Gobuster
Gobuster Gobuster is the high-speed HTTP directory and vhost prober that slams wordlists against endpoints, uncovering hidden paths or virtual hosts with extension support for thorough recon. Run its Go CLI with -u for URLs and -w for dicts, filtering statuses for clean hits in discovery chains. Open-source from OJ, it's the brute bouncer for pentesters templating path probes into asset maps.
Explore →ffuf
ffuf ffuf is the versatile HTTP fuzzer for probing params, directories, and vhosts with wordlist mutations, recursion, and response filters for efficient endpoint discovery. Configure via CLI with -u and -w, exporting JSON for scripted follow-ups on anomalies. Open-source Go tool from ffuf, it's the mutation maestro for recon rangers carving web surfaces dynamically.
Explore →Dirsearch
Dirsearch Dirsearch is the recursive HTTP enumerator that deploys wordlists with extensions, detecting redirects or forbidden paths for mapping app structures in passive-active hybrids. Launch its Python CLI on scopes with --random-agent for stealth, saving CSV for vuln scanners. Open-source from maurosoria, it's the dir diver for OSINT pros wordlisting hidden realms.
Explore →Feroxbuster
Feroxbuster Feroxbuster is the Rust-forged HTTP crawler with auto-calibration, probing directories and files with status/recursion filters for high-fidelity asset discovery. Tune via CLI with --auto-tune and --limit-rate, outputting structured data for pipelines. Open-source from michenriksen, it's the ferret for fuzzers sniffing param trails relentlessly.
Explore →Hakrawler
Hakrawler Hakrawler is the JS-aware HTTP crawler that extracts URLs and forms from responses, probing for hidden endpoints with depth control for focused recon without brute noise. Run its Go binary on seeds with -plain for outputs, chaining to Gobuster for depth. Open-source from hakluke, it's the link liberator for web explorers templating passive path gathering.
Explore →Gospider
Gospider Gospider is the lightning-fast HTTP spider that probes JS-rendered paths and subresources, discovering endpoints with scope limits for modern SPA recon. Launch its Go CLI with -s for sites and -t for threads, exporting for further fuzzing. Open-source from jaeles-project, it's the spider speedster for pentesters scaling HTTP discovery dynamically.
Explore →Katana
Katana Katana is the next-gen HTTP crawler for URL and param enum, probing sitemaps/robots with JS support to uncover directories in single-page apps. Run its Go binary with -u for seeds and -jc for crawling, filtering outputs for clean lists. Open-source from projectdiscovery, it's the cutting-edge cartographer for web mappers templating discovery.
Explore →Photon
Photon Photon is the intelligent HTTP crawler that extracts intel like emails and URLs from pages, probing for hidden forms or APIs with JS rendering for deep recon. Configure via Python CLI with -l for links, saving outputs for wfuzz. Open-source from s0md3v, it's the intel ingatherer for OSINT pentesters templating passive HTTP harvesting.
Explore →Aquatone
Aquatone Aquatone is the visual HTTP prober that screenshots subdomains and paths, discovering endpoints with wordlists for quick asset triage in recon phases. Run its Go binary with --domain for targets, chaining to browsers for captures. Open-source from michenriksen, it's the visual voyager for web mappers templating subdomain snapshots.
Explore →waybackurls