The Ultimate Open-Source OSINT & Web Security Hub | One tool. 25+ features. Infinite reconnaissance possibilities.
A blazing-fast, concurrent URL security scanner & OSINT toolkit built in Go with an extensible plugin architecture. Designed for security researchers, bug bounty hunters, penetration testers, and DevOps teams who need comprehensive reconnaissance in seconds, not hours.
Scan once. Get everything you need.
- Subdomain Discovery β Passive enumeration via cert transparency, DNS history, and archive APIs
- Historical URL & Archive Explorer β Uncover old admin panels, debug endpoints, leaked files
- Leaked Content Detection β Spot accidentally indexed directories, robots.txt disallows, exposed .git & .env files
- Social Surface Preview β Extract LinkedIn, GitHub, Twitter, social profiles exposed by the target
- Target Footprint Summary β One-card overview: hosting, ASN, country, tech stack, risk indicators
- WHOIS & Domain Intelligence β Registration details, nameservers, historical registrant info
- DNS Records Deep Dive β A, MX, NS, TXT, SOA records with historical changes
- IP & Geolocation Mapping β Hosting provider, autonomous system, country, data center details
- HTTP Security Header Scorecard β CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy with fixes
- TLS/SSL Health Report β Certificate validity, key strength, cipher suites, protocol versions, expiration warnings
- Missing Security Header Detection β Identify gaps, suggest implementations, provide snippets
- OWASP Security Baseline β Lightweight checks for reflective XSS, SQLi patterns, SSRF hints, path traversal indicators
- WAF/CDN Detection β Identify Cloudflare, Akamai, AWS Shield, ModSecurity fingerprints
- Deep HTTP Fingerprinting β Framework detection (Django, Rails, Laravel, Express, etc.), server software, middleware, language
- CMS & Plugin Enumeration β WordPress plugins, Drupal modules, Joomla versions with known vulnerabilities
- Frontend Framework Detection β React, Vue, Angular, Next.js versions and configurations
- JavaScript Dependency Analysis β Identify outdated libraries (jQuery, Bootstrap, etc.) via DOM inspection
- API Endpoint Discovery β GraphQL, REST APIs, WebSocket endpoints, deprecated API paths
- Port & Service Discovery β Top common ports with service identification (HTTP, HTTPS, SSH, FTP, etc.)
- SSL Certificate Chain Analysis β Full certificate hierarchy, issuer reputation, self-signed detection
- Threat Intelligence Integration β Optional hooks for IP reputation, malware blacklists, domain scores
- Real-Time Monitoring Mode β Scheduled rescans with webhook/Slack notifications on changes
- Dark Web & Paste Site Hints β Meta-level pointers for external threat intel searches (non-invasive)
- Multi-Format Outputs β JSON, SARIF, HTML, Markdown, CSV with customizable templates
- Shareable Scan Badges β GitHub README badges linking to scan results
- Beautiful HTML Reports β Severity tags, icons, remediation tips, proof-of-concept samples
- CLI + Web UI Parity β Every feature available in CLI and browser interface
- Scan Presets β "Quick Recon", "Bug Bounty", "Compliance Baseline" templates
- AI-Assisted Risk Summary β Auto-generate executive summaries with top 3 risks & business impact
- OSINT Graph Visualization β Visual attack surface mapping: domains β IPs β tech β third-parties
- Proof-Based Findings β Each issue includes HTTP samples, matched payload, "why it matters" explanations
- Interactive Onboarding β First-time user walkthrough with shareable report generation
- Community Plugin System β Extensible Go interfaces; featured community checks in the hub
- "Teach Me" Mode β Educational notes on each finding type for junior security learners
- Safe-by-Default Scanning β No destructive payloads, explicit consent warnings, privacy-first design
| Category | Features | Status |
|---|---|---|
| Recon & OSINT | Subdomains, Archives, Tech Stack, Social Links, Footprint | β Active |
| Web Security | Headers, TLS, OWASP Checks, Exposed Files, WAF Detection | β Active |
| Tech Detection | Fingerprinting, CMS, Frameworks, JS Libraries, APIs | β Active |
| Intelligence | Port Scanning, Cert Chain, Threat Intel Hooks, Monitoring | π Launching Soon |
| Reporting | JSON/SARIF/HTML, Badges, Presets, CLI Parity | π Launching Soon |
| AI & Trends | Risk Summaries, Graph Viz, Plugin System, "Teach Me" Mode | π― Q1 2026 |
β All-in-One Platform β 25+ checks in a single unified tool; no tool-chaining needed β Speed & Scale β Goroutine-based concurrency handles thousands of URLs in minutes β Privacy-First β Open source, self-hosted, no cloud data collection β Extensible β Plugin architecture for custom checks and integrations β Beautiful Output β Scan badges, interactive HTML reports, shareable findings β Community-Driven β Trending 2026 features: AI summaries, graphs, plugin ecosystem β DevOps Ready β JSON/SARIF output, CI/CD-friendly, GitHub Actions integration β Educational β "Teach Me" mode for junior security professionals learning on the job
# Clone and build
git clone https://github.com/DhanushNehru/urlhawkscanner.git
cd urlhawkscanner
go build -o urlhawkscanner
sudo mv urlhawkscanner /usr/local/bin/
# Or install directly
go install github.com/DhanushNehru/urlhawkscanner@latest# Scan a single URL (comprehensive OSINT + security)
urlhawkscanner -u https://example.com
# Scan a list of URLs with 50 concurrent workers
urlhawkscanner -l urls.txt -t 50
# Output to JSON for pipeline integration
urlhawkscanner -u https://example.com -f json -o report.json
# Generate shareable HTML report
urlhawkscanner -u https://example.com -f html -o scan.html
# Use a preset template (quick, complete, compliance)
urlhawkscanner -u https://example.com --preset bug-bounty
# Enable monitoring with Slack webhooks
urlhawkscanner -u https://example.com --monitor --slack-webhook https://hooks.slack.com/...# Launch the web interface
urlhawkscanner web
# Open http://localhost:3000 and start scanning visually- Complete Feature Guide β Deep dive into all 25+ features
- Architecture & Plugin System β Build custom checks
- CLI Reference β All flags and options
- Report Templates β HTML, JSON, SARIF, Markdown
- Integration Guides β GitHub Actions, CI/CD, Slack
Quickly enumerate attack surface, identify tech stacks, find misconfigurations β prioritize bounties.
Comprehensive reconnaissance phase; combined OSINT + security checks in one tool.
Compliance baseline scanning, security header audits, TLS certificate monitoring.
CI/CD integration, automated security baselines, real-time monitoring mode.
"Teach Me" mode explains each finding; open-source code to study Go concurrency patterns.
β¨ Trending Features:
- AI-Powered Risk Summaries β Auto-generate executive briefs in plain English
- Visual Attack Surface Graphs β See your target's entire tech ecosystem at a glance
- Community-Driven Plugins β Share and discover custom OSINT checks
- Privacy Advocate β Open source, no SaaS, runs locally
- One-Command Setup β Install, scan, get insights in 2 minutes
We thrive on community contributions! Whether it's new checks, bug fixes, docs, or plugin ideasβyour help makes this tool legendary.
- Fork the repository
- Create a feature branch:
git checkout -b feature/awesome-check - Commit with clear messages:
git commit -m 'Add X-Auth-Token header check' - Push and open a Pull Request
π See CONTRIBUTING.md for detailed guidelines.
π Scan Report: https://example.com
βββ π΄ Critical Issues (1)
β βββ Missing HSTS Header
β βββ Weak TLS Protocol (SSLv3 detected)
βββ π‘ Warnings (5)
β βββ Outdated jQuery (1.8.2)
β βββ Exposed Git Repository
β βββ Debug Mode Enabled
βββ β
Passed (12)
βββ Strong CSP Policy
βββ X-Content-Type-Options Set
βββ HTTPS Enforced
π― Risk Score: 6/10 | AI Summary: "High-priority TLS upgrade needed."
| Task | Time | URLs/Sec |
|---|---|---|
| Scan 1 URL (full checks) | ~2-3s | - |
| Scan 100 URLs (t=10) | ~15s | ~6.7 URLs/s |
| Scan 1000 URLs (t=50) | ~45s | ~22 URLs/s |
| Scan 10K URLs (t=100) | ~8m | ~20 URLs/s |
Benchmarks on modest hardware; results vary by network latency.
- Core scanning engine
- CLI & Web UI
- AI-powered risk summaries (Q1 2026)
- OSINT graph visualization (Q1 2026)
- Community plugin marketplace (Q2 2026)
- Real-time monitoring dashboard (Q2 2026)
- Kubernetes security scanning (Q3 2026)
- Mobile app for scan results (Q3 2026)
URL Hawk Scanner is released under the Apache 2.0 License.
Disclaimer: This tool is for authorized security testing and educational purposes only. Unauthorized access to computer systems is illegal. Always obtain written permission before scanning any target you do not own.
Built with β€οΈ by Dhanush Nehru and the open-source security community.
β Star this repo if you find it useful π΄ Fork to contribute or customize π¬ Discuss ideas in Discussions tab π Report bugs in Issues
- π Live Demo
- π¦ Docker Image
- π₯ YouTube Tutorial (coming soon)
- π Full Wiki
Made by the community. For the community. π