Skip to main content
Security components wrap popular open-source tools for subdomain discovery, DNS resolution, port scanning, and secret detection.

Subdomain Discovery

Subfinder

GitHub · Docker: projectdiscovery/subfinder
Discovers subdomains using passive sources.
InputTypeDescription
domainsArrayTarget domains to enumerate
providerConfigSecretOptional provider-config.yaml for authenticated sources
OutputTypeDescription
subdomainsArrayDiscovered subdomain hostnames
rawOutputStringRaw tool output
subdomainCountNumberTotal subdomains found
Example command: subfinder -d example.com -silent

Amass

GitHub · Docker: owaspamass/amass
Active and passive subdomain enumeration.
InputTypeDescription
domainsArrayTarget domains
modeSelectpassive or active
ParameterTypeDescription
timeoutNumberTimeout in minutes
maxDnsNumberMax DNS queries per second

ShuffleDNS + MassDNS

GitHub (ShuffleDNS) · GitHub (MassDNS) · Docker: ghcr.io/shipsecai/shuffledns-massdns
High-performance DNS bruteforcing and resolution. This is a combined image that has both ShuffleDNS with MassDNS pre-installed.
InputTypeDescription
domainsArrayTarget domains
wordlistFileWordlist for bruteforcing
resolversArrayCustom DNS resolvers

DNS Resolution

DNSX

GitHub · Docker: projectdiscovery/dnsx
Resolves DNS records with support for multiple record types and custom resolvers.
InputTypeDescription
domainsArrayDomains to resolve
recordTypesArrayDNS types: A, AAAA, CNAME, MX, NS, TXT, etc.
resolversArrayCustom resolver IPs (e.g., 1.1.1.1:53)
ParameterTypeDescription
threadsNumberConcurrent workers (default: 100)
retryCountNumberRetry attempts (default: 2)
rateLimitNumberRequests per second
showCdnBooleanAnnotate CDN providers
showAsnBooleanInclude ASN info
OutputTypeDescription
resultsArrayDNS responses grouped by record type
resolvedHostsArrayUnique resolved hostnames
rawOutputStringRaw JSONL output

HTTP Probing

httpx

GitHub · Docker: projectdiscovery/httpx
Probes hosts for live HTTP services and captures response metadata.
InputTypeDescription
targetsArrayHostnames or URLs to probe
ParameterTypeDescription
portsStringComma-separated ports (e.g., “80,443,8080”)
statusCodesStringFilter by HTTP status codes
threadsNumberConcurrency level
followRedirectsBooleanFollow HTTP redirects
tlsProbeBooleanProbe TLS endpoints
pathStringSpecific path to probe
OutputTypeDescription
resultsArrayHTTP response metadata
rawOutputStringRaw httpx JSON lines
Example command: httpx -l targets.txt -json -status-code 200,301

Port Scanning

Naabu

GitHub · Docker: projectdiscovery/naabu
Fast active port scanning using SYN/CONNECT probes.
InputTypeDescription
targetsArrayHostnames or IPs to scan
ParameterTypeDescription
portsStringCustom ports (e.g., “80,443,1000-2000”)
topPortsNumberScan top N common ports
rateNumberPackets per second
retriesNumberRetry attempts per port
enablePingBooleanPing probe before scanning
OutputTypeDescription
findingsArrayOpen ports per target
openPortCountNumberTotal open ports found
Example command: naabu -host scanme.sh -top-ports 100

Vulnerability Scanning

Nuclei

GitHub · Docker: ghcr.io/shipsecai/nuclei
Template-based vulnerability scanning. This is nuclei custom image with nuclei-templates baked in.
InputTypeDescription
targetsArrayURLs or hosts to scan
templatesArrayTemplate IDs or paths
ParameterTypeDescription
severityArrayFilter by severity (critical, high, medium, low)
rateNumberRequests per second
concurrencyNumberParallel template executions
OutputTypeDescription
findingsArrayDetected vulnerabilities
criticalCountNumberCritical findings count

Secret Detection

TruffleHog

GitHub · Docker: trufflesecurity/trufflehog
Scans for leaked credentials across repositories, filesystems, and cloud storage.
InputTypeDescription
scanTargetStringRepository URL, path, bucket, or image
scanTypeSelectgit, github, gitlab, s3, filesystem, docker
ParameterTypeDescription
onlyVerifiedBooleanShow only verified secrets (default: true)
branchStringSpecific branch to scan
sinceCommitStringScan commits since reference (for PR scanning)
OutputTypeDescription
secretsArrayDetected secrets with verification status
verifiedCountNumberNumber of verified secrets
hasVerifiedSecretsBooleanAlert flag
Example command: trufflehog git https://github.com/org/repo --results=verified --json

Cloud Security

Prowler Scan

GitHub · Docker: prowlercloud/prowler
Cloud (AWS, Azure, GCP) security posture management. Best practices auditing.
InputTypeDescription
credentialsObjectAWS credentials
checksArraySpecific checks to run
ParameterTypeDescription
severityArrayFilter by severity
servicesArrayAWS services to audit

Supabase Scanner

GitHub · Docker: ghcr.io/shipsecai/supabase-scanner
Scans Supabase instances for misconfigurations.
InputTypeDescription
projectUrlStringSupabase project URL
apiKeySecretSupabase API key

Notifications

Notify

GitHub · Docker: projectdiscovery/notify
Sends alerts to Slack, Discord, Telegram, or email.
InputTypeDescription
messageStringAlert message
providerSelectslack, discord, telegram, email
configSecretProvider configuration

Example Workflow

A complete attack surface discovery pipeline: 
Manual Trigger (domains input)

Subfinder (subdomain discovery)

DNSx (DNS resolution)

httpx (HTTP probing)

Nuclei (vulnerability scanning)

Notify (notify team)