Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target.
160 requests per second while extensive data extraction is just another day for Photon!
Photon is now also available as a library.
Photon extracts the following data while crawling by default:
- URLs (in-scope & out-of-scope)
- URLs with parameters (
example.com/gallery.php?id=2) - Intel (emails, social media accounts, amazon buckets etc.)
- Files (pdf, png, xml etc.)
- Secret keys (auth/API keys & hashes)
- JavaScript files & Endpoints present in them
- Strings based on custom regex pattern
The extracted information is saved in an organized manner.
Crawling can be resource intensive but Photon has some tricks up it's sleeves. You can fetch URLs archived by archive.org to be used as seeds by using --wayback option.
Liked the idea? The extensive range of options provided by Photon lets you crawl the web exactly the way you want.
Here's a secret, most of the tools floating on the internet aren't properly multi-threaded even if they are supposed to. They either supply a list of items to threads which results in multiple threads accessing the same item or they simply put a thread lock and end up rendering multi-threading useless.
But Photon is different or should I say "genius"? Take a look at this and decide yourself.
In Ninja Mode, 3 online services are used to make requests to the target on your behalf.
So basically, now you have 4 clients making requests to the same server simultaneously which gives you a speed boost if you have a slow connection, minimizes the risk of connection reset as well as delays requests from a single client.
Here's a comparison generated by Quark where the lines represent threads:
Photon's capabilites can be further extended by using plugins.
Available plugins:
- wayback: Fetches URLs crawled by archive.org to use as seeds.
- dnsdumpster: Generates an image containing the DNS data of the target domain.
- Exporter: Plugin to export results in JSON, support for more formats is being worked on.
Plugins in active development:
- Quark: A plugin to plot a graph making it easier to inspect relationships between different webpages using Quark.
- XSStrike: Modular & targeted version of XSStrike to be used with Photon.
- FindSubdomains: Plugin to find subdomains.
The project is under heavy development and updates for fixing bugs. optimizing performance & new features are being rolled everyday.
If you would like to see features and issues that are being worked on, you can do that on Development project board.
Updates can be installed & checked for with the --update option. Photon has seamless update capabilities which means you can update Photon without losing any of your saved data.
You can contribute in following ways:
- Report bugs
- Develop plugins
- Add more "APIs" for ninja mode
- Give suggestions to make it better
- Fix issues & submit a pull request
Please read the guidelines before submitting a pull request or issue.
Do you want to have a conversation in private? Hit me up on my twitter, inbox is open :)
Photon is licensed under GPL v3.0 license