ProjectDiscovery
@projectdiscovery.bsky.social
Detect real, exploitable vulnerabilities. Harness the power of Nuclei for fast and accurate findings without false positives.
Move beyond simple discovery. Pair Subfinder with httpx to instantly profile your attack surface by extracting tech stacks, status codes, and page titles at scale.
Command👉 subfinder -d target(.)com | httpx -sc -td -title
Command👉 subfinder -d target(.)com | httpx -sc -td -title
January 26, 2026 at 3:30 PM
Move beyond simple discovery. Pair Subfinder with httpx to instantly profile your attack surface by extracting tech stacks, status codes, and page titles at scale.
Command👉 subfinder -d target(.)com | httpx -sc -td -title
Command👉 subfinder -d target(.)com | httpx -sc -td -title
Reply with your answer! 👇
January 23, 2026 at 9:16 AM
Reply with your answer! 👇
ShuffleDNS is a fast Go tool for finding subdomains. It uses brute-force to identify valid targets and automatically filters out messy wildcard results
Command👉 shuffledns -d example(.)com -list wordlist(.)txt -r resolvers(.)txt
-r: Your list of DNS resolvers.
-list: Your subdomain wordlist.
Command👉 shuffledns -d example(.)com -list wordlist(.)txt -r resolvers(.)txt
-r: Your list of DNS resolvers.
-list: Your subdomain wordlist.
January 22, 2026 at 2:02 AM
ShuffleDNS is a fast Go tool for finding subdomains. It uses brute-force to identify valid targets and automatically filters out messy wildcard results
Command👉 shuffledns -d example(.)com -list wordlist(.)txt -r resolvers(.)txt
-r: Your list of DNS resolvers.
-list: Your subdomain wordlist.
Command👉 shuffledns -d example(.)com -list wordlist(.)txt -r resolvers(.)txt
-r: Your list of DNS resolvers.
-list: Your subdomain wordlist.
Vuln backlog triage is mostly mechanical. Neo pulls findings, clusters + prioritizes with your context, reproduces in an isolated sandbox, captures evidence, drafts remediation, and updates tickets until closure. See it: projectdiscovery.io
ProjectDiscovery - Vulnerability management reimagined
Stop chasing false positives. ProjectDiscovery delivers real, exploitable vulnerability findings across your entire attack surface—validated at runtime and prioritized by impact.
projectdiscovery.io
January 21, 2026 at 7:26 PM
Vuln backlog triage is mostly mechanical. Neo pulls findings, clusters + prioritizes with your context, reproduces in an isolated sandbox, captures evidence, drafts remediation, and updates tickets until closure. See it: projectdiscovery.io
Stop just finding subdomains. Start finding endpoints. 🕸️
Recon doesn't end with a list of domains. By piping subfinder and httpx into katana, you can automatically crawl and map out the entire attack surface of a target in seconds.👇
#Recon #Katana #Subfinder
Recon doesn't end with a list of domains. By piping subfinder and httpx into katana, you can automatically crawl and map out the entire attack surface of a target in seconds.👇
#Recon #Katana #Subfinder
January 20, 2026 at 1:14 AM
Stop just finding subdomains. Start finding endpoints. 🕸️
Recon doesn't end with a list of domains. By piping subfinder and httpx into katana, you can automatically crawl and map out the entire attack surface of a target in seconds.👇
#Recon #Katana #Subfinder
Recon doesn't end with a list of domains. By piping subfinder and httpx into katana, you can automatically crawl and map out the entire attack surface of a target in seconds.👇
#Recon #Katana #Subfinder
Security work doesn’t fit in a 15‑minute coding loop. Neo is an AI security copilot that plans + executes long‑running security tasks (recon, threat modeling, testing, triage) with real tools (browser, terminal, APIs.) See Neo in action: projectdiscovery.io
January 19, 2026 at 2:02 PM
Security work doesn’t fit in a 15‑minute coding loop. Neo is an AI security copilot that plans + executes long‑running security tasks (recon, threat modeling, testing, triage) with real tools (browser, terminal, APIs.) See Neo in action: projectdiscovery.io
Here’s a technical look at discovery methods that adapt over time, including cert-based discovery and recursive subdomain expansion. If you’re doing recon or external asset discovery, this is a solid overview of techniques beyond basic DNS bruteforce.
📖 projectdiscovery.io/blog/surfaci...
📖 projectdiscovery.io/blog/surfaci...
Surfacing the real attack surface: Advances in asset discovery — ProjectDiscovery Blog
Introduction
Accurate external asset discovery remains a moving target for security teams at scale. What’s actually exposed is hard to pin down, regardless of how many inventories or spreadsheets an ...
projectdiscovery.io
January 15, 2026 at 2:13 PM
Here’s a technical look at discovery methods that adapt over time, including cert-based discovery and recursive subdomain expansion. If you’re doing recon or external asset discovery, this is a solid overview of techniques beyond basic DNS bruteforce.
📖 projectdiscovery.io/blog/surfaci...
📖 projectdiscovery.io/blog/surfaci...
🌀Naabu + Nmap = Port scan faster and inspect deeper.
Stop wasting time with slow, full-range scans!
Scan a host for open ports and use Nmap to detect the service versions.
Use this 👇
naabu -host projectdiscovery(.)io -nmap-cli ‘nmap -sV’
#naabu #hackwithautomation #portscan
Stop wasting time with slow, full-range scans!
Scan a host for open ports and use Nmap to detect the service versions.
Use this 👇
naabu -host projectdiscovery(.)io -nmap-cli ‘nmap -sV’
#naabu #hackwithautomation #portscan
January 3, 2026 at 3:02 AM
🌀Naabu + Nmap = Port scan faster and inspect deeper.
Stop wasting time with slow, full-range scans!
Scan a host for open ports and use Nmap to detect the service versions.
Use this 👇
naabu -host projectdiscovery(.)io -nmap-cli ‘nmap -sV’
#naabu #hackwithautomation #portscan
Stop wasting time with slow, full-range scans!
Scan a host for open ports and use Nmap to detect the service versions.
Use this 👇
naabu -host projectdiscovery(.)io -nmap-cli ‘nmap -sV’
#naabu #hackwithautomation #portscan
Welcome, 2026!
We look forward to building more great things with you in the new year!
With AI-driven threats emerging as the major challenge, our focus is clear: to bring you the defense you'll need for cutting-edge Attack Surface Management.
#HappyNewYear #Infosec #2026
We look forward to building more great things with you in the new year!
With AI-driven threats emerging as the major challenge, our focus is clear: to bring you the defense you'll need for cutting-edge Attack Surface Management.
#HappyNewYear #Infosec #2026
January 1, 2026 at 4:02 AM
Welcome, 2026!
We look forward to building more great things with you in the new year!
With AI-driven threats emerging as the major challenge, our focus is clear: to bring you the defense you'll need for cutting-edge Attack Surface Management.
#HappyNewYear #Infosec #2026
We look forward to building more great things with you in the new year!
With AI-driven threats emerging as the major challenge, our focus is clear: to bring you the defense you'll need for cutting-edge Attack Surface Management.
#HappyNewYear #Infosec #2026
For 2026, the next generation of Attack Surface Management isn't just about seeing more; it's about knowing what's real.
Want to learn why your security strategy needs proof?
➡️ Get our latest report now: https://projectdiscovery.io/whitepapers/attack-surface-management-2025
Want to learn why your security strategy needs proof?
➡️ Get our latest report now: https://projectdiscovery.io/whitepapers/attack-surface-management-2025
December 30, 2025 at 11:31 PM
For 2026, the next generation of Attack Surface Management isn't just about seeing more; it's about knowing what's real.
Want to learn why your security strategy needs proof?
➡️ Get our latest report now: https://projectdiscovery.io/whitepapers/attack-surface-management-2025
Want to learn why your security strategy needs proof?
➡️ Get our latest report now: https://projectdiscovery.io/whitepapers/attack-surface-management-2025
🌀Happy Holidays to everyone in our community who is celebrating!
We hope you all have a wonderful time recharging and connecting with loved ones.
[+] Santa_v2025.zip 🎅
— The ProjectDiscovery Team
We hope you all have a wonderful time recharging and connecting with loved ones.
[+] Santa_v2025.zip 🎅
— The ProjectDiscovery Team
December 25, 2025 at 12:45 PM
🌀Happy Holidays to everyone in our community who is celebrating!
We hope you all have a wonderful time recharging and connecting with loved ones.
[+] Santa_v2025.zip 🎅
— The ProjectDiscovery Team
We hope you all have a wonderful time recharging and connecting with loved ones.
[+] Santa_v2025.zip 🎅
— The ProjectDiscovery Team
Need to isolate common ports on a single host?
Use Naabu to target specific, common ports and save the results for your next step.👇
Use Naabu to target specific, common ports and save the results for your next step.👇
December 21, 2025 at 8:02 PM
Need to isolate common ports on a single host?
Use Naabu to target specific, common ports and save the results for your next step.👇
Use Naabu to target specific, common ports and save the results for your next step.👇
2025 proved one thing: the gap between disclosure and exploitation is gone.
We broke down the 5 vulnerabilities that actually shaped attacker behavior this year.
Read the full analysis 👇
projectdiscovery.io/blog/year-in...
We broke down the 5 vulnerabilities that actually shaped attacker behavior this year.
Read the full analysis 👇
projectdiscovery.io/blog/year-in...
December 18, 2025 at 9:40 PM
2025 proved one thing: the gap between disclosure and exploitation is gone.
We broke down the 5 vulnerabilities that actually shaped attacker behavior this year.
Read the full analysis 👇
projectdiscovery.io/blog/year-in...
We broke down the 5 vulnerabilities that actually shaped attacker behavior this year.
Read the full analysis 👇
projectdiscovery.io/blog/year-in...
🚨 We’re presenting at #NahamCon24!
Join us at 1:30 PM PT for a hands-on recon deep dive using free ProjectDiscovery tools: Subfinder → ShuffleDNS → AlterX → Katana + URLFinder
Learn smart patterns, QPS tuning, rate-limit strategies, and see real demos in action.
🎟️Free registration: www.nahamcon.com
Join us at 1:30 PM PT for a hands-on recon deep dive using free ProjectDiscovery tools: Subfinder → ShuffleDNS → AlterX → Katana + URLFinder
Learn smart patterns, QPS tuning, rate-limit strategies, and see real demos in action.
🎟️Free registration: www.nahamcon.com
NahamCon - A Virtual Security Conference
www.nahamcon.com
December 17, 2025 at 3:58 PM
🚨 We’re presenting at #NahamCon24!
Join us at 1:30 PM PT for a hands-on recon deep dive using free ProjectDiscovery tools: Subfinder → ShuffleDNS → AlterX → Katana + URLFinder
Learn smart patterns, QPS tuning, rate-limit strategies, and see real demos in action.
🎟️Free registration: www.nahamcon.com
Join us at 1:30 PM PT for a hands-on recon deep dive using free ProjectDiscovery tools: Subfinder → ShuffleDNS → AlterX → Katana + URLFinder
Learn smart patterns, QPS tuning, rate-limit strategies, and see real demos in action.
🎟️Free registration: www.nahamcon.com
Tired of dealing with duplicate results in your scans?
Httpx now has a cool feature for that: Filter Duplicates Tag!
It allows you to filter duplicates as you scan, saving you time and giving you cleaner results.
See how it works in 1 min 👇
Httpx now has a cool feature for that: Filter Duplicates Tag!
It allows you to filter duplicates as you scan, saving you time and giving you cleaner results.
See how it works in 1 min 👇
ProjectDiscovery Tips and Tricks - Filter Duplicates Tag!
As we get into 2025, we're back with another PD Tips and Tricks video to help improve your workflow. This time, we're focusing on a cool feature of httpx tha...
youtu.be
December 16, 2025 at 10:02 PM
Tired of dealing with duplicate results in your scans?
Httpx now has a cool feature for that: Filter Duplicates Tag!
It allows you to filter duplicates as you scan, saving you time and giving you cleaner results.
See how it works in 1 min 👇
Httpx now has a cool feature for that: Filter Duplicates Tag!
It allows you to filter duplicates as you scan, saving you time and giving you cleaner results.
See how it works in 1 min 👇
Security leaders are aligned on this: the perimeter didn’t vanish… it became more dynamic, distributed, and influenced by AI-driven reconnaissance. As a result, visibility isn’t enough. Learn more: projectdiscovery.io/whitepapers/...
December 15, 2025 at 9:07 PM
Security leaders are aligned on this: the perimeter didn’t vanish… it became more dynamic, distributed, and influenced by AI-driven reconnaissance. As a result, visibility isn’t enough. Learn more: projectdiscovery.io/whitepapers/...
Tired of your recon data getting bloated with static files?
Here is a quick katana one-liner to actively crawl deep, parse JS, and strip out the noise (css, svg, fonts, etc.) automatically.👇
katana -u subdomains_alive.txt -d 5 -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
Here is a quick katana one-liner to actively crawl deep, parse JS, and strip out the noise (css, svg, fonts, etc.) automatically.👇
katana -u subdomains_alive.txt -d 5 -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
December 15, 2025 at 6:31 PM
Tired of your recon data getting bloated with static files?
Here is a quick katana one-liner to actively crawl deep, parse JS, and strip out the noise (css, svg, fonts, etc.) automatically.👇
katana -u subdomains_alive.txt -d 5 -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
Here is a quick katana one-liner to actively crawl deep, parse JS, and strip out the noise (css, svg, fonts, etc.) automatically.👇
katana -u subdomains_alive.txt -d 5 -kf -jc -fx -ef woff,css,png,svg,jpg,woff2,jpeg,gif,svg -o allurls.txt
@NahamSec hacked a Wordpress website using Neo
Watch it now → https://youtu.be/AnVONITvWw4?si=VW8RD_xDzogwXFqv
Watch it now → https://youtu.be/AnVONITvWw4?si=VW8RD_xDzogwXFqv
December 15, 2025 at 1:31 AM
@NahamSec hacked a Wordpress website using Neo
Watch it now → https://youtu.be/AnVONITvWw4?si=VW8RD_xDzogwXFqv
Watch it now → https://youtu.be/AnVONITvWw4?si=VW8RD_xDzogwXFqv
Your company passwords could be sitting in a malware log right now.
Don't wait for a breach to find out. We built free credential monitoring so you can spot exposures before attackers exploit them.
Try it → https://cloud.projectdiscovery.io/leaks
Don't wait for a breach to find out. We built free credential monitoring so you can spot exposures before attackers exploit them.
Try it → https://cloud.projectdiscovery.io/leaks
December 13, 2025 at 11:02 PM
Your company passwords could be sitting in a malware log right now.
Don't wait for a breach to find out. We built free credential monitoring so you can spot exposures before attackers exploit them.
Try it → https://cloud.projectdiscovery.io/leaks
Don't wait for a breach to find out. We built free credential monitoring so you can spot exposures before attackers exploit them.
Try it → https://cloud.projectdiscovery.io/leaks
Ever wonder if you can run Nuclei across multiple bug bounty programs effectively? 🤔
That's exactly what @NahamSec did a year ago! See how he leveraged Nuclei in diverse bug bounty programs to maximize his hunting.
Watch the video and get inspired👇
That's exactly what @NahamSec did a year ago! See how he leveraged Nuclei in diverse bug bounty programs to maximize his hunting.
Watch the video and get inspired👇
Running Nuclei On All My Bug Bounty Programs
LIKE and SUBSCRIBE with NOTIFICATIONS ON if you enjoyed the video! 👍📚 If you want to learn bug bounty hunting from me: https://bugbounty.nahamsec.training...
youtu.be
December 11, 2025 at 6:31 PM
Ever wonder if you can run Nuclei across multiple bug bounty programs effectively? 🤔
That's exactly what @NahamSec did a year ago! See how he leveraged Nuclei in diverse bug bounty programs to maximize his hunting.
Watch the video and get inspired👇
That's exactly what @NahamSec did a year ago! See how he leveraged Nuclei in diverse bug bounty programs to maximize his hunting.
Watch the video and get inspired👇
How do you get comprehensive DNS insights from your subdomain list?
This powerful one-liner (cat subdomains.txt | dnsx -resp -o dns_responses.txt) helps you:
✅ Process lists of subdomains
✅ Perform rapid DNS resolution
✅ Save all responses for analysis
Streamline your recon workflow!
This powerful one-liner (cat subdomains.txt | dnsx -resp -o dns_responses.txt) helps you:
✅ Process lists of subdomains
✅ Perform rapid DNS resolution
✅ Save all responses for analysis
Streamline your recon workflow!
December 10, 2025 at 5:31 PM
How do you get comprehensive DNS insights from your subdomain list?
This powerful one-liner (cat subdomains.txt | dnsx -resp -o dns_responses.txt) helps you:
✅ Process lists of subdomains
✅ Perform rapid DNS resolution
✅ Save all responses for analysis
Streamline your recon workflow!
This powerful one-liner (cat subdomains.txt | dnsx -resp -o dns_responses.txt) helps you:
✅ Process lists of subdomains
✅ Perform rapid DNS resolution
✅ Save all responses for analysis
Streamline your recon workflow!
🚨 New launch: Introducing Neo, your new AI security engineer.
Neo executes complex, time-intensive security workflows across your stack.
📅 Request a demo to watch it work in your environment:
🔗 neo.projectdiscovery.io
Neo executes complex, time-intensive security workflows across your stack.
📅 Request a demo to watch it work in your environment:
🔗 neo.projectdiscovery.io
Neo - AI Security Engineer
The AI security engineer that executes complex and time-intensive tasks, enabling your team to scale operations and maintain continuous, proactive security.
neo.projectdiscovery.io
December 9, 2025 at 12:45 AM
🚨 New launch: Introducing Neo, your new AI security engineer.
Neo executes complex, time-intensive security workflows across your stack.
📅 Request a demo to watch it work in your environment:
🔗 neo.projectdiscovery.io
Neo executes complex, time-intensive security workflows across your stack.
📅 Request a demo to watch it work in your environment:
🔗 neo.projectdiscovery.io
Looking for a better way to store and manage your Nuclei scan results?
MongoDB support allows you to export all your scan results to a MongoDB database for enhanced storage and reporting.
Watch this one-minute video to see how it works 👇
MongoDB support allows you to export all your scan results to a MongoDB database for enhanced storage and reporting.
Watch this one-minute video to see how it works 👇
ProjectDiscovery Tips and Tricks - MongoDB!
In this week's PD tips and tricks video, we're highlighting a feature of Nuclei that enhances your scanning and reporting process in Nuclei.MongoDB support w...
youtu.be
December 7, 2025 at 11:02 PM
Looking for a better way to store and manage your Nuclei scan results?
MongoDB support allows you to export all your scan results to a MongoDB database for enhanced storage and reporting.
Watch this one-minute video to see how it works 👇
MongoDB support allows you to export all your scan results to a MongoDB database for enhanced storage and reporting.
Watch this one-minute video to see how it works 👇
You've implemented a Content Security Policy (CSP) for your web application – great!
But here's the catch: a CSP bypass occurs when an attacker finds a way around those restrictions. This often stems from improperly configured CSP headers, leaving your app vulnerable.
(🧵👇)
But here's the catch: a CSP bypass occurs when an attacker finds a way around those restrictions. This often stems from improperly configured CSP headers, leaving your app vulnerable.
(🧵👇)
December 7, 2025 at 12:02 AM
You've implemented a Content Security Policy (CSP) for your web application – great!
But here's the catch: a CSP bypass occurs when an attacker finds a way around those restrictions. This often stems from improperly configured CSP headers, leaving your app vulnerable.
(🧵👇)
But here's the catch: a CSP bypass occurs when an attacker finds a way around those restrictions. This often stems from improperly configured CSP headers, leaving your app vulnerable.
(🧵👇)
Need to quickly map a target's tech stack? 👀
This command combines subfinder, httpx, and nuclei to detect web technologies on live subdomains, giving you crucial insights for your next steps.
subfinder -d target(.)com -silent | httpx | nuclei -t technologies/tech-detect).)yaml
This command combines subfinder, httpx, and nuclei to detect web technologies on live subdomains, giving you crucial insights for your next steps.
subfinder -d target(.)com -silent | httpx | nuclei -t technologies/tech-detect).)yaml
December 5, 2025 at 10:02 PM
Need to quickly map a target's tech stack? 👀
This command combines subfinder, httpx, and nuclei to detect web technologies on live subdomains, giving you crucial insights for your next steps.
subfinder -d target(.)com -silent | httpx | nuclei -t technologies/tech-detect).)yaml
This command combines subfinder, httpx, and nuclei to detect web technologies on live subdomains, giving you crucial insights for your next steps.
subfinder -d target(.)com -silent | httpx | nuclei -t technologies/tech-detect).)yaml