service catalog

Snapshot: 2026-06-12T18:28:55Z  ·  446 services across 3 meshes  ·  services.json  ·  refresh  ·  source: services-registry

Stored in this browser only (localStorage); never sent to the catalog server. Applies only to 0exec rows. 0crawl rows use the public default_token automatically; pages rows need no auth.

0exec (156)

servicetitle / summarytagscommitopendiscover
agent-approval TRL 5Agent Approval
Human-in-the-loop approval gate. POST /request to submit a risky action for human sign-off; GET /await to block until decided or timed out; POST /decide to record the human decision. Timeout resolves to a configurable default (deny by default). The safe-autonomy keystone.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
agent-mailbox TRL 5Agent Mailbox
Addressed request/reply bus for agents: POST /send to enqueue a message for a named agent, GET /inbox to drain it, POST /reply to send a correlated reply, GET /await to block until a reply arrives. Closes the A→B→A gap that fleet-notify (broadcast) and fleet-q (anonymous pull) leave open.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
agent-quorum TRL 5Agent Quorum
k-of-n answer aggregation and voting for redundant agents. Create a round, cast votes, GET /result for the aggregated decision (majority/weighted/unanimous). Productizes the adversarial-verify loop as a fleet primitive.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
agent-tools TRL 5Agent Tools
Turns the fleet catalog into an LLM function-calling manifest. GET /manifest returns a callable tool spec per service (name, description, base_url, auth, example_path). POST /refresh re-fetches the live catalog. Used by agents to discover how to call any fleet service.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
apikey-service TRL 7Apikey Service
API key keystore for the 0exec mesh: issue/verify/revoke/list/purge. SQLite-backed, admin-token-gated. THE FLEET'S SINGLE POINT OF COMPROMISE — see fleet-state/OPS.md for hardening + rotation. NOT internet-exposed. 		apikeygokeystore
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
c-proxy TRL 4C HTTP Proxy
Minimal libcurl-based forward proxy (single binary, low memory). 		cproxyproxyhttpscraping 8d97895
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
catalog-service TRL 6Catalog Service
Renders services.json into the public catalog at catalog.0exec.com. Reads the registry's JSON slices and presents browsable tables of all fleet services with auth-help, TRL, mesh, and links.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
composite-runner TRL 6Composite Runner
Generic composite fan-out engine. GET /?recipe=<name>&target=<domain> runs any named recipe concurrently across N fleet analyzers; returns a merged envelope with summary + per-source fields. Add a recipe row in recipes.go — no new code. 		gokind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
d3-graph TRL 6D3 Graph Renderer
Fetches CSV/JSON and converts it to d3-rendered SVG/PNG visualisations. 		govisualizationvisualisationd3 1b98d09
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
db-geo-geocode TRL 6Geocode Cache (Postgres-backed)
Same shape as geo-geocode, with a Postgres cache layer in front. 		geogeogeocodingcache 4fa789f
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-abuse-contact-rollup Domain Abuse Contact Rollup
Unified abuse contact rollup (RDAP+security.txt+convention+scrape) for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-ai-bot-policy-scanner TRL 6Domain Ai Bot Policy Scanner
AI-training opt-out posture scanner for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-compliance-claim-scanner TRL 6Domain Compliance Claim Scanner
Compliance claim scanner for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-ct-log-watcher TRL 6Domain Ct Log Watcher
Certificate Transparency log inventory (crt.sh) for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-dnssec-validator TRL 7Domain Dnssec Validator
DNSSEC validator (DS/DNSKEY/AD-bit) for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-documentation-platform-detector Domain Documentation Platform Detector
Docs platform detector for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-email-deliverability-score TRL 7Domain Email Deliverability Score
Composite email-deliverability grader for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-http3-quic-detector TRL 6Domain Http3 Quic Detector
HTTP/3 + QUIC handshake probe for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-mobile-app-resolver TRL 7Domain Mobile App Resolver
iOS/Android mobile app linkage resolver for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-newsletter-platform-detector Domain Newsletter Platform Detector
Newsletter platform detector for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-open-source-presence Domain Open Source Presence
Linked source orgs + OSS score for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-passive-dns-history TRL 6Domain Passive Dns History
Historical passive-DNS observations for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-rbl-reputation TRL 6Domain Rbl Reputation
RBL reputation check across 8 public blocklists for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-saas-host-mapper TRL 6Domain Saas Host Mapper
SaaS hosting platform detector for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-structured-data-rollup TRL 7Domain Structured Data Rollup
JSON-LD/OG/Twitter/microdata rollup for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-support-stack-detector Domain Support Stack Detector
Help desk / live-chat platform detector for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-tech-eol-flagger TRL 6Domain Tech Eol Flagger
Tech-stack end-of-life flagger (endoflife.date) for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-third-party-fetch-map TRL 6Domain Third Party Fetch Map
Homepage third-party fetch bucketing for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-trust-composite-grader Domain Trust Composite Grader
Composite 0-100 trust score for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
domain-well-known-catalog Domain Well Known Catalog
/.well-known/ coverage scanner for the domainscope enricher pipeline 		domainscopego-domain
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-backoff-coordinator TRL 6Fleet Backoff Coordinator
response-driven backoff coordinator 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-backup TRL 4Fleet Backup
F6 fleet backup orchestrator. Every 6h snapshots configured sources (SQLite, git, files, directories), encrypts with age (multiple recipients for key rotation), pushes to URI-shaped destination (initial: local:///opt/backups; future: storage-box:// rsync over SSH). Verifies every write by decrypt+tar-diff round-trip; mismatch = FAILED run, retention prune skipped. Per-instance SQLite audit log enforces "never delete what we didn't create" invariant. 7-daily / 4-weekly / 12-monthly retention. POST /restore always dry-run; actual restore is operator-driven with offline age identity (daemon never holds the decrypting key).
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-body-redactor TRL 6Fleet Body Redactor
canonical sensitive-data redactor 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-budget-tracker TRL 6Fleet Budget Tracker
per-program scan-cost cap (atomic check-and-insert) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-call-tracer TRL 6Fleet Call Tracer
per-request call trace collector (Speedscope flamegraph output) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-capabilities TRL 4Fleet Capabilities
G9 fleet capability aggregator. Walks the catalog and probes /openapi + /health + /version + /selftest on every kind=container entry in parallel; surfaces one aggregate at /capabilities.json (5-min in-process TTL, served stale during refresh). Plain net/http outbound (ADR-0024). Failed sub-probes recorded in errors[]; we never drop a service silently. Summary rollup (container_reachable, openapi_published, selftest_green/red/not_implemented) for one-glance fleet status.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-content-normalizer TRL 6Fleet Content Normalizer
MIME/charset/encoding normalizer (5MB cap) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-counter TRL 7Fleet Counter
Atomic distributed counters over HTTP — monotonic ids/build numbers, no DB 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-diff-engine TRL 6Fleet Diff Engine
structured diff: http_response|json|html|asset_set|text 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-dig TRL 7Fleet Dig
DNS lookups as a service — dig over curl from minimal containers 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-discovery TRL 4Fleet Discovery
Prometheus http_sd endpoint emitting one target per fleet container service. Refreshes services.json every 60s and probes /metrics via host.docker.internal.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-dns-sync TRL 7Fleet Dns Sync
Hetzner DNS reconciler. Targets the Hetzner Cloud API (api.hetzner.cloud/v1, Bearer auth, RRSet-oriented) — the canonical DNS surface that supersedes the deprecated dns.hetzner.com Console API. Reads services-registry/services.json, diffs against actual zone state, applies the delta. Pulls the Cloud API token from go-fleet-secrets. 30-min ticker. Extras never auto-deleted. 		go-fleet
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-engagement-timeline TRL 6Fleet Engagement Timeline
per-program event timeline aggregator (6 siblings) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-eventlog TRL 5Fleet Eventlog
Replayable per-topic event log with monotonic offsets. Publish events to named topics; consumers read from any offset and long-poll for new ones. v0.1 is in-RAM with per-topic retention cap; disk-backed durability is a planned follow-up.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-exec TRL 5Fleet Exec
Ephemeral, bounded code/command execution for fleet agents. POST /run {lang, code} executes in an isolated temp dir with a hard timeout, process-group SIGKILL, output caps, and minimal child env. Keystore-gated; NOT internet-exposed. v0.1 TRL 4.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-fake TRL 7Fleet Fake
Fake/test data generator — fixtures and seed data over curl 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-fingerprint-cache TRL 6Fleet Fingerprint Cache
WAF/soft-404/CDN-noise classifier 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-grafana TRL 4Fleet Grafana
Grafana dashboards for the fleet metrics hub. Anonymous viewer-only; admin/signup disabled; keystore-gated at the gateway.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-graph TRL 7Fleet Graph
Fleet graph collector. Aggregates service-to-service call observations emitted by go-common/graph into 1m/1h/1d buckets in SQLite. Serves /events (ingest), /graph + /summary (queries), /service/<slug>/{callers,calls}, /lookup/<slug> (powers graph.Lookup), /drift (declared-vs-observed). Mirror of services-registry refreshes every 5min.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-har-builder TRL 6Fleet Har Builder
HAR 1.2 evidence formatter 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-host-guard TRL 4Fleet Host Guard
F7 disk pressure eviction + F9 memory leak detector. Dockerhost guardian daemon: every 5 min samples fs usage and runs `docker image prune --filter until=168h` + truncates oversized non-rotated /var/log/*.log; every 1 h samples container RSS via `docker stats` and fits a linear regression — flags containers whose slope > 50 MB/h AND R² > 0.7.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-ip TRL 7Fleet Ip
Echo your public IP plus request facts — your own ifconfig.me 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-lock TRL 5Fleet Lock
Distributed advisory locks, leases, and leader-election over HTTP. Every fresh acquire returns a monotonic fencing token; re-acquire by the same owner refreshes the lease in place (leader renewal). In-RAM, ephemeral by design — a restart releases every lock.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-md TRL 7Fleet Md
Render Markdown to terminal ANSI or sanitized HTML over curl 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-memory TRL 5Fleet Memory
Cross-session, cross-agent working memory with pure-CPU keyword recall. POST /remember to store a text doc with optional agent/key/tags; GET /recall?q= for TF-overlap ranked retrieval. Generalizes pentest-agent-state into a fleet-wide searchable store.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-notify TRL 7Fleet Notify
HTTP pub/sub — push a line to your phone or any subscriber 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-payload-corpus TRL 6Fleet Payload Corpus
versioned attack-payload corpus (125 payloads, 12 classes) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-persona TRL 4Fleet Persona
cross-app + cross-origin display identity (nickname + name + avatar) for the mesh-* P2P fleet — L2 tier of fleetPersona in mesh-common 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-pipe TRL 5Fleet Pipe
Ephemeral, unauthenticated cross-machine copy/paste relay. POST/PUT a blob with `curl --data-binary @-`, get back a URL, pull it on another machine within a hard ≤5-minute TTL. In-RAM only (restart wipes everything), 10 MiB/blob with a total-RAM budget. Random base62 ids, write-once or last-write-wins (?replace) named slots, say-it-out-loud ids (?words), ?burn one-time reads, ?qr scannable links, ?notify read-receipts. Optional client-side E2E: `-e` (AES-256-CTR+HMAC, key in the URL #fragment — opens in a browser or decrypts with openssl) plus a browser ask-me-a-secret sealed-box (ECDH P-256). `curl …/install | sh` adds a `pipe` client with one-time wormhole codes and an end-to-end universal clipboard. Browser app at GET / for non-CLI users. 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-pixel TRL 3Fleet Pixel
1x1 transparent-GIF pageview beacon for the mesh-* static-Pages fleet 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-poc-curl TRL 6Fleet Poc Curl
redacted PoC curl emitter (bash -n parse-gated) 		fleet-evidencekind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-port TRL 7Fleet Port
Is a host:port reachable from the public internet? (SSRF-guarded check) 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-preflight TRL 7Fleet Preflight
Pre-deploy validation. POST /preflight {repo, secrets?} runs every required check in parallel: registry presence, DNS resolution, port collision, required secrets metadata. Returns 200 (all green) or 424 (any red) with detailed checklist. Read-only. 		go-fleet
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-priority-queue TRL 6Fleet Priority Queue
composite-scored findings priority ranker 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-prometheus TRL 4Fleet Prometheus
Prometheus instance scraping each fleet container host_port/metrics via the fleet-discovery http_sd endpoint. Runs in host network mode, --web.listen-address=:18203.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-pwgen TRL 7Fleet Pwgen
Stateless password and passphrase generator (crypto/rand) over curl 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-q TRL 7Fleet Q
Ephemeral in-RAM FIFO job queue over HTTP — a shell task-farm, no Redis 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-read TRL 7Fleet Read
Reader-mode / readability — clean article text or markdown from a URL 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-resolver-quorum TRL 6Fleet Resolver Quorum
2-of-3 DNS resolver quorum 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-sandbox-targets TRL 6Fleet Sandbox Targets
internal-only sandbox vulnerable apps (10 endpoints) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-schema-validator TRL 6Fleet Schema Validator
JSON Schema catalog + validator (8 baseline schemas) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-secrets TRL 7Fleet Secrets
Encrypted secrets vault. Holds infrastructure tokens (Hetzner DNS, GitHub PAT, SMTP, platform API keys). NaCl secretbox at rest, per-secret nonce, scoped reads via gateway-injected X-Auth-User against consumers allowlist, separate X-Admin-Token for writes. Audit log per access. 		go-fleet
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-selftest-aggregator TRL 6Fleet Selftest Aggregator
/selftest poll-and-render aggregator 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-tail TRL 7Fleet Tail
Ephemeral shared log streaming — tail -f across machines over curl, no SSH 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-target-reputation TRL 6Fleet Target Reputation
target reputation lookup (5 sources) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-tech-inferrer TRL 6Fleet Tech Inferrer
composite tech-stack inferrer (83 signals) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-vendor-disclosure-tracker TRL 6Fleet Vendor Disclosure Tracker
vendor disclosure history tracker (PII-redacted) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-visualizer TRL 7Fleet Visualizer
Fleet graph visualizer. Operator surface (keystore-auth) renders a force-directed live topology with click-to-drill, mesh filter, time-window selector, and a drift dialog comparing declared-vs-observed edges. Public surface at /public shows sanitised (caller -> target) counts only — no latencies, no internal hosts. Frontend uses vis-network from CDN, vanilla JS, no build step.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
fleet-webhook TRL 7Fleet Webhook
Ephemeral request bin — capture and watch webhooks live from the terminal 		fleet-infra
no auth
open ↗ · repo ↗ 		openapi · llms.txt
fleet-webhook-verifier TRL 6Fleet Webhook Verifier
inbound webhook signature verifier (6 platforms) 		kind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
geo-geocode TRL 6Geocode (TomTom)
Free-text address → lat/lon via TomTom. 		geogeogeocoding
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
geo-places TRL 6GeoJSON Places API
Continents, countries, regions, states with GeoJSON geometries. 		geogeogeojsonplaces dc81efb
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
go-session-fixation TRL 6Go Session Fixation
Two-pass probe testing whether session cookies persist value across login. Cookie-name gazetteer covers PHPSESSID/JSESSIONID/ASP.NET_SessionId/etc. 		gopentestsecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
html-proxy TRL 6Html Proxy
Microservice for Go Html Proxy 		goproxy
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
information-leakage TRL 6Information Leakage
Detects information disclosure patterns: internal paths, version strings, stack traces, build IDs in HTML/headers/error pages. 		goinfoleak
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
infrastructure-fetch-cache TRL 4Fleet Fetch Cache
Fleet-wide HTTP fetch cache: producers share one upstream fetch per URL instead of each hitting origin. Redis-backed, zstd-compressed, singleflight-deduped. 60s default TTL, falls back to direct fetch when Redis is unreachable.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
js-proxy TRL 7Proxy (Go+JS)
JS-rendering proxy (?url=) 		goproxy
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
js-proxy-network TRL 7Js Proxy Network
JS-render proxy returning rendered DOM plus full network log (every request fired, response headers, sizes, timing) + console + performance. 		goproxyrender
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
jsbundle-routes TRL 6Jsbundle Routes
Extracts React Router / Vue Router / Next.js / Express route configs from recovered JS bundles. Surfaces unlinked admin/internal routes. 		gopentestsecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
jsbundle-secrets TRL 6Jsbundle Secrets
Recovers original source from JS bundles via sourcemaps, then scans with gitleaks-grade rules for secrets that vanish from minified output. 		gopentestsecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
jwt-pentest TRL 6Jwt Pentest
Active JWT vulnerability battery: alg=none, weak-HMAC dictionary, kid traversal, jku/x5u SSRF, audience leakage, HS256↔RS256 confusion. 		gopentestsecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
linkedin-attributes TRL 4LinkedIn Profile Attributes
Extract structured fields from a LinkedIn profile page. 		contentnlpscrapingsocial
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
nlp-extractinfo TRL 6NLP Info Extractor (compromise)
Extract people, places, dates, organizations from text using compromise.js. 		nlpnlp
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
node-js-proxy TRL 5Node Playwright Proxy
Playwright-driven Chromium that returns post-render HTML. 		nodeproxyproxyheadlessjavascriptplaywright
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
node-proxy TRL 5Node HTTP Proxy
Express+axios forward proxy. Multi-worker via Node cluster. 		nodeproxyproxyhttp
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
node-search-bing TRL 5Bing Search (Node)
Bing search results via Node TS scraper. 		nodesearchsearch
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
node-search-duck TRL 5DuckDuckGo Search (Node)
DuckDuckGo search via Node TS. Same role as go-search-duck. 		nodesearchsearchscraping
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
ocr-pdf TRL 6PDF→Text (Fastify)
Convert a PDF to text via Fastify + pdf-parse. 		ocrocrpdf
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
ocr-pdf-express TRL 5PDF→Text (Express)
Same as ocr-pdf but via Express; supports url/text query params too. 		ocrocrpdf
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-agent-state TRL 7Pentest Agent State
Persistent agent memory for the pentest fleet. POST /snapshot upserts the 'where I left off' state for an autonomous agent; POST /journal appends events. SQLite (WAL). Closes the gap that makes every Claude conversation start at zero. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-asset-inventory TRL 7Pentest Asset Inventory
Source of truth for every known asset per program. Recon services upsert; continuous-monitor diffs daily to fire scans only on NEW assets. The compounding-revenue substrate of the fleet. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-asset-scope-resolver TRL 6Pentest Asset Scope Resolver
Wildcard scope expansion: composes cert-transparency + subfinder + scope-guard to expand a program wildcard scope into a concrete in-scope subdomain list. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-attack-chainer TRL 5Pentest Attack Chainer
CORS exploitation chain validator. Cross-references a CORS misconfig finding with go-pentest-takeover-checker (attacker-controllable siblings) AND probes target for data-bearing endpoints. Classifies real_severity end-to-end: critical / high / medium / low / informational. Renders a working PoC HTML page when chain elements present. 		chain-validationcorspentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-audit-log TRL 6Pentest Audit Log
Append-only audit log for the pentest fleet. Every scan-start / scope-denied / finding-submitted gets recorded. Legal floor + CYA. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-authz-matrix TRL 7Pentest Authz Matrix
Pentest fleet service 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-bounty-scope-checker TRL 6Pentest Bounty Scope Checker
Given a domain, returns which bug-bounty programs include it in scope (sorted by max payout). Embedded seed of ~10 well-known programs (GitHub, GitLab, Shopify, PayPal, Anthropic, Google, Microsoft, Tesla, Uber, X). 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-cert-transparency TRL 6Pentest Cert Transparency
crt.sh wrapper with 24h SQLite cache. Returns SAN-derived subdomains or full cert records (issuer/dates/SANs). 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-chaos-sync TRL 6Pentest Chaos Sync
Background syncer for ProjectDiscovery Chaos public dataset. SQLite-backed (modernc.org/sqlite, CGo-free) cache of subdomains keyed by root_domain; daily refresh; O(log N) lookups; zero target-network traffic. 		pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-codec TRL 8Pentest Codec
Encode/decode + JWT segment decoder. 11 formats (base64 std/url/raw, base32, hex, url, html, gzip, zlib, json-string); alg=none/path-traversable-kid flags on JWT. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-continuous-monitor TRL 7Pentest Continuous Monitor
Daily cron-style scheduler that diffs asset-inventory per program and enqueues scan jobs only for NEW assets. Turns one-shot recon into a subscription — money compounds with the asset universe, not manpower. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-cors-misconfig-prober TRL 6Pentest Cors Misconfig Prober
Active CORS-misconfig prober. 5 attacker-Origin probes (reflection, null-origin, suffix-bypass, pre-subdomain, case-fold). Reflection+Allow-Credentials=high. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-cvss TRL 8Pentest Cvss
CVSS 3.1 base score calculator. Pure-Go FIRST.org spec implementation. Takes a vector, returns base/severity/impact/exploitability. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-dedup-fingerprint TRL 7Pentest Dedup Fingerprint
Semantic dedup of findings. Normalizes query-param order, UUIDs in path, timestamps, whitespace in body, then sha256s. Stops one XSS reported by 4 scanners from looking like 4 dupes. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-dependency-cve TRL 7Pentest Dependency Cve
CPE -> NVD JSON 2.0 + CISA KEV cross-flag. Per-request fetch (no local cache yet). Composes with go-pentest-httpx tech detection. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-disclosure-policy-finder TRL 6Pentest Disclosure Policy Finder
Probes 12 disclosure-policy paths and classifies bounty/VDP/safe-harbor/unknown/none. Extracts Contact/PGP from security.txt and detects platform hints (HackerOne/Bugcrowd/Intigriti/YesWeHack/Synack). 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-exploit-verifier TRL 7Pentest Exploit Verifier
Gate between possible-finding and submit-bot. Runs deterministic confirmation per vuln class: SSRF via OOB callback, XSS via marker reflection, IDOR via session-stripped re-fetch, JWT alg-none, open-redirect, subdomain-takeover. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-favicon-hash TRL 7Pentest Favicon Hash
Shodan-style mmh3 favicon hash with known-tech lookup (~15 seeds: Tomcat, Spring Boot, Jenkins, Grafana, Jupyter, phpMyAdmin, GitLab, FortiNet, F5, etc.). 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-finding-triage TRL 7Pentest Finding Triage
Auto-grades raw findings into submit_ready / needs_review / drop using 8 rules (missing fields, fingerprint-dupe, scope-deny, noise-class, confidence floor, severity promote, evidence-present, verified-class). Reasons array surfaces every decision. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-findings-store TRL 7Pentest Findings Store
Central deduplicated findings store for the pentest fleet. SQLite-backed (pure Go modernc); collapses same finding from multiple scanners via dedup_key with seen_count. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-github-dorks TRL 6Pentest Github Dorks
GitHub Search API dorking for leaked credentials: 31 curated patterns (AWS keys, .env, private keys, Slack/Stripe/PAT tokens, kubeconfig, npm/Docker creds). Rate-limit aware; pairs with go-pentest-trufflehog for verification. 		pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-http-replay TRL 6Pentest Http Replay
Captures + reproduces HTTP request/response pairs as bug-bounty evidence. Generates canonical curl PoC, replays for diff, imports raw HTTP from Burp. Uses go-common safehttp (SSRF-safe). 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-httpx TRL 7Pentest Httpx
One HTTP fingerprint per request: status, title, server, TLS cert summary, ~25 tech-detection signatures. Parallel batch with worker cap. Replaces chaining tech-stack + security-headers + cdn-detector. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-job-queue TRL 7Pentest Job Queue
Durable workflow queue. POST jobs, workers /claim → /complete or /fail. Crash-resilient via SQLite WAL; expired leases auto-requeue every 15s with exponential backoff. Backbone for orchestrator + continuous-monitor + every long-running scan. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-leak-bounty-policy TRL 7Pentest Leak Bounty Policy
Curated registry: which bug-bounty programs PAY for credential-leak disclosures, broken down by leak class (own_employee / shared_secret / customer_cred / canary). Use BEFORE writing up a leaked-credential disclosure — most platforms treat customer-side leaks as goodwill-only; only Stripe / GitHub partner / AWS canary / GitLab pay per-leak. 25 programs seeded. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-notify TRL 7Pentest Notify
Multi-sink notification fanout for the pentest fleet (Telegram/Discord/Slack/email/webhook/ntfy/Matrix/Teams/etc.) via containrrr/shoutrrr. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-nuclei TRL 7Pentest Nuclei
Nuclei wrapper: scope-guarded YAML-template scanner (cves/exposures/misconfigs/takeovers). Pre-flights every target through go-pentest-scope-guard; forwards findings to go-pentest-findings-store. Bundles nuclei binary in container. 		pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-oob-collector TRL 7Pentest Oob Collector
Out-of-band HTTP callback catcher for blind XSS/SSRF/RCE findings. Allocates short-lived tokens, public /c/{token} catch endpoint, authenticated polling API. v0.2 wraps projectdiscovery/interactsh for DNS exfil. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-orchestrator TRL 7Pentest Orchestrator
Master end-to-end pipeline. POST a campaign and the state machine drives scope→recon→scan→triage→verify→submit through every other go-pentest-* service. 30s ticker auto-advances. SUBMIT_DRY_RUN=1 by default — the unattended money loop. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-payloads TRL 6Pentest Payloads
Serves payload corpora (XSS/SQLi/SSRF/SSTI/XXE/CRLF/NoSQLi/GraphQL/path-traversal) by class+variant. Random-sample API for taint fuzzing. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-payoff-tracker TRL 7Pentest Payoff Tracker
Self-evaluator. POST /predict captures what finding-triage said before submission; POST /outcome captures what the platform did with it (via triager-listener). GET /calibration returns per-rule precision + per-program ROI. Closes the learning loop. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-rate-coordinator TRL 7Pentest Rate Coordinator
Global per-host token-bucket rate limiter. Every active prober calls POST /acquire {host, weight} before firing — prevents multiple scanners from collectively DDoS-ing a target. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-report-templater TRL 7Pentest Report Templater
Turns a structured Finding into a platform-ready markdown report. Ships HackerOne/Bugcrowd/Intigriti templates. Optional CVSS enrichment via go-pentest-cvss. Highest-leverage service in the fleet. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-scope-guard TRL 7Pentest Scope Guard
Hard scope check before any active prober fires. POST /check {target, program_id} -> {allowed, reason, matched_by}. Matches hostname/wildcard/CIDR/regex; exclusions always win. Legal floor of the pentest fleet. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-screenshot TRL 5Pentest Screenshot
Headless-Chromium screenshot evidence for pentest reports. POST /shot {url,viewport,before_js,after_js} → PNG + DOM hash + title + status. 24h SQLite cache keyed by sha256 of inputs. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-secrets-scanner TRL 6Pentest Secrets Scanner
Regex+entropy secret scanner. ~30 vendor rules (AWS, GitHub, GitLab, Slack, Stripe, Google, Twilio, SendGrid, Mailgun, Anthropic, OpenAI, HF, Discord, npm, JWT, RSA/EC/OpenSSH/PGP keys). 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-session-state TRL 7Pentest Session State
Pentest fleet service 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-ssrf-prober TRL 7Pentest Ssrf Prober
Pentest fleet service 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-subfinder TRL 6Pentest Subfinder
Multi-source passive subdomain enumeration: crt.sh (via our own cert-transparency), HackerTarget, AnubisDB, Wayback. Free sources only. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-submit-bot TRL 7Pentest Submit Bot
Files findings to HackerOne / Bugcrowd / Intigriti via their APIs, or via security.txt email as fallback. Rate-limit + daily-cap aware. Dry-run mode for verification. The actual money step. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-takeover-checker TRL 7Pentest Takeover Checker
Subdomain-takeover scanner. Resolves CNAME, probes HTTP, matches signatures from go-pentest-takeover-fingerprints. Severity none/possible/likely. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-takeover-fingerprints TRL 7Pentest Takeover Fingerprints
Subdomain takeover signature DB. 17 curated vendors (AWS S3, GitHub Pages, Heroku, Fastly, Shopify, Vercel, Netlify, Azure, Cargo, WordPress, Tumblr, Zendesk, Surge, Ghost, ReadMe, Intercom, Unbounce). 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-target-normalizer TRL 7Pentest Target Normalizer
Canonicalizes free-form pentest targets (URL/host/IP/CIDR). Returns kind, eTLD+1, private-IP flag. Foundation primitive every active prober calls before doing anything else. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-triager-listener TRL 4Pentest Triager Listener
Inbound half of submit-bot. POST /watch registers a submitted bounty report; a 15-min ticker polls HackerOne / Bugcrowd / Intigriti and records state changes (new -> triaged -> duplicate/informative/n_a/resolved). Without it the fleet cannot learn its own duplicate rate or payoff per program. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-trufflehog TRL 6Pentest Trufflehog
Trufflehog wrapper: scans repos/git/filesystem for VERIFIED secrets (--only-verified). 700+ detectors live-tested against providers. Upgrades go-pentest-secrets-scanner with verification. 		pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-walkthrough TRL 7Pentest Walkthrough
HTTP equivalent of go-pentest-cli — single-domain pentest flow as REST API. /preflight, /recon, /findings, /report + /sessions for async scan with per-finding manual triage override. Pause/resume per session. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-wayback-urls TRL 7Pentest Wayback Urls
Historical URL discovery via web.archive.org CDX. Returns every URL ever crawled with status + MIME + auto-flagged interesting extensions (.bak/.sql/.env/.zip). 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
pentest-wordlists TRL 6Pentest Wordlists
Serves curated pentest wordlists (dirs, subdomains, params, fuzz) by category with SHA256 integrity. Random-sample API. Designed to grow via SecLists submodule. 		go-pentest
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
plausible Plausible Analytics
Self-hosted Plausible Analytics (ghcr.io/plausible/community-edition). Third-party upstream container — its own docker-compose lives at /opt/services/plausible/ and is managed by hand (NOT by fleet-runner). Registered here so allocate-port and audit-port know host_port 18204 is claimed. 		analyticsexternalthird-party
no auth
open ↗ · repo ↗ 		openapi · llms.txt
postmessage TRL 6Postmessage
Static scan for window.postMessage listeners missing origin checks (XS-Leak risk) 		gopentestsecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
proto-pollution TRL 6Proto Pollution
Static scan for prototype-pollution sink patterns (Object.assign, lodash.merge, deepmerge) in recovered JS bundles. 		gopentestsecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
proxy TRL 5Proxy (Go)
HTTP proxy with rotation (?url=) 		goproxy
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
python-proxy TRL 4Python aiohttp Proxy
aiohttp-based forward proxy with rotating user-agent. 		proxypythonproxyhttpscraping
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
random-proxy TRL 3Round-Robin Proxy Front
Round-robins requests across c-proxy, go-proxy, node-proxy, python-proxy. 		proxyproxyload-balancer 811d016
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
search-duck TRL 5Search DuckDuckGo (Go)
DuckDuckGo SERP scraper in Go (?query=) 		gosearch
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
url-categorizer-api TRL 5Url Categorizer Api
URL categorization API - classifies URLs by topic/category 		categorizationgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt
utils-readcontent TRL 6Read Content Extractor
Extract readable text/markdown from a URL or raw HTML. 		contentnlpscrapingcontent-extraction
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗ 		openapi · llms.txt

0crawl (214)

servicetitle / summarytagscommitopendiscover
a11y-quick TRL 6A11y Quick
Microservice for A11y Quick 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
accessibility-audit TRL 6Accessibility Audit
WCAG accessibility audit: a11y quick checks, accessibility score, color contrast ratio, image alt coverage, heading outline — 5 analyzers covering the main WCAG 2.x success criteria. 		gokind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
accessibility-score TRL 6Accessibility Score
Microservice for Accessibility Score 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
ad-density TRL 6Ad Density
Microservice for Ad Density 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
address-extractor TRL 6Address Extractor
Microservice for Address Extractor 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
admin-finder TRL 6Admin Finder
Microservice for Admin Finder 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
analyze-headers TRL 6Analyze Headers
Microservice for Analyze Headers 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
api-extractor TRL 7Api Extractor
Microservice for Api Extractor 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
api-first TRL 6Api First
Scores domains 0-100 for API-first maturity: OpenAPI/GraphQL spec detection, versioned REST endpoint probing, developer portal/path detection, SDK scanning, evidence trail 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
apikey-scanner TRL 6Apikey Scanner
Microservice for Apikey Scanner 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
asn-lookup TRL 6Asn Lookup
Microservice for Asn Lookup 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
biz-classifier TRL 7Biz Classifier
Microservice for Biz Classifier 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
blocklist-checker TRL 6Blocklist Checker
Microservice for Blocklist Checker 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
brand-color-palette Brand Color Palette
Extract a brand colour palette (hex + role) from a site's CSS custom properties, theme-color meta, and logo pixels via k-means 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
brand-logo-extractor Brand Logo Extractor
Resolve a website's primary brand logo URL, dimensions, format and provenance (header DOM + schema.org + web-app-manifest + og:image) 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
broken-links TRL 6Broken Links
Microservice for Broken Links 		goweb-analysis
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
bucket-finder TRL 6Bucket Finder
Microservice for Bucket Finder 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
caa-checker TRL 7Caa Checker
Microservice for Caa Checker 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
captcha-detector TRL 6Captcha Detector
Microservice for Captcha Detector 		goweb-analysis
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
cas TRL 5Cas
Microservice for Cas 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
cdn-detector TRL 8Cdn Detector
Microservice for Cdn Detector 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
citation-reference-extractor TRL 6Citation Reference Extractor
Extract academic and web citations from a page or raw HTML/text — <cite> elements, reference/bibliography list items, footnote/endnote targets, and structured identifiers (DOI, arXiv ids, checksum-validated ISBN-10/13, PMID, and reference-context URLs), normalised into typed citation objects with a by-type summary. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
clickjacking-tester TRL 6Clickjacking Tester
Microservice for Clickjacking Tester 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
cognitive-load TRL 6Cognitive Load
Microservice for Cognitive Load 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
color-contrast-checker TRL 6Color Contrast Checker
WCAG 2.x color-contrast checker for a web page or raw HTML — resolves declared foreground/background color pairs (inline style= and <style>-block rules), computes the relative-luminance contrast ratio for each, and reports AA/AAA pass/fail for normal and large text plus a failing-pairs summary. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
comment-extractor TRL 6Comment Extractor
Microservice for Comment Extractor 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
company-size TRL 7Company Size
Microservice for Company Size 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
compression-tester TRL 7Compression Tester
Microservice for Compression Tester 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
content-fingerprint TRL 7Content Fingerprint
Near-duplicate-detection fingerprints for a web page or raw text — a 64-bit Charikar SimHash over k-gram word shingles, a 64-permutation MinHash signature for Jaccard estimation, and a normalized SHA-256 exact-match digest, plus shingle and token counts. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
cookie-checker TRL 6Cookie Checker
Microservice for Cookie Checker 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
cors-scanner TRL 7Cors Scanner
Microservice for Cors Scanner 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
cors-tester TRL 6Cors Tester
Microservice for Cors Tester 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
crawl-web-application TRL 6Crawl Web Application
Microservice for Crawl Web Application 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
crlf-tester TRL 6Crlf Tester
Microservice for Crlf Tester 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
crux-field-vitals Crux Field Vitals
Real-user p75 LCP/CLS/INP/TTFB + good/needs-improvement/poor histograms from the Chrome UX Report API 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
crypto-finder TRL 6Crypto Finder
Microservice for Crypto Finder 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
css-framework-detector TRL 6Css Framework Detector
Detects which CSS framework(s) a web page or raw HTML uses (Bootstrap, Tailwind, Bulma, Foundation, Materialize, Semantic/Fomantic UI, UIkit, Pure.css, Tachyons, Skeleton, Milligram) from three independent static-markup signals: linked-stylesheet / CDN hrefs (strong, often versioned), distinctive class-name signatures, and a generator meta hint. Returns frameworks[] (each name + confidence 0..1 + extracted version + evidence[]) sorted by confidence, the top framework, and a raw-signal summary. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
currency-detector TRL 6Currency Detector
Microservice for Currency Detector 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
customer-logos TRL 7Customer Logos
Microservice for Customer Logos 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
data-format-converter Data Format Converter
Convert payloads between CSV/JSON/XML/YAML/TOML (wraps go-common/dataformat) 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
data-inventory TRL 6Data Inventory
Microservice for Data Inventory 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
debug-detector TRL 6Debug Detector
Microservice for Debug Detector 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
dependency-counter TRL 6Dependency Counter
Microservice for Dependency Counter 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
dir-listing TRL 6Dir Listing
Microservice for Dir Listing 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
dns-record TRL 6Dns Record
Microservice for Dns Record 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
dom-complexity-metrics TRL 7Dom Complexity Metrics
Structural DOM-complexity metrics for a web page or raw HTML — total element-node and text-node counts, maximum nesting depth, maximum sibling breadth, per-tag frequency histogram, distinct-tag count, average children per element, high-fan-out element count, the deepest element path, text-to-element ratio, total DOM size in bytes, and a combined complexity score. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-ad-network TRL 4Domain Ad Network
Ad-network detector - ads.txt + AdSense/Taboola/Outbrain/Criteo/Media.net/etc. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-amp-detector TRL 4Domain Amp Detector
AMP (Accelerated Mobile Pages) presence detector — link rel=amphtml + canonical AMP HTML.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-analytics-stack TRL 4Domain Analytics Stack
Analytics stack detector - GA4/GTM/Segment/Mixpanel/Plausible/Fathom/Heap/Amplitude/Matomo/Hotjar/FullStory SDK IDs. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-anycast-footprint TRL 4Domain Anycast Footprint
Anycast vs unicast routing detector (multi-resolver IP convergence + ASN check).
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-app-render-mode TRL 4Domain App Render Mode
Front-end framework + render mode (SSR/CSR/SSG) detector. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-backlink-profile TRL 4Domain Backlink Profile
Inbound-link / referring-domain estimator (Common Crawl + Web Archive). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-bimi-checker TRL 4Domain Bimi Checker
BIMI logo record + VMC certificate checker (brand email indicators).
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-breadcrumb-schema TRL 5Domain Breadcrumb Schema
schema.org BreadcrumbList JSON-LD + microdata detector + validator. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-cache-policy TRL 5Domain Cache Policy
HTTP cache hygiene scorer (RFC 7234/9111). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-cms-version TRL 4Domain Cms Version
CMS core + version detector (WordPress/Drupal/Joomla/Ghost/Next.js/etc.). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-dane-tlsa TRL 4Domain Dane Tlsa
DANE/TLSA record presence + cert binding validation (RFC 6698).
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-deployment-fingerprint TRL 5Domain Deployment Fingerprint
Unified deployment fingerprint (PaaS + serverless + edge-compute detector). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-details TRL 6Domain Details
Microservice for Domain Details 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-ecommerce-platform TRL 4Domain Ecommerce Platform
E-commerce platform detector (Shopify/Magento/Woo/BigCommerce/etc.). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-error-monitoring TRL 4Domain Error Monitoring
Front-end error monitoring detector - Sentry/Datadog RUM/Bugsnag/Rollbar/Raygun/etc. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-events-platform TRL 4Domain Events Platform
Events / webinar platform detector - Zoom/Hopin/Luma/Eventbrite/Bevy/Cvent/etc. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-experimentation-stack TRL 4Domain Experimentation Stack
A/B-testing + feature-flag stack detector (Optimizely/VWO/LaunchDarkly/Split.io/etc.). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-faq-schema TRL 5Domain Faq Schema
schema.org FAQPage JSON-LD + microdata detector + validator. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-favicon-completeness TRL 5Domain Favicon Completeness
Favicon + Web App Manifest icon-set completeness checker. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-font-stack TRL 4Domain Font Stack
Web font stack detector - Google Fonts/Adobe Fonts/self-hosted + family count + font-display hygiene. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-gift-card TRL 5Domain Gift Card
Gift-card offering detector (URL slugs + schema.org GiftCard + cart signals). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-glue-records TRL 5Domain Glue Records
Glue record presence at parent zone (RFC 1034 3.6.1 / RFC 8499). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-image-alt-coverage TRL 4Domain Image Alt Coverage
Image alt-text coverage analyzer (WCAG 1.1.1 signal). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-integration-marketplace TRL 5Domain Integration Marketplace
Integration / marketplace / app-directory page detector with count estimate. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-interactive-demo TRL 5Domain Interactive Demo
Product-demo / sandbox embed detector (Storylane/Navattic/Arcade/etc.). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-liveness-state TRL 4Domain Liveness State
Domain liveness classifier — live / under-construction / login-wall / parked / default-server-page / error.
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-martech-stack TRL 4Domain Martech Stack
Martech stack detector — HubSpot/Marketo/Pardot/Eloqua/Mailchimp/etc. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-naptr-enum TRL 5Domain Naptr Enum
NAPTR + ENUM (E.164) record discovery (RFC 3403/2916/6116). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-pagination-rel TRL 5Domain Pagination Rel
WHATWG rel=next/prev + Link-header pagination detector. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-podcast-presence TRL 4Domain Podcast Presence
Podcast presence detector — RSS feed + linked platforms + embedded players. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-product-count TRL 5Domain Product Count
E-commerce catalog SKU-count estimator (sitemap + JSON-LD + Shopify probe). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-ratelimit-headers TRL 5Domain Ratelimit Headers
RateLimit-* / Retry-After header detector + parser. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-tracker-density TRL 6Domain Tracker Density
Tracker density + categorization (DuckDuckGo Tracker Radar, CC0). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-viewport-meta TRL 5Domain Viewport Meta
Viewport meta tag parser + mobile-friendliness scoring. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
domain-wikidata-entity TRL 4Domain Wikidata Entity
Wikidata + Wikipedia entity linkage for a domain (P856 match). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
dtss TRL 5Dtss
Microservice for Dtss 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
email-extractor TRL 7Email Extractor
Microservice for Email Extractor 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
email-harvester TRL 6Email Harvester
Microservice for Email Harvester 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
embed-iframe-classifier TRL 5Embed Iframe Classifier
Inventories and classifies every <iframe>, <embed>, and <object> on a web page or raw HTML: resolved-absolute src/data, host, and a curated provider/category label (youtube/vimeo video, google_maps/openstreetmap maps, twitter/facebook social, spotify/soundcloud audio, google_docs/codepen docs, typeform/airtable forms, ads_analytics), plus per-provider and per-category counts. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
emotional-tone TRL 5Emotional Tone
Microservice for Emotional Tone 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
env-finder TRL 6Env Finder
Microservice for Env Finder 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
feed-finder TRL 6Feed Finder
Microservice for Feed Finder 		goweb-analysis
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
file-inclusion TRL 5File Inclusion
Microservice for File Inclusion 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
firmographic-profile TRL 6Firmographic Profile
Clearbit-style company firmographic profile: industry, employee band, founding year, legal entity, revenue model, office locations, funding — 8 fleet analyzers merged via composite-runner. 		gokind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
founding-year TRL 7Founding Year
Microservice for Founding Year 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
funding-detector TRL 7Funding Detector
Microservice for Funding Detector 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
funding-signal Funding Signal
Best-effort funding signal (latest round, total, investors, press) for a brand/domain from Crunchbase + brand press pages + Google News RSS 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
gdpr-compliance TRL 6Gdpr Compliance
Microservice for Gdpr Compliance 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
go-oauth-mapper TRL 6Go Oauth Mapper
Microservice for Oauth Mapper 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
google-taxonomy TRL 5Google Taxonomy
Microservice for Google Taxonomy 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
graphql-introspection TRL 6Graphql Introspection
Microservice for Graphql Introspection 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
heading-outline-extractor TRL 7Heading Outline Extractor
Extracts the heading structure (h1-h6) of a web page or raw HTML and builds a nested document outline plus accessibility diagnostics — per-level counts, max nesting depth, and structure warnings (no_h1, multiple_h1, first_heading_not_h1, skipped_level, empty_heading). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
hidden-fields TRL 6Hidden Fields
Microservice for Hidden Fields 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
host-header TRL 6Host Header
Microservice for Host Header 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
hsts-checker TRL 6Hsts Checker
Microservice for Hsts Checker 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
http-method-tester TRL 7Http Method Tester
Microservice for Http Method Tester 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
http-protocol TRL 7Http Protocol
Microservice for Http Protocol 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
iban-bic-validator Iban Bic Validator
Offline IBAN (ISO 13616 MOD-97) and BIC (ISO 9362) validator — domains mesh, TRL-7 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
idor-finder TRL 6Idor Finder
Microservice for Idor Finder 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
iframe-analyzer TRL 6Iframe Analyzer
Microservice for Iframe Analyzer 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
ipv6-checker TRL 6Ipv6 Checker
Microservice for Ipv6 Checker 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
js-framework-version-extractor TRL 6Js Framework Version Extractor
Detects JavaScript frameworks/libraries and their versions from STATIC markup only (no JS execution) on a web page or raw HTML: parses versioned CDN <script src> URLs (react@18.2.0, vue@3.4.21, jquery-3.7.1.min.js, bootstrap, htmx.org, alpinejs, gsap, d3, lodash, three), the exact ng-version attribute (gold case), build-tool/framework fingerprints (Next.js /_next/, Nuxt __NUXT__/_nuxt/, Gatsby /page-data/ + ___gatsby, SvelteKit /_app/, Astro astro-island, React data-reactroot, Vue data-v-*), and <meta name=generator> (Gatsby/WordPress/Hugo). Returns frameworks[] (name, version omitempty, confidence 0..1, evidence[]) sorted by confidence desc, plus top. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
jsonp-finder TRL 6Jsonp Finder
Microservice for Jsonp Finder 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
jwt-debugger TRL 6Jwt Debugger
Microservice for Jwt Debugger 		goweb-analysis
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
keyphrase-extractor Keyphrase Extractor
Rank multi-word keyphrases + topics via RAKE candidate generation re-ranked by a TextRank co-occurrence PageRank (pure Go, no external NLP service) 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
keyword-density TRL 6Keyword Density
Microservice for Keyword Density 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
language-detector TRL 6Language Detector
Detects the dominant natural language and writing system of a web page or raw text: Unicode-range script detection (Latin, Cyrillic, Greek, CJK, Arabic, Hebrew, Devanagari) plus curated-stopword frequency scoring for en/es/fr/de/it/pt/nl, returning an ISO 639-1 language, confidence, and top-5 scores. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
leadership-extractor TRL 5Leadership Extractor
Extracts the leadership/executive team from a web page or raw HTML — people whose title matches an executive/leadership keyword set — returning each leader's name, title, normalized rank (c_suite/founder/president/vp/director/board/other_leadership), bio, and profile links, plus a by_rank count map. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
legal-entity TRL 6Legal Entity
Microservice for Legal Entity 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
license-extractor TRL 7License Extractor
Detect the software/content license(s) of a web page or raw HTML/text — walks the DOM for structured signals (link rel=license, license anchors, JSON-LD license fields) and scans extracted text for license names, normalizing to SPDX identifiers (MIT, Apache-2.0, GPL/LGPL/AGPL, BSD, MPL-2.0, ISC, Unlicense, Creative Commons), plus copyright-line extraction. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
list-extractor TRL 7List Extractor
Extracts HTML lists from a web page or raw HTML: ordered (ol), unordered (ul), and description (dl) lists, with item text, term/definition pairs, nesting depth, and per-list/total counts. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
loadbalancer-detect TRL 6Loadbalancer Detect
Microservice for Loadbalancer Detect 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
login-analyzer TRL 6Login Analyzer
Microservice for Login Analyzer 		goweb-analysis
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
menu-extractor TRL 6Menu Extractor
Extracts the navigation menu structure of a web page or raw HTML: nav / role=navigation / aria-labelled regions plus header and footer link lists, each as a tree of menu items (label, href, nested submenu children) with region classification and a region/link/depth summary. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
merchant-profile TRL 6Merchant Profile
E-commerce merchant profile: platform detection, payment methods, accepted currencies, price range, shipping regions, catalog SKU count — 6 analyzers in one structured record. 		gokind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
microformats2-extractor TRL 6Microformats2 Extractor
Parses microformats2 (mf2) markup from a web page or raw HTML into canonical mf2 JSON. Detects h-* root items (h-card, h-entry, h-event, h-feed, h-product, h-review, h-recipe, h-adr, h-geo and any other h-*), reads p-/u-/dt-/e- properties on descendants, applies the implied name/url/photo rules, nests h-* items inside properties (e.g. p-author h-card) and as children[], and collects rel values into rels{} and rel-urls{} — returning items[], rels, rel-urls, and a summary roll-up. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
mime-trap TRL 6Mime Trap
Microservice for Mime Trap 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
mobile-friendly TRL 6Mobile Friendly
Microservice for Mobile Friendly 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
named-entity-recognizer Named Entity Recognizer
Named-entity recognizer (PERSON/ORG/LOCATION/PRODUCT/EVENT) — pure-Go prose statistical NER + curated gazetteer, rune-accurate offsets, SSRF-guarded url fetch 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
office-locations TRL 7Office Locations
Microservice for Office Locations 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
open-redirect TRL 6Open Redirect
Microservice for Open Redirect 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
outlink-graph TRL 6Outlink Graph
Microservice for Outlink Graph 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
page-load-metrics TRL 5Page Load Metrics
Microservice for Page Load Metrics 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
passive-voice-detector TRL 5Passive Voice Detector
Passive-voice detection for a web page or raw text — flags sentences using a be/get auxiliary plus a past participle, reports the matched trigger per sentence, total/passive sentence counts, and the passive-sentence ratio. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
payment-detector TRL 7Payment Detector
Microservice for Payment Detector 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
pentest-bounty-pilot TRL 4Pentest Bounty Pilot
Bounty-hunt orchestrator: POST /hunt drives waf-detect → cookie-pwn → js-bundle-scanner → wayback-urls → reflection-hunter against given targets, returns consolidated triage JSON. 		gokind-containerlanguage-goruntime-composesecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
pentest-cookie-pwn TRL 6Pentest Cookie Pwn
Parse Set-Cookie, classify cookies (session/Keycloak/F5/CSRF/tracker), flag missing flags, probe session-bearing endpoints, emit runnable PoC tar.gz. 		gokind-containerlanguage-goruntime-composesecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
pentest-js-bundle-scanner TRL 6Pentest Js Bundle Scanner
Fetch URL, recurse script src tags, scan 21 secret-pattern classes (AWS/Stripe/GitHub/Google/Anthropic/RSA-PEM/etc.), extract endpoints, classify sourcemaps as first vs third party (eTLD+1). 		gokind-containerlanguage-goruntime-composesecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
pentest-reflection-hunter TRL 6Pentest Reflection Hunter
Brute-fuzz ~40 standard params, classify reflection context (js-string/html-attr/json/url), escalate with composite breakout payloads. Filters WAF-challenge interstitials before classification. 		gokind-containerlanguage-goruntime-composesecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
pentest-waf-detect TRL 5Pentest Waf Detect
Fingerprint WAF/CDN challenge interstitials (14 vendors, 18 signatures). Used by reflection-hunter and bounty pipeline to drop interstitial false positives. 		gokind-containerlanguage-goruntime-composesecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
pentest-ywh-sync TRL 4Pentest Ywh Sync
Pull YWH public program list + scopes from api.yeswehack.com, filter by min-bounty / max-reports / verified, emit bounty-scope-checker seed entries. 		gokind-containerlanguage-goruntime-composesecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
phone-extractor TRL 7Phone Extractor
Microservice for Phone Extractor 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
policy-clause-extractor TRL 6Policy Clause Extractor
Segment a legal/policy web page or raw HTML (privacy policy, terms of service, cookie policy, EULA, refund/return, acceptable-use) into clauses keyed by heading and classify each by policy type (data-collection, data-sharing, cookies, retention, user-rights/GDPR, liability, governing-law, termination, refund-return, acceptable-use, contact/DPO), plus a summary roll-up. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
press-mentions TRL 7Press Mentions
Microservice for Press Mentions 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
price-range TRL 5Price Range
Microservice for Price Range 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
pricing-tier-parser TRL 5Pricing Tier Parser
Extract pricing tiers / plan cards from a web page or raw HTML — per-tier plan name, parsed price (currency + amount + billing period), most-popular flag, and feature list, plus a summary (tier count, currency, price range, billing-toggle detection). 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
promo-code-detector TRL 6Promo Code Detector
Detect promotional offers and discount/coupon codes on a web page or in raw text — coupon codes near trigger words (use code, promo, voucher), percentage-off and amount-off offers across currencies, BOGO, free shipping, free trial, plus urgency/expiry hints. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
proxy-fingerprint TRL 6Proxy Fingerprint
Microservice for Proxy Fingerprint 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
pwa-manifest TRL 6Pwa Manifest
Microservice for Pwa Manifest 		goweb-analysis
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
quote-extractor TRL 7Quote Extractor
Extracts quotations from a web page or raw HTML — <blockquote> (kind block) and inline <q> elements — capturing each quote's text, its cite= source URL, and any nested <cite> attribution, with block/inline counts. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
ratelimit-tester TRL 7Ratelimit Tester
Microservice for Ratelimit Tester 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
readability-index TRL 5Readability Index
Readability scoring for a web page or raw text — Flesch Reading Ease, Flesch-Kincaid Grade, Gunning Fog, SMOG, Coleman-Liau, and ARI, plus a consensus US-grade estimate. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
reading-time-estimator TRL 5Reading Time Estimator
Estimates reading time for a web page or raw text across slow/average/fast WPM bands, plus a Medium-style per-image viewing allowance — returns words, image count, per-band minutes/seconds, and a humanized 'about N min read' label. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
redirect-tracer TRL 7Redirect Tracer
Microservice for Redirect Tracer 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
remote-detector TRL 6Remote Detector
Microservice for Remote Detector 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
revenue-model TRL 6Revenue Model
Microservice for Revenue Model 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
reverse-dns TRL 6Reverse Dns
Microservice for Reverse Dns 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
review-presence Review Presence
Fetch Trustpilot/G2/Capterra/Glassdoor star rating + review count for a brand by parsing each public profile's JSON-LD AggregateRating 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
robots-analyzer TRL 6Robots Analyzer
Microservice for Robots Analyzer 		goweb-analysis
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
robots-parser TRL 7Robots Parser
Microservice for Robots Parser 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
scan-port TRL 6Scan Port
Microservice for Scan Port 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
scan-port-banner TRL 6Scan Port Banner
Microservice for Scan Port Banner 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
scan-port-ssh TRL 7Scan Port Ssh
Microservice for Scan Port Ssh 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
scc TRL 5Scc
Microservice for Scc 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
schema-extractor TRL 6Schema Extractor
Microservice for Schema Extractor 		goweb-analysis
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
search-bing-go TRL 5Search Bing Go
Microservice for Search Bing Go 		gosearch
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
search-duck-go TRL 5Search Duck Go
Microservice for Search Duck Go 		gosearch
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
seasonal-detector TRL 6Seasonal Detector
Microservice for Seasonal Detector 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
secrets-scanner TRL 6Secrets Scanner
Microservice for Secrets Scanner 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
security-header-analyzer TRL 6Security Header Analyzer
Microservice for Security Header Analyzer 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
security-headers TRL 7Security Headers
Microservice for Security Headers 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
security-txt TRL 7Security Txt
Microservice for Security Txt 		goweb-analysis
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
seo-audit TRL 6Seo Audit
Full SEO site audit: on-page basics, keyword density, heading structure, structured data, sitemap, robots.txt, broken links, mobile-friendliness — 9 analyzers in one call. 		gokind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
seo-basics TRL 6Seo Basics
Microservice for Seo Basics 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
service-worker-detector TRL 7Service Worker Detector
Detects Progressive-Web-App / service-worker signals from the STATIC markup of a web page (or raw HTML): inline navigator.serviceWorker.register() calls with the resolved script URL and scope option, the <link rel=manifest> URL, and PWA meta/link tags (theme-color, apple-mobile-web-app-capable, apple-touch-icon, mobile-web-app-capable, viewport). Returns a flat report with has_service_worker, sw_registrations[], manifest_url, pwa_signals, a pwa_score count, and an evidence[] trail. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
services-dashboard Services Dashboard domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
session-management TRL 5Session Management
Microservice for Session Management 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
shipping-regions TRL 6Shipping Regions
Microservice for Shipping Regions 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
simulate-ddos TRL 2Simulate Ddos
Microservice for Simulate Ddos 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
sitemap-finder TRL 7Sitemap Finder
Discovers a site's sitemaps via robots.txt + common-path probes, follows sitemapindex chains, decompresses .gz, returns URL inventory sorted by lastmod with an evidence trail. 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
smuggling-probe TRL 5Smuggling Probe
Microservice for Smuggling Probe 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
social-graph TRL 7Social Graph
Microservice for Social Graph 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
social-proof-extractor TRL 5Social Proof Extractor
Extract social-proof signals from a web page or raw HTML — schema.org AggregateRating (JSON-LD + microdata), visible star ratings, review counts, customer/usage counts, testimonial blocks, press mentions, and trust-badge logo counts, plus a one-line summary. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
sourcemap-finder TRL 6Sourcemap Finder
Microservice for Sourcemap Finder 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
structured-data-validator TRL 7Structured Data Validator
Finds and validates a web page's structured data from three sources — JSON-LD (<script type=application/ld+json>), Microdata (itemscope/itemtype/itemprop), and RDFa (vocab/typeof/property) — reporting per block its format, the @type/itemtype/typeof values, whether it parsed, any parse errors, and recommended-field warnings for common schema.org types, plus a summary with total/valid/invalid counts, types_seen, and a by_format histogram. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
subdomain-finder TRL 6Subdomain Finder
Microservice for Subdomain Finder 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
subdomain-takeover TRL 7Subdomain Takeover
Microservice for Subdomain Takeover 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
substack-scraper TRL 7Substack Scraper
Public-metadata scraper for Substack publications: posts, cadence, recommendations, authors. 		gosubstack
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
svg-icon-inventory TRL 7Svg Icon Inventory
Inventories every SVG / icon usage on a web page or raw HTML and classifies by mechanism: inline <svg> elements (with their <symbol> defs and viewBox), sprite references via <use href='#id'> / <use xlink:href='sprite.svg#id'>, <img src='*.svg'>, external SVG via <object data='*.svg'> / <embed src='*.svg'>, and icon-font usage (fa-/material-icons/glyphicon/bi-/icon- class heuristics). Returns icons[] (mechanism, resolved-absolute ref/src, symbol_id, viewBox), a per-mechanism summary, plus deduped unique_symbol_ids[] and external_sprite_urls[]. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
svi TRL 7Svi
Microservice for Svi 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
swagger-finder TRL 6Swagger Finder
Microservice for Swagger Finder 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
table-extractor Table Extractor
Parse every HTML table into a dense matrix with full colspan/rowspan expansion and header detection (no regex) 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
team-member-extractor TRL 5Team Member Extractor
Extracts a roster of team / staff members from an about-us or team page (or raw HTML) — each member's name, role (job title), short bio, photo_url (resolved absolute), and social/profile links — preferring schema.org Person (JSON-LD then microdata) and falling back to a conservative repeated-card heuristic. Returns members[] plus count and the detection method. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
team-size TRL 6Team Size
Microservice for Team Size 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
tech-stack TRL 6Tech Stack
Microservice for Tech Stack 		goweb-analysis
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
technology-stack TRL 7Technology Stack
Microservice for Technology Stack 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
telnet-banner TRL 7Telnet Banner
Microservice for Telnet Banner 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
testimonial-extractor TRL 5Testimonial Extractor
Extracts testimonials / customer reviews / endorsements from a web page or raw HTML — schema.org Review JSON-LD first, then <blockquote> with <cite>/<figcaption> attribution, then heuristic testimonial cards — capturing each testimonial's text, author, author_title, numeric rating (when present), and source_url, plus count and a has_ratings flag. 		kind-containerlanguage-goruntime-compose
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
tos-finder TRL 5Tos Finder
Microservice for Tos Finder 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
trust-decay TRL 7Trust Decay
Microservice for Trust Decay 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
typosquat-finder TRL 6Typosquat Finder
Microservice for Typosquat Finder 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
ugc-detector TRL 5Ugc Detector
Microservice for Ugc Detector 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
update-frequency TRL 6Update Frequency
Microservice for Update Frequency 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
url-shortener TRL 5Url Shortener
Microservice for Url Shortener 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
user-demographics TRL 7User Demographics
Microservice for User Demographics 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
vendor-security-scorecard TRL 6Vendor Security Scorecard
Third-party / vendor risk scorecard: HTTP security headers, HSTS, cookie flags, DNSSEC, CORS posture, end-of-life tech — 6 security analyzers merged into one graded report. 		gokind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
video-content TRL 6Video Content
Video-content detector: schema.org VideoObject parsing, platform detection (YouTube/Vimeo/Wistia), autoplay + accessibility scoring. 		govideo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
voice-search Voice Search go
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
wayback-checker TRL 7Wayback Checker
Microservice for Wayback Checker 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
web-vitals-report TRL 6Web Vitals Report
Core Web Vitals and performance report: page-load metrics, CrUX field vitals (p75 LCP/CLS/INP/TTFB), DOM complexity, compression, cache policy, website carbon footprint. 		gokind-container
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
website-carbon TRL 6Website Carbon
Microservice for Website Carbon 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
websocket-analyzer TRL 7Websocket Analyzer
Microservice for Websocket Analyzer 		goinfrastructure
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
wellknown-scanner TRL 6Wellknown Scanner
Microservice for Wellknown Scanner 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
wp-plugins TRL 6Wp Plugins
Microservice for Wp Plugins 		gorecon
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
wps TRL 6Wps
Microservice for Wps 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
xss-payload TRL 5Xss Payload
Microservice for Xss Payload 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
xss-scanner TRL 6Xss Scanner
Microservice for Xss Scanner 		domainsgo
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗
zone-transfer TRL 5Zone Transfer
Microservice for Zone Transfer 		gosecurity
api_key required (header X-API-Key or ?api_key=)
open ↗ · repo ↗

pages (76)

servicetitle / summarytagscommitopendiscover
accent-coach TRL 4Accent Coach
Private browser-based accent coach that analyzes speech and drills phoneme-level pronunciation.
no auth
open ↗ · repo ↗
anon-conf-poll TRL 3Anon Conf Poll
Static, anonymous live polling with CRDT sync, zk one-vote proofs, and local analytics.
no auth
open ↗ · repo ↗
audience-field-sculpture TRL 3Audience Field Sculpture
A privacy-preserving browser artwork — phones read a sculpture tag and shift visuals/audio from local viewing patterns. No surveillance.
no auth
open ↗ · repo ↗
audio-repair-lab TRL 4Audio Repair Lab
Browser-based audio repair toolkit for noise removal, vocal isolation, and quick podcast/music cleanup.
no auth
open ↗ · repo ↗
automata-lab Automata Lab kind-staticlanguage-htmlruntime-github-pages
no auth
open ↗ · repo ↗
bilateral-memory-processing TRL 2Bilateral Memory Processing
Private browser-based EMDR-inspired audio journaling with local transcription, reflection prompts, and no trauma uploads.
no auth
open ↗ · repo ↗
castle-archive-memory-vault TRL 3Castle Archive Memory Vault
Private, local-first voice reflection vault for retreats. Whisper + sentence-transformers + age + DuckDB + Markdown export, all in the browser.
no auth
open ↗ · repo ↗
chatwrapped Chatwrapped kind-staticlanguage-htmlruntime-github-pages
no auth
open ↗ · repo ↗
complete-gardener-planner TRL 3Complete Gardener Planner
Static-first planner for plant ID, crop rotation, sun, soil, watering, frost, and harvest forecasts.
no auth
open ↗ · repo ↗
cookiecutter-data-science TRL 4Cookiecutter Data Science
A logical, reasonably standardized, but flexible project structure for doing and sharing data science work.
no auth
open ↗ · repo ↗
crystal-growth-simulator TRL 4Crystal Growth Simulator
Live browser simulator for snowflake, dendrite, and coral-like crystal growth with WebGPU visuals and sonified physics.
no auth
open ↗ · repo ↗
cursorparty TRL 3Cursorparty
Shared cursors and sticky notes on an infinite canvas. P2P over a self-hosted WebRTC mesh. GitHub-Pages-only, no backend.
no auth
open ↗ · repo ↗
deep-searcher TRL 4Deep Searcher
Open Source Deep Research Alternative to Reason and Search on Private Data. Written in Python.
no auth
open ↗ · repo ↗
earthquake-wave-propagation TRL 4Earthquake Wave Propagation
Interactive WebGPU demo: click a fault to see and hear P-waves and S-waves propagate across terrain.
no auth
open ↗ · repo ↗
elder-care-coordinator TRL 4Elder Care Coordinator
Local-first elder care coordination for meds, appointments, insurance drafts, and emergency packets.
no auth
open ↗ · repo ↗
fake-text Fake Text kind-staticlanguage-htmlruntime-github-pages
no auth
open ↗ · repo ↗
field-recording-mirror TRL 3Field Recording Mirror
A private browser instrument that records 30 seconds of now and replays it as a subtly altered sonic mirror.
no auth
open ↗ · repo ↗
flowfield Flowfield kind-staticlanguage-htmlruntime-github-pages
no auth
open ↗ · repo ↗
gentle-adhd-flow TRL 3Gentle Adhd Flow
Local-first ADHD self-management: voice brain-dumps become tasks, focus sessions, habits, and gentle planning.
no auth
open ↗ · repo ↗
granular-physics-lab TRL 4Granular Physics Lab
Browser-based granular sandbox for teaching sand, gravel, and snow behavior with WASM physics and WebGPU visuals.
no auth
open ↗ · repo ↗
group-theory-visualizer TRL 4Group Theory Visualizer
Interactive finite-group and symmetry explorer using WASM math, Three.js, and graph visualization.
no auth
open ↗ · repo ↗
highlight-recall TRL 3Highlight Recall
Local-first EPUB/PDF highlight review with semantic search and spaced repetition.
no auth
open ↗ · repo ↗
implemment-the-following-time-displaced-ears TRL 2Implemment The Following Time Displaced Ears
A browser audio lab for hearing live microphone input delayed, pitch-shifted, and spectrally transformed.
no auth
open ↗ · repo ↗
life-in-weeks Life In Weeks kind-staticlanguage-htmlruntime-github-pages
no auth
open ↗ · repo ↗
little-voice-stories TRL 3Little Voice Stories
Turn a kid’s drawing into a bedtime story narrated in a parent’s voice, entirely in the browser.
no auth
open ↗ · repo ↗
local-proofreader TRL 4Local Proofreader
Local-first grammar, spelling, style, and rewrite assistant for the browser with no draft data sent to servers.
no auth
open ↗ · repo ↗
localhuman-mail TRL 3Localhuman Mail
Privacy-first AI email client with local mailbox indexing, semantic search, and assistive drafting.
no auth
open ↗ · repo ↗
localingo TRL 4Localingo
A private, gamified language tutor with local speech, review, grammar, and lesson generation.
no auth
open ↗ · repo ↗
mandala-studio Mandala Studio kind-staticlanguage-htmlruntime-github-pages
no auth
open ↗ · repo ↗
mesh-bench-archive TRL 4Mesh Bench Archive
Peer-to-peer mesh: voice notes tied to a place. Scan a QR sticker on a bench, hear the last visitors. Audio lives only in browsers that have scanned.
no auth
open ↗ · repo ↗
mesh-carpool-bingo TRL 3Mesh Carpool Bingo
Peer-to-peer mesh: road-trip bingo. Per-phone unique 5x5 cards, shared claim space across the car. First to a line wins.
no auth
open ↗ · repo ↗
mesh-codenames Mesh Codenames kind-staticlanguage-htmlpeer-to-peerruntime-github-pages
no auth
open ↗ · repo ↗
mesh-firefly-walk TRL 3Mesh Firefly Walk
Peer-to-peer mesh: phones pulse soft yellow in clock-synced unison for a swarm-of-fireflies effect on a night walk.
no auth
open ↗ · repo ↗
mesh-lightning-flash TRL 3Mesh Lightning Flash
Peer-to-peer mesh: all phone flashlights strobe in single-millisecond sync to light a group photo from many angles at once.
no auth
open ↗ · repo ↗
mesh-mafia TRL 3Mesh Mafia
Peer-to-peer Werewolf: phones are role cards assigned via cryptographic commit-reveal; no server ever learns who's the wolf.
no auth
open ↗ · repo ↗
mesh-metronome TRL 4Mesh Metronome
Peer-to-peer mesh: 4 phones become a polyrhythm grid, each playing a clock-synced subdivision of the same BPM.
no auth
open ↗ · repo ↗
mesh-mirror TRL 4Mesh Mirror
Peer-to-peer mesh: phones in a ring show each other's live camera feed — phone N's screen shows phone (N+1)'s view, creating a low-fi infinite mirror.
no auth
open ↗ · repo ↗
mesh-most-likely Mesh Most Likely kind-staticlanguage-htmlpeer-to-peerruntime-github-pages
no auth
open ↗ · repo ↗
mesh-picker Mesh Picker kind-staticlanguage-htmlpeer-to-peerruntime-github-pages
no auth
open ↗ · repo ↗
mesh-reaction Mesh Reaction kind-staticlanguage-htmlpeer-to-peerruntime-github-pages
no auth
open ↗ · repo ↗
mesh-shared-window TRL 4Mesh Shared Window
Peer-to-peer mesh: 2-4 friends in different homes each point their camera at a view they like; every phone tiles all the others' feeds into one composite.
no auth
open ↗ · repo ↗
mesh-silence-counter TRL 2Mesh Silence Counter
Peer-to-peer mesh: group meditation timer. Phones detect stillness via accelerometer and aggregate the count anonymously.
no auth
open ↗ · repo ↗
mesh-tap-symphony TRL 3Mesh Tap Symphony
Peer-to-peer mesh: each phone is one drum; 30 seconds of taps records a synced loop that replays on every phone.
no auth
open ↗ · repo ↗
mesh-tug-of-war Mesh Tug Of War
Two teams tap frantically — the rope moves live on every phone 		kind-staticlanguage-htmlpeer-to-peerruntime-github-pages
no auth
open ↗ · repo ↗
mesh-wave-canvas TRL 3Mesh Wave Canvas
Peer-to-peer mesh: arrange phones in a row; tap one and a ripple expands across all phones as if they were one continuous canvas.
no auth
open ↗ · repo ↗
newsletter-flow TRL 4Newsletter Flow
Local-first writing desk for researching, drafting, polishing, and repurposing newsletters without SaaS bloat.
no auth
open ↗ · repo ↗
numen TRL 3Numen
Static-first academic writing platform for drafting, citations, literature review, figures, and submission-ready PDFs.
no auth
open ↗ · repo ↗
open-indie-studio TRL 3Open Indie Studio
Browser-based toolkit for making, testing, packaging, and documenting small 2D/casual indie games.
no auth
open ↗ · repo ↗
open-school-lab TRL 3Open School Lab
Browser-based science, math, and engineering labs for classrooms without physical equipment.
no auth
open ↗ · repo ↗
openphoto-studio TRL 4Openphoto Studio
Browser-based photo editor with WASM imaging tools and local WebGPU AI features.
no auth
open ↗ · repo ↗
osm-poster TRL 4Osm Poster
Beautiful map posters from OpenStreetMap, generated in your browser. No backend, no API keys.
no auth
open ↗ · repo ↗
parse-address TRL 5Parse Address
US Street Address Parser
no auth
open ↗ · repo ↗
pentest-dashboard TRL 7Pentest Dashboard
Browser dashboard for the pentest fleet. Single-page HTML app (Tailwind CDN, vanilla JS) with tabs for Preflight, Programs, Recon, Scan, Findings, Report. Calls every passive scanner via the api_key in browser localStorage. Human-facing GUI for the same flow go-pentest-cli and go-pentest-walkthrough automate. 		go-pentest
no auth
open ↗ · repo ↗
physical-kanban-sync TRL 3Physical Kanban Sync
Browser-first physical sticky-note Kanban that scans AprilTags and syncs board state to collaborators.
no auth
open ↗ · repo ↗
pockettalkie TRL 3Pockettalkie
Encrypted push-to-talk rooms in the browser. P2P audio mesh over a self-hosted WebRTC stack. GitHub-Pages-only, no backend.
no auth
open ↗ · repo ↗
polyglot-nlp-toolkit TRL 5Polyglot Nlp Toolkit
Multilingual NLP pipeline for corpus analysis: tokenize, tag, parse, NER, embed, and cluster text.
no auth
open ↗ · repo ↗
project-bootstrap-meta TRL 2Project Bootstrap Meta
A GitHub Pages-first bootstrap map for disciplined project setup. 		adrgithub-pagesproject-bootstrapreactvite
no auth
open ↗ · repo ↗
react-data-grid TRL 6React Data Grid
Feature-rich and customizable data grid React component
no auth
open ↗ · repo ↗
read-later-curriculum TRL 3Read Later Curriculum
A local-first read-later app that turns saved articles into a dependency-ordered reading curriculum.
no auth
open ↗ · repo ↗
research-flow TRL 4Research Flow
Private browser research workspace for clustering papers, finding gaps, drafting outlines, and exporting cited Word/LaTeX.
no auth
open ↗ · repo ↗
roamless-notes TRL 3Roamless Notes
Local-first outliner with backlinks, graph search, semantic recall, and optional peer-to-peer sync. 		crdtduckdbgithub-pagesknowledge-graphlocal-firstnotesyjs
no auth
open ↗ · repo ↗
room-vj TRL 3Room Vj
Browser-based live room visuals that react to music, people, and synced nearby devices. 		audio-reactivemediapipethreejswebgpuwebrtc
no auth
open ↗ · repo ↗
schlieren-imaging-simulator TRL 4Schlieren Imaging Simulator
Browser-based Schlieren simulator for visualizing heat, sound, and gas density gradients with WebGPU and Three.js.
no auth
open ↗ · repo ↗
show-me-the-way TRL 4Show Me The Way
See OSM edits happen in real time.
no auth
open ↗ · repo ↗
stellar-evolution-simulator TRL 4Stellar Evolution Simulator
Browser-based stellar lifecycle simulator using Pyodide, Plotly, and a MESA-inspired model subset.
no auth
open ↗ · repo ↗
string-portrait String Portrait kind-staticlanguage-htmlruntime-github-pages
no auth
open ↗ · repo ↗
substance-sampler TRL 3Substance Sampler
Browser-based photo-to-PBR texture creation for indie game and 3D artists, powered by WebGPU and WASM.
no auth
open ↗ · repo ↗
tagboard TRL 3Tagboard
AprilTag-anchored AR sticky notes. Print a marker, point your camera, shared notes appear. P2P over a self-hosted WebRTC mesh. No backend.
no auth
open ↗ · repo ↗
trust-no-one-anonymizer TRL 4Trust No One Anonymizer
Client-side face and voice anonymizer for private browser-based video calls. 		mediapipeprivacystatic-sitewebaudiowebrtc
no auth
open ↗ · repo ↗
universal-document-workbench TRL 4Universal Document Workbench
Drop documents in, extract text and metadata, OCR scans, detect entities, and convert outputs to Markdown, DOCX, or EPUB.
no auth
open ↗ · repo ↗
urban-farm-year TRL 3Urban Farm Year
A static, offline-friendly planner for garden calendars, daily care, harvest logs, and next-year growing decisions.
no auth
open ↗ · repo ↗
vagus-reset-coach TRL 3Vagus Reset Coach
A private browser-based 2-minute breath coach using webcam rPPG and local HRV logging.
no auth
open ↗ · repo ↗
vcard-personal-portfolio TRL 3Vcard Personal Portfolio
vCard is a fully responsive personal portfolio website, responsive for all devices.
no auth
open ↗ · repo ↗
webcam-dither-lab TRL 3Webcam Dither Lab
Live webcam dithering and filter comparison lab with auto best-detail scoring.
no auth
open ↗ · repo ↗
yq TRL 5Yq
Command-line YAML and XML processor - jq wrapper for YAML/XML documents
no auth
open ↗ · repo ↗
z3-smt-game TRL 4Z3 Smt Game
A browser puzzle lab where Z3-WASM solves logic games and a local LLM explains the constraints.
no auth
open ↗ · repo ↗
0exec services authenticate via X-API-Key header or ?api_key query. 0crawl services use a path-prefix token /t/<token>/… with a public demo token. pages entries are static GitHub Pages sites — no auth. Reachability dot: green = live HTTP probe succeeded (0exec only), red = probe failed, grey = registry-only (0crawl/pages aren't live-probed by this service).