Global View
ASN Intelligence
Domain Mapper
ReconFTW
DNS & SSL Intelligence
Port Scanner nmap · masscan · RustScan · naabu — multi-target
OSINT Intelligence
ProjectDiscovery
Scan Scheduler
Sessions
AI Chat Multi-LLM Intelligence
Cyber Feed X / Twitter intelligence
Advanced Dorking Multi-engine OSINT search queries
PathStorm Directory & File Fuzzer — powered by ffuf
ThreatBlitz Vulnerability Scanner — Nuclei & Nikto
ParamHawk Parameter Discovery — Arjun · ParamSpider · x8
IPScope IP & Subnet Mapper — Multi-source intelligence
Settings
Crawler Endpoint & JS intelligence
Workflow Builder
ASNs Found0
Critical0
Domains0
Government
Military
Finance
Telecom
Critical Infra
Health
Cyber Security
Education
Commercial
Data Sources RIPE Stat Country ASN list · overview BGPView ASN details · IP prefixes rDNS Domain discovery via PTR NetworksDB IP→domain mapping · metadata key required Shodan Host & domain discovery key required CAIDA AS Rank Global rank · org · cone SecurityTrails ASN domain lookup key required bgp.he.net BGP routing · peers NLNOG LG BGP route lookups RIPE Atlas Network measurements
All Gov Mil Finance Telecom Infra Health Cyber Edu Commercial
Sort:
Run a scan to see ASN data
Passive crt.sh THC RapidDNS OTX DNSRepo HackerTarget URLScan
Tools Findomain Sublist3r Assetfinder Subfinder Amass Cero BBOT KnockPy WhatWeb
API Keys Shodan SecurityTrails Censys ZoomEye FOFA GitHub C99 Chaos GitLab
Score Live Subdomain Status IP Organization Tech / Tags WhatWeb Screenshot
Run a domain scan to map subdomains
Root
Live 2xx
3xx
4xx
5xx
Dead
IP
ASN
Intel
JS Intel

ASN Breakdown

No data yet

Top ROI Targets

Targets appear after scan completes
Run a domain scan then click Scan JS
JS Analyzers LinkFinder GoLinkFinder jsluice jsleak xnLinkFinder getJS
After subdomain scan completes,
click Scan JS to run
JS tools on live domains.
Target
No domain set
CLI Tools
🔗
gau
Wayback · OTX · CommonCrawl
🕰
waybackurls
Wayback Machine URL archive
📡
waymore
Extended Wayback + CommonCrawl
🔍
urlfinder
ProjectDiscovery passive URLs
Enter a domain and select a mode
All 0
JS 0
API 0
Auth 0
Admin 0
Params 0
Config 0
Backup 0
Upload 0
Redirect 0
Enter a target domain, select your tools, and click
Harvest URLs or Start Recon to begin.
reconftw not found. Install it:
git clone https://github.com/six2dez/reconftw
cd reconftw && ./install.sh
Execution
Scan Configuration
Output Directory
Advanced Flags
Live Stats
Subdomains
URLs
IPs
Vulns
Quick Actions
Console
Subdomains
URLs
Vulnerabilities
IPs
Enter a target domain and click Recon to start
Powered by reconftw — full recon automation suite
Ready — enter a domain to begin
Scan Modes
-r Full Recon (passive+active)
-s Subdomains + Web Probe
-p Passive Only (no noise)
-w Web Vulnerability Scan
-a All (exploit included)
-n OSINT / Intelligence
-z Lightweight Quick Scan
Tools Used
amass subfinder nuclei httpx gau waybackurls ffuf naabu massdns dalfox sqlmap aquatone
Installation Status
Checking...
DNS Record Types
🔵 A / AAAA — IP addresses
🟣 MX — Mail servers
🟡 NS — Name servers
🟢 TXT — SPF/DKIM/DMARC
🔴 CNAME — Aliases
⚪ SOA — Zone authority
🟠 CAA — Cert authority
SSL Score Guide
90-100 Excellent
70-89 Good
40-69 Weak
0-39 Critical
Zone Transfer
Enter a domain and click Analyze
Targets
Run a domain scan first.
Scanner Tool
nmap masscan RustScan naabu
Port Profile
Intensity
Parallel Hosts 2
0Open Ports
0Hosts Done
0Critical
0High Risk
No scan results yet
Select targets from Domain Mapper and click Launch Scan
nmap · masscan · RustScan · naabu — requires authorization
Quick Actions
API Keys
Hunter.io Key
GitHub Token
Tech (for CVE)
Enter a domain and run an OSINT scan
Target Sessions
No target sessions yet
Enter a target in the top bar and click
Run Pipeline to start
New Scheduled Scan
Scan Type
Target
Interval (hours)
No scheduled scans yet. Click New Schedule to add one.
0
Total
0
ASN
0
Domain
0
Recon
Settings
General
Subdomain Sources
AI & Chat
X / Twitter Feed
Integrations

Scan Options

Thread CountParallel workers for scanning
Max Subdomains0 = unlimited
Reverse DNSResolve PTR records
HTTP ProbingCheck live status codes

Intelligence APIs

Add API keys to enable additional subdomain sources. All keys are stored locally in your browser.
Passive DNS & OSINT
NetworksDB API Keynetworksdb.io
SecurityTrails Keysecuritytrails.com
C99 API Keysubdomainfinder.c99.nl
Attack Surface Platforms
Shodan API Keyshodan.io
Censys API IDcensys.io — ID field
Censys API Secretcensys.io — Secret field
ZoomEye Keyzoomeye.org — JWT token
FOFA (Requires both fields)
FOFA EmailYour FOFA account email
FOFA API Keyfofa.info
Threat Intelligence (IPScope)
Netlas Keynetlas.io — IP & host data
GreyNoise Keygreynoise.io — internet noise intelligence
Criminal IP Keycriminalip.io — threat intelligence
Code & Repository
GitHub TokenFor domain mapper GitHub search
GitLab TokenFor gitlab-subdomains enumeration
ProjectDiscovery
Chaos API Keydns.projectdiscovery.io subdomain dataset
PDCP API KeyRequired for cvemap — get at cloud.projectdiscovery.io

AI Provider Keys

Keys power AI Chat, AI Analyze, and Feed Analysis. Any one key is enough — ZeekGlare uses the first available provider. Stored locally only.
Anthropic
Anthropic API KeyClaude Opus / Sonnet / Haiku
NVIDIA NIM
NVIDIA API KeyDeepSeek, Llama, Mistral via NIM
OpenAI
OpenAI API KeyGPT-4o, o3, o4-mini

X / Twitter Credentials

Create an app at developer.x.com, enable OAuth 1.0a read permissions, and generate tokens.
Bearer Token alone → search-mode feed (recent cyber tweets).
All four OAuth keys → your personal home timeline.
Bearer Token (Search API — v2)
Bearer TokenEnables search-mode feed
OAuth 1.0a (Home Timeline — v1)
API KeyConsumer Key from X app
API SecretConsumer Secret from X app
Access TokenGenerated for your account
Access Token SecretGenerated for your account

Telegram Bot not running

Connect ZeekGlare to Telegram to control scans and chat with the AI from anywhere.
1. Create a bot via @BotFather/newbot
2. Paste the token below. Optionally restrict to your Chat ID (from @userinfobot).
3. Enable the bot and send /help to your bot.
Bot Configuration
Bot TokenFrom @BotFather
Allowed Chat IDYour Telegram user ID (optional, restricts access)
Enable BotStart polling Telegram for messages

Caido Web Proxy

Caido is a web proxy for manual security testing. ZeekGlare can route discovered hosts through it (populating its history/sitemap) and add them to your project scope.

Generate your API key in Caido → Settings → Developer. The same URL is used for both proxy traffic and the GraphQL API.
Connection
Caido Proxy URLDefault: http://127.0.0.1:8080
Caido API KeyRequired for scope management

Burp Suite

Burp Suite is an industry-standard web proxy for manual security testing. ZeekGlare can route discovered hosts through Burp (populating its HTTP history & sitemap) and add them to your Target Scope.

Enable the REST API in Burp → Settings → Suite → REST API. The proxy and REST API use separate ports (default 8080 and 1337).
Proxy
Burp Proxy URLDefault: http://127.0.0.1:8080
REST API (Scope Management)
Burp REST API URLDefault: http://127.0.0.1:1337
Burp REST API KeyOptional — set in Burp REST API settings
Targets
Run a domain scan first.
Wordlist
Extensions (comma sep)
Status Filter
Threads
Rec. Depth
Recursive fuzzing
Tool
Live Log
0found
req/s
0selapsed
Filter:
Select a target and click Launch to start fuzzing.
ffuf · directory & file discovery
Targets
Run a domain scan first.
Scanner
Severity (Nuclei)
Critical High Medium Low Info
Templates (optional, e.g. cves/)
Rate Limit
Tags (opt)
Timeout (s)
Live Log
0found
0critical
0high
0selapsed
Saved Sessions
No saved sessions yet.
Severity:
Select targets and click Launch to start scanning.
Nuclei · CVE scanning & vulnerability detection
WordPress Targets
No WordPress targets detected.
Run Domain Mapper with WhatWeb.
Scan Mode
Enumerate
WPScan API Token (optional — wpscan.com)
Threads
Live Log
Targets
Run a domain scan first.
Tools
Arjun ParamSpider x8
HTTP Method
GET
POST
Both
Threads 10
0Parameters
0URLs
0GET
0POST
No parameters found yet
Select targets from Domain Mapper and click Hunt Parameters
Arjun · ParamSpider · x8 — multi-tool parallel discovery
Target Domain
IPs found by Domain Mapper are seeded automatically.
Sources
HackerTarget Shodan SecurityTrails FOFA ZoomEye Censys Netlas GreyNoise CriminalIP
0Unique IPs
0Subnets
0Critical
0High Risk
Enter a domain and click Scan IPs
Maps all IPs & subnets associated with the target domain
Sessions
Sessions
No saved sessions yet.
Send a message to start.
Context
Context
Active Scan Data
Context Preview
No context selected
Quick Prompts
Filter: All CVE Bug Bounty Exploit Tools Malware Breach News
Add your X API credentials in Settings,
then click Refresh to load your cyber feed.
AI Intelligence Brief
Feed Stats
Total tweets
CVE mentions
Bug bounty
Exploits
Tools
Malware/Breach
Last refreshed
Target Domain
Engines: 🔍 Google 🖥 Bing 🦆 DuckDuckGo 📨 Yahoo 🔌 Shodan 🔎 Censys 👀 ZoomEye 🔢 FOFA 🤍 GitHub 📋 Pastebin 📄 Grep.app
Cats: Files Login & Admin Open Dirs Config & Env Credentials Backup & Dumps API & Endpoints Cloud Storage Error Messages Code Repos Network Devices Juicy Info
Enter a target domain and click Generate Dorks to build your dork library.

Custom Dork

Google Bing DDG Shodan GitHub

Dork Cheatsheet

site:target.com
inurl:admin
intitle:"index of"
intext:"api_key"
filetype:env
ext:sql
cache:site.com
link:site.com
related:site.com
before:2023-01-01
after:2020-01-01
-site:exclude.com
Shodan: hostname:, ssl:, http.title:, port:
Censys: parsed.names:, ip:, services.port:
GitHub: filename:.env, extension:pem, user:org

Quick Fire Dorks

☰ Tools
💾 Saved
Click any tool in the left panel to add it to the canvas.
Drag tools directly onto the canvas. Connect nodes via their ports (● right → ● left).
Node Config
Click a node to configure it
Ready
Screenshot