reconnaissance
Reconnaissance
Domain and web application reconnaissance. Discovers subdomains, open ports, endpoints, APIs, and JavaScript routes to build attack surface inventory.
Phases
Domain Assessment
- Subdomain Discovery - Passive DNS, certificate transparency, DNS brute-forcing, zone transfers
- Port Scanning - nmap/masscan (top 1000/10000/all), service detection, OS fingerprinting
- Service Enumeration - Version detection, banner grabbing, protocol-specific enumeration
Web Application Mapping
- Software Inventory - Dependencies, frameworks, SBOM generation
- Active Scanning - ffuf, gobuster, nikto, ZAP spider for directories/files
- API Discovery - REST, GraphQL, SOAP, WebSocket, Swagger/OpenAPI docs
- JavaScript & SPA - Client-side routes, dynamic scripts, browser storage
- Surface Analysis - Categorize attack surfaces, prioritize by risk
Output
More from transilienceai/communitytools
hackerone
HackerOne bug bounty automation - parses scope CSVs, deploys parallel pentesting agents per asset, validates PoCs, and generates platform-ready submission reports.
58social-engineering
Social engineering testing - phishing, pretexting, vishing, and physical security assessment techniques.
44ai-threat-testing
Offensive AI security testing and exploitation framework. Systematically tests LLM applications for OWASP Top 10 vulnerabilities including prompt injection, model extraction, data poisoning, and supply chain attacks. Integrates with pentest workflows to discover and exploit AI-specific threats.
43osint
Open-source intelligence gathering - company repository enumeration, secret scanning, git history analysis, employee footprint, and code exposure discovery.
42source-code-scanning
Security-focused source code review and SAST. Scans for vulnerabilities (OWASP Top 10, CWE Top 25), CVEs in third-party dependencies/packages, hardcoded secrets, malicious code, and insecure patterns. Use when given source code, a repo path, or asked to "audit", "scan", "review" code security, or "check dependencies for CVEs".
41web-app-logic
Web application logic testing - business logic flaws, race conditions, access control, cache poisoning/deception, and information disclosure.
40