel agrega inteligência sobre endereços IP de múltiplas fontes OSINT.
Package ipintel agrega inteligência sobre endereços IP de múltiplas fontes OSINT.
jwt
Package jwt implements JWT (JSON Web Token) security analysis.
Package jwt implements JWT (JSON Web Token) security analysis.
jwtaudit
Package jwtaudit implements JWT (JSON Web Token) security auditing.
Package jwtaudit implements JWT (JSON Web Token) security auditing.
katana
Package katana is an extended web crawler that goes beyond the basic BFS of the crawler module.
Package katana is an extended web crawler that goes beyond the basic BFS of the crawler module.
leakosint
Package leakosint combina múltiplas fontes de OSINT de dados vazados.
Package leakosint combina múltiplas fontes de OSINT de dados vazados.
lfi
Package lfi implements Local File Inclusion and Path Traversal detection.
Package lfi implements Local File Inclusion and Path Traversal detection.
mapcidr
Package mapcidr provides IP/CIDR network utility operations: expansion, aggregation, filtering, splitting, and set operations (union, intersection, difference).
Package mapcidr provides IP/CIDR network utility operations: expansion, aggregation, filtering, splitting, and set operations (union, intersection, difference).
metadata
Package metadata extracts OSINT-relevant metadata from publicly accessible files — EXIF from images (JPEG/PNG/TIFF/HEIC), PDF document properties, Office (DOCX/XLSX/PPTX) core properties and generic HTTP headers.
Package metadata extracts OSINT-relevant metadata from publicly accessible files — EXIF from images (JPEG/PNG/TIFF/HEIC), PDF document properties, Office (DOCX/XLSX/PPTX) core properties and generic HTTP headers.
namesearch
Package namesearch realiza busca de pessoas por nome em fontes públicas brasileiras e internacionais.
Package namesearch realiza busca de pessoas por nome em fontes públicas brasileiras e internacionais.
netmon
Package netmon queries internet-wide scanning services to discover exposed hosts, open ports, services, banners and vulnerabilities associated with a target IP, domain or ASN.
Package netmon queries internet-wide scanning services to discover exposed hosts, open ports, services, banners and vulnerabilities associated with a target IP, domain or ASN.
nosqli
Package nosqli implements NoSQL Injection detection.
Package nosqli implements NoSQL Injection detection.
notify
Package notify dispatches security findings to notification channels.
Package notify dispatches security findings to notification channels.
oauth2
Package oauth2 implements OAuth 2.0 security misconfiguration detection.
Package oauth2 implements OAuth 2.0 security misconfiguration detection.
oauthprobe
Package oauthprobe audits OAuth2/OIDC endpoint misconfigurations.
Package oauthprobe audits OAuth2/OIDC endpoint misconfigurations.
openredirect
Package openredirect implements Open Redirect vulnerability detection.
Package openredirect implements Open Redirect vulnerability detection.
osintbr
Package osintbr é o módulo integrador de OSINT brasileiro.
Package osintbr é o módulo integrador de OSINT brasileiro.
osintleak
Package osintleak queries breach/leak intelligence APIs to discover exposed credentials, emails and data associated with a target.
Package osintleak queries breach/leak intelligence APIs to discover exposed credentials, emails and data associated with a target.
paramdisc
Package paramdisc discovers hidden HTTP parameters in web endpoints.
Package paramdisc discovers hidden HTTP parameters in web endpoints.
paramspider
Package paramspider mines URLs with parameters from the Wayback Machine CDX API and returns them with parameter values replaced by a configurable placeholder.
Package paramspider mines URLs with parameters from the Wayback Machine CDX API and returns them with parameter values replaced by a configurable placeholder.
pastebin
Package pastebin busca vazamentos de dados em serviços de paste público.
Package pastebin busca vazamentos de dados em serviços de paste público.
pathprobe
Package pathprobe probes for sensitive files and directories exposed on web servers.
Package pathprobe probes for sensitive files and directories exposed on web servers.
phonelookup
Package phonelookup queries multiple APIs to enrich phone number intelligence.
Package phonelookup queries multiple APIs to enrich phone number intelligence.
portscanner
Package portscanner realiza varredura de portas TCP com detecção de serviço.
Package portscanner realiza varredura de portas TCP com detecção de serviço.
prototype
Package prototype implements Prototype Pollution detection.
Package prototype implements Prototype Pollution detection.
proxify
Package proxify implements an intercepting HTTP proxy that captures requests and responses, applies match/replace rules, and emits structured findings.
Package proxify implements an intercepting HTTP proxy that captures requests and responses, applies match/replace rules, and emits structured findings.
ratelimit
Package ratelimit detects missing, bypassable, or misconfigured rate limiting on API endpoints and authentication forms.
Package ratelimit detects missing, bypassable, or misconfigured rate limiting on API endpoints and authentication forms.
recon
Package recon performs passive reconnaissance by aggregating multiple OSINT sources into a unified finding set.
Package recon performs passive reconnaissance by aggregating multiple OSINT sources into a unified finding set.
registroempresas
Package registroempresas consulta registros empresariais em fontes públicas brasileiras.
Package registroempresas consulta registros empresariais em fontes públicas brasileiras.
repochecker
Package repochecker performs deep analysis of public GitHub and GitLab repositories to find security-relevant information such as exposed secrets, leaked credentials, hardcoded API keys, sensitive file patterns, contributor metadata and repository health indicators.
Package repochecker performs deep analysis of public GitHub and GitLab repositories to find security-relevant information such as exposed secrets, leaked credentials, hardcoded API keys, sensitive file patterns, contributor metadata and repository health indicators.
s3enum
Package s3enum enumerates S3-compatible storage buckets — AWS S3, Google Cloud Storage, DigitalOcean Spaces, and Backblaze B2 — via common naming patterns and HTTP probing.
Package s3enum enumerates S3-compatible storage buckets — AWS S3, Google Cloud Storage, DigitalOcean Spaces, and Backblaze B2 — via common naming patterns and HTTP probing.
secretscan
Package secretscan scans text content for leaked secrets using regex patterns and Shannon entropy scoring — a faithful port of the gitleaks detection engine (MIT license: github.com/gitleaks/gitleaks).
Package secretscan scans text content for leaked secrets using regex patterns and Shannon entropy scoring — a faithful port of the gitleaks detection engine (MIT license: github.com/gitleaks/gitleaks).
sherlock
Package sherlock performs username enumeration across social networks and online platforms, modelled after the sherlock-project/sherlock tool (MIT).
Package sherlock performs username enumeration across social networks and online platforms, modelled after the sherlock-project/sherlock tool (MIT).
shodanwatch
Package shodanwatch provides continuous-monitoring-style Shodan queries: host info, CVE lookup by service, organization asset discovery, DNS resolve, and honeypot probability scoring.
Package shodanwatch provides continuous-monitoring-style Shodan queries: host info, CVE lookup by service, organization asset discovery, DNS resolve, and honeypot probability scoring.
shuffledns
Package shuffledns performs high-speed subdomain resolution and bruteforce using a built-in wordlist and concurrent DNS resolution.
Package shuffledns performs high-speed subdomain resolution and bruteforce using a built-in wordlist and concurrent DNS resolution.
smuggler
Package smuggler detects HTTP Request Smuggling vulnerabilities.
Package smuggler detects HTTP Request Smuggling vulnerabilities.
smuggling
Package smuggling implements HTTP Request Smuggling detection.
Package smuggling implements HTTP Request Smuggling detection.
socialmedia
Package socialmedia realiza coleta de dados públicos de múltiplas redes sociais.
Package socialmedia realiza coleta de dados públicos de múltiplas redes sociais.
socialscan
Package socialscan performs OSINT on social media profiles and usernames across 100+ platforms.
Package socialscan performs OSINT on social media profiles and usernames across 100+ platforms.
soft404
Package soft404 detects soft-404 responses — HTTP 200 pages that are semantically error pages, auth walls, anti-bot challenges, or wildcard-200 CMS templates.
Package soft404 detects soft-404 responses — HTTP 200 pages that are semantically error pages, auth walls, anti-bot challenges, or wildcard-200 CMS templates.
sqli
Package sqli implements SQL Injection detection via three complementary techniques.
Package sqli implements SQL Injection detection via three complementary techniques.
sslcheck
Package sslcheck analisa certificados TLS/SSL e configuração de segurança.
Package sslcheck analisa certificados TLS/SSL e configuração de segurança.
ssrfprobe
Package ssrfprobe detects Server-Side Request Forgery (SSRF) vulnerabilities by injecting out-of-band (OOB) callback URLs and in-band cloud metadata endpoint payloads into every URL parameter and common header injection points.
Package ssrfprobe detects Server-Side Request Forgery (SSRF) vulnerabilities by injecting out-of-band (OOB) callback URLs and in-band cloud metadata endpoint payloads into every URL parameter and common header injection points.
ssti
Package ssti implements Server-Side Template Injection (SSTI) detection.
Package ssti implements Server-Side Template Injection (SSTI) detection.
sstiprobe
Package sstiprobe implements Server-Side Template Injection (SSTI) detection.
Package sstiprobe implements Server-Side Template Injection (SSTI) detection.
subdiscovery
Package subdiscovery is a faithful port of projectdiscovery/subfinder (MIT License).
Package subdiscovery is a faithful port of projectdiscovery/subfinder (MIT License).
swaggerfuzz
Package swaggerfuzz performs automated API fuzzing driven by an OpenAPI/Swagger specification.
Package swaggerfuzz performs automated API fuzzing driven by an OpenAPI/Swagger specification.
takeover
Package takeover detects subdomain takeover candidates via CNAME dangling.
Package takeover detects subdomain takeover candidates via CNAME dangling.
telegramosint
Package telegramosint gathers open-source intelligence from public Telegram resources without requiring a user session or MTProto credentials.
Package telegramosint gathers open-source intelligence from public Telegram resources without requiring a user session or MTProto credentials.
threatintel
Package threatintel aggregates threat intelligence from multiple sources to classify IPs, domains, URLs, file hashes and email addresses.
Package threatintel aggregates threat intelligence from multiple sources to classify IPs, domains, URLs, file hashes and email addresses.
tlsaudit
Package tlsaudit audits TLS/SSL configuration of a remote server — an algorithmic reimplementation of testssl.sh (GPL Bash, drwetter/testssl.sh).
Package tlsaudit audits TLS/SSL configuration of a remote server — an algorithmic reimplementation of testssl.sh (GPL Bash, drwetter/testssl.sh).
tlsfinder
Package tlsfinder discovers subdomains via Certificate Transparency (CT) logs by querying the crt.sh public API and the Certspotter API.
Package tlsfinder discovers subdomains via Certificate Transparency (CT) logs by querying the crt.sh public API and the Certspotter API.
tribunais
Package tribunais consulta processos judiciais em bases públicas brasileiras.
Package tribunais consulta processos judiciais em bases públicas brasileiras.
truffler
Package truffler is a full reimplementation of trufflehog v3's secret detection engine, written from scratch to avoid the AGPL-3.0 license.
Package truffler is a full reimplementation of trufflehog v3's secret detection engine, written from scratch to avoid the AGPL-3.0 license.
udpprobe
Package udpprobe implements UDP service discovery for common protocols.
Package udpprobe implements UDP service discovery for common protocols.
uncover
Package uncover discovers exposed assets using internet-wide scanning engines.
Package uncover discovers exposed assets using internet-wide scanning engines.
urldedup
Package urldedup reduces a large URL set to a minimal representative subset.
Package urldedup reduces a large URL set to a minimal representative subset.
urlfinder
Package urlfinder extracts URLs from JavaScript files, HTML pages, and raw content by applying a set of regex and string-matching strategies.
Package urlfinder extracts URLs from JavaScript files, HTML pages, and raw content by applying a set of regex and string-matching strategies.
urlparse
Package urlparse extracts and classifies components from URLs.
Package urlparse extracts and classifies components from URLs.
userlookup
Package userlookup performs multi-source username enumeration across hundreds of online platforms, combining three public databases to maximize coverage.
Package userlookup performs multi-source username enumeration across hundreds of online platforms, combining three public databases to maximize coverage.
verbtamper
Package verbtamper tests HTTP Verb Tampering on discovered endpoints.
Package verbtamper tests HTTP Verb Tampering on discovered endpoints.
vulndb
Package vulndb queries public vulnerability databases for CVEs, advisories and known-exploited vulnerabilities affecting a target package, CPE or keyword.
Package vulndb queries public vulnerability databases for CVEs, advisories and known-exploited vulnerabilities affecting a target package, CPE or keyword.
vulnscan
Package vulnscan is an algorithmic reimplementation of projectdiscovery/nuclei (MIT License) HTTP template matching engine.
Package vulnscan is an algorithmic reimplementation of projectdiscovery/nuclei (MIT License) HTTP template matching engine.
vulnx
Package vulnx performs vulnerability scanning by combining technology fingerprinting with known CVE/exploit databases.
Package vulnx performs vulnerability scanning by combining technology fingerprinting with known CVE/exploit databases.
wafscan
Package wafscan implements WAF (Web Application Firewall) Detection and Bypass.
Package wafscan implements WAF (Web Application Firewall) Detection and Bypass.
wayback
Package wayback fetches historical URLs for a target domain from multiple sources: Wayback Machine CDX, Common Crawl, and VirusTotal (optional).
Package wayback fetches historical URLs for a target domain from multiple sources: Wayback Machine CDX, Common Crawl, and VirusTotal (optional).
webdav
Package webdav implements WebDAV misconfiguration detection.
Package webdav implements WebDAV misconfiguration detection.
webprobe
Package webprobe is a faithful port of projectdiscovery/httpx (MIT License).
Package webprobe is a faithful port of projectdiscovery/httpx (MIT License).
whatsapp
Package whatsapp realiza OSINT de números de WhatsApp via fontes públicas.
Package whatsapp realiza OSINT de números de WhatsApp via fontes públicas.
whois
Package whois performs WHOIS lookups via direct TCP connection to WHOIS servers (RFC 3912), with referral chaining (follow the "Registrar WHOIS Server" or "whois:" pointer in the response for authoritative results).
Package whois performs WHOIS lookups via direct TCP connection to WHOIS servers (RFC 3912), with referral chaining (follow the "Registrar WHOIS Server" or "whois:" pointer in the response for authoritative results).
wifite2
Package wifite2 provides a wrapper around the wifite2 wireless auditing tool.
Package wifite2 provides a wrapper around the wifite2 wireless auditing tool.
xssreflect
Package xssreflect detects reflected XSS candidates by injecting canary strings into URL parameters and checking whether dangerous characters survive unencoded in the response body.
Package xssreflect detects reflected XSS candidates by injecting canary strings into URL parameters and checking whether dangerous characters survive unencoded in the response body.
xssscan
Package xssscan is an algorithmic reimplementation of hahwul/dalfox XSS scanning engine.
Package xssscan is an algorithmic reimplementation of hahwul/dalfox XSS scanning engine.
xxeprobe
Package xxeprobe detects XML External Entity (XXE) injection vulnerabilities by injecting XXE payloads into XML-accepting endpoints and analysing in-band responses.
Package xxeprobe detects XML External Entity (XXE) injection vulnerabilities by injecting XXE payloads into XML-accepting endpoints and analysing in-band responses.
pkg
httpclient
Package httpclient provides a shared, configurable HTTP client for all modules.
Package httpclient provides a shared, configurable HTTP client for all modules.
module
Package module defines the core interface that every blackhorn-modules implementation must satisfy.
Package module defines the core interface that every blackhorn-modules implementation must satisfy.
registry
Package registry — catalog.go registers all available blackhorn-modules into the global registry at program startup.
Package registry — catalog.go registers all available blackhorn-modules into the global registry at program startup.
template
Package template implements the BLACKHORN internal template engine.
Package template implements the BLACKHORN internal template engine.
urlutil
Package urlutil provides shared URL helpers used across multiple modules.
Package urlutil provides shared URL helpers used across multiple modules.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL