Skip to content
This repository was archived by the owner on Jul 5, 2026. It is now read-only.

Openxosdev/openxos-probe

Repository files navigation

openxos-probe

HTTP reconnaissance & security analysis tool for bug bounty hunters

License: MIT Rust Tests Build


Overview

openxos-probe transforms subdomain lists into actionable intelligence through comprehensive HTTP probing, technology fingerprinting, and security analysis.

Built in Rust for extreme performance with 144 passing tests.


Features

Core Probing

  • Async HTTP/HTTPS probing with tokio::join!
  • Parallel protocol testing (both fired simultaneously)
  • DNS caching with DashMap (5-min TTL)
  • Connection pooling (10 idle per host)
  • TCP optimization (tcp_nodelay)
  • Configurable concurrency (default 50, max 500)

Technology Detection

  • 200+ tech signatures
  • Aho-Corasick SIMD pattern matching (10x faster)
  • 50 path probes in parallel
  • Favicon hashing (MD5)
  • JS framework detection (React, Vue, Angular, Next.js, Svelte)
  • Source map detection

Security Analysis

  • WAF detection (Cloudflare, Akamai, Imperva, AWS WAF, etc.)
  • Security headers (CSP, HSTS, X-Frame, Referrer-Policy)
  • Cookie security (HttpOnly, Secure, SameSite)
  • Cache analysis for sensitive endpoints
  • Information disclosure (.env, .git/config, stack traces)
  • TLS certificate analysis
  • Redirect chain analysis
  • Content-Type mismatch detection

API Discovery

  • WebSocket detection (/ws, /socket.io)
  • GraphQL introspection
  • OpenAPI/Swagger discovery (17 paths)
  • HTTP method enumeration (with --aggressive)

Cloud & Infrastructure

  • Cloud provider detection (AWS, GCP, Azure, Vercel, Netlify, Cloudflare)
  • Certificate transparency (crt.sh)
  • Subdomain takeover detection
  • SSRF vector detection
  • Rate limit intelligence

Operations

  • Continuous monitoring mode
  • Webhook notifications (Discord/Slack)
  • SQLite persistence with query API
  • Multiple output formats (Terminal, JSON, CSV)

Installation

Via Cargo (Recommended)

cargo install openxos-probe
openxos-probe --version

From Source

git clone https://github.com/Openxosdev/openxos-probe
cd openxos-probe
cargo build --release
./target/release/openxos-probe --version

Quick Start

# Basic scan
openxos-probe --input subdomains.txt

# Fast mode (skip slow checks)
openxos-probe --input subdomains.txt --fast

# Aggressive mode (HTTP method enumeration)
openxos-probe --input subdomains.txt --aggressive

# JSON output
openxos-probe --input subdomains.txt --output json --output-file results.json

# High concurrency
openxos-probe --input subdomains.txt --concurrency 100 --timeout-secs 8

Usage Examples

Monitoring Mode

# Scan every hour with webhook
openxos-probe --input targets.txt --monitor --interval 3600 --webhook https://discord.com/api/webhooks/...

# Fast monitoring
openxos-probe --input targets.txt --monitor --interval 300 --fast

Integration with openxos-ghost

# Chain tools
ghost web --target example.com -o subs.txt
openxos-probe --input subs.txt --output json

# With monitoring
ghost web --target example.com -o subs.txt
openxos-probe --input subs.txt --monitor --interval 1800 --webhook $WEBHOOK_URL

Certificate Transparency

# Enable CT log lookup
openxos-probe --input targets.txt --ct-logs

# Combined with aggressive
openxos-probe --input targets.txt --ct-logs --aggressive

CLI Reference

Flag Default Description
-i, --input Required Input file with domains
-o, --output terminal Output format
--output-file stdout Output file path
-c, --concurrency 50 Max concurrent connections
--timeout-secs 10 Request timeout
--retries 1 Retry attempts
--fast false Skip slow checks
--aggressive false HTTP method enumeration
--monitor false Continuous monitoring
--interval 60 Monitoring interval (seconds)
--webhook - Webhook URL
--ct-logs false Certificate transparency
--cve-lookup false On-demand CVE lookup
--insecure false Skip TLS validation
--db probe.db Database path

Configuration

Create openxos-probe.toml:

input = "subdomains.txt"
output = "json"
concurrency = 80
timeout_secs = 8
retries = 2
monitor = false
interval = 60
webhook = "https://discord.com/api/webhooks/..."
ct_logs = false
cve_lookup = false
fast = false
aggressive = false

Use: openxos-probe --config openxos-probe.toml


Performance

Mode 10 Domains Features
Fast ~8-10s Core + Security Headers
Normal ~12-15s Full analysis
Aggressive ~20-25s + HTTP methods

Optimizations

  • Parallel HTTP/HTTPS via tokio::join!
  • DNS caching (DashMap, 5-min TTL)
  • Connection pooling (10 idle per host)
  • TCP tcp_nodelay
  • SIMD pattern matching (Aho-Corasick)
  • Async DB writes

Security Findings

High Severity

  • Stack trace disclosure
  • Session cookie missing HttpOnly
  • HTTPS to HTTP downgrade
  • Subdomain takeover
  • CORS with wildcard + credentials

Medium Severity

  • Missing HSTS header
  • Missing X-Frame-Options
  • PUT/DELETE enabled
  • Sensitive endpoint cached
  • Cookie missing SameSite

Low Severity

  • Missing CSP header
  • Server version disclosure
  • X-Powered-By exposed

Database Query

# Custom SQL query
openxos-probe --db results.db --query "SELECT domain, status FROM probes WHERE alive = 1"

# By technology
openxos-probe --db results.db --query-tech "nginx"

# By findings
openxos-probe --db results.db --query-findings

Development

# Run tests
cargo test

# Format code
cargo fmt

# Lint
cargo clippy

# Build
cargo build --release

Dependencies

Core: reqwest, tokio, serde, rusqlite

Performance: dashmap, aho-corasick, x509-parser

CLI: clap, colored, indicatif


License

MIT License - Copyright (c) 2026-2027 Openxosdev

See LICENSE for details.


Support

If this tool is useful for your security work, consider supporting development:

Monero (XMR):

49DDzakQJoKKq5caPdeZMH1JoC1GERzbnTw7RFx5Zq4xFLiXgkNgxuEau4rXH3f5V29cbXPB4bxk1dy1YKxAiwZ9LvkaUCv

Links


For authorized security testing only

About

Fast, comprehensive security probe with WAF detection, TLS analysis, technology fingerprinting, and security findings

Topics

Resources

License

Stars

2 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages