SecWeb is an open-source reconnaissance engine that crawls newly discovered domains and subdomains daily.
It captures full-page HTML, takes screenshots, parses robots.txt, and extracts all visible URLs, including JS and API endpoints.
The data is compressed, structured, and pushed to a public GitHub archive — ready to power fuzzing, recon automation, or OSINT workflows.
SecWeb also builds a global robotsDisallowed.txt wordlist from real-world disallowed paths.
Use it for passive intelligence, brute-force prep, or training AI on real attack surfaces.
Everything is free, live, and ready to explore.
PWNSTORM is a structured methodology for discovering high-impact vulnerabilities through modern recon and exploit chains.
It focuses on trending, often-overlooked attack surfaces like JS endpoints, API misconfigurations, OAuth flows, and business logic flaws.
Instead of relying on generic scanners, PWNSTORM emphasizes signal-rich recon, source intelligence, and creative exploitation.
It blends manual analysis with automated workflows built for real-world impact.
Perfect for bug bounty hunters, red teamers, and researchers who want more than just surface-level testing.
Follow the storm — and break what others miss.
