The prompt is the main searchterm provided to the tool. This needs to be in a format required by the tool otherwise an error may be returned. For example some tools may require URLs while others may require IP addresses.
Some options may be required while others are optional. If there are no options, an empty object should be provided.
The default API key is provided as an example only. This will not work in your own applications. Register for a free account to get an API key.
This tool will download the HTML contents of the website and search for vulnerable keywords in the source code such as error strings, private secrets and known vulnerable keywords.
Enter a URL to crawl the website and extract its URLs. This tool can be used to discover hidden pages, directories, and files.
Enter a URL to extract resources from HTML entities including meta data, code comments and javascript files.
Enter a domain name or IP address to discover actively listening ports and services.
ICMP Host Discovery is a technique that uses ICMP (Internet Control Message Protocol) packets, such as ICMP Echo Request (ping), to determine the availability of hosts.
TCP SYN Host Discovery is technique that sends TCP SYN packets to specific ports to determine if the hosts are listening or closed.
TCP ACK Host Discovery is a technique that sends TCP ACK packets to specific ports to determine if the hosts are filtered or unfiltered.
UDP Host Discovery is a technique that sends UDP packets to specific ports to determine if the hosts are listening or closed.
IP Host Discovery is technique that involves scanning IP addresses within a network range to identify active hosts.
Enter a URL to find out what a website is built with including its web technology stack, web server, and web framework.
Enter a domain name to find out if it has been impersonated or squatted.
Enter a URL to analyze a website's HTTP headers to check for security vulnerabilities.
A HTTP request header is sent by a client to a server and includes fields like User-Agent, Host, and Accept, which might be of use in cybersecurity to detect malicious requests, fraud, or unauthorized access.
A HTTP response header is sent by the server to the client and includes fields such as Set-Cookie, Content-Security-Policy, and X-Frame-Options, which can help in implementing security measures like authentication, data integrity checks, and prevention against cross-site scripting or clickjacking attacks.
The Server field in an HTTP response header provides information about the software used by the origin server, including the name and version of the server software. In the context of cybersecurity, this information might be used by attackers to identify potential vulnerabilities specific to the server software version, so it's often recommended to minimize or obfuscate this information to reduce the potential attack surface.
Enter a URL to check which HTTP methods are enabled on a website and if they are secure.
An HTTP method is a verb used in the HTTP protocol to indicate the desired action to be performed on a specified resource. Common HTTP methods include GET (retrieve data), POST (submit data), PUT (update data), DELETE (remove data), and several others. HTTP methods are crucial to cybersecurity because they define the types of actions that can be taken on web resources. If not properly managed or restricted, malicious actors can exploit these methods to retrieve, modify, or delete data without authorization, leading to data breaches, data loss, or other cyber threats.
Common HTTP Headers such as: GET, HEAD, OPTIONS, TRACE
Common HTTP headers that can change data on the server such as: PUT, DELETE, CONNECT, POST, PATCH
Application-specific headers that can perform a variety of tasks including: PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, UNLOCK, NOTIFY, SUBSCRIBE, UNSUBSCRIBE, PATCH, SEARCH, CONNECT
Enter a URL to retrieve its local storage key-value pairs and test for security vulnerabilities.
Local storage is a web browser feature that allows websites to store data persistently on a user's device. Local storage can be exploited by cyber attackers through techniques like cross-site scripting (XSS) to steal or manipulate stored data, which might contain sensitive information such as user preferences, authentication tokens, or personal details, thereby posing a significant cybersecurity risk.
Local storage is often set by JavaScript, specifically Ajax requests that run after the page body has fully loaded. The Idle option allows you to wait a specified period of time for the network to go quiet before checking for local storage key-value pairs.
Enter a URL to scan a website for known JavaScript vulnerabilities.
Enter a URL to scan a website for open redirect vulnerabilities.