Map every subdomain and archived URL a target domain has ever had.
Spot exposed API keys, tokens, or backup files in archived pages.
Compare scans over time to catch newly exposed assets.
| omnitarium/scoptix | wesbos/syntax-supercut-studio | allstarswc/allstars | |
|---|---|---|---|
| Stars | 61 | 61 | 60 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | moderate | moderate | hard |
| Complexity | 3/5 | 3/5 | 4/5 |
| Audience | developer | developer | general |
Figures from each repo's GitHub metadata at analysis time.
Requires a VirusTotal API key and Docker for Postgres and Redis, not hardened for production exposure.
SCOPTIX is a security research tool that helps analysts map out what is publicly visible about a web target without directly probing it. This approach is called passive reconnaissance: instead of sending requests to the target itself, the tool queries external databases that have already indexed information about it. The two data sources it uses are VirusTotal, which has a large database of subdomains and historical DNS records, and the Wayback Machine, which archives snapshots of websites over time. By combining these sources, SCOPTIX can surface the subdomains a domain has had, the URLs that were once publicly accessible, the IP addresses the domain has resolved to, and archived files that may no longer be linked from the live site. Beyond discovery, the tool analyzes what it finds. It looks for patterns that suggest exposed credentials, API keys, tokens, cloud configuration files, and sensitive documents like backups. It also tracks endpoints and authentication-related URLs in archived pages. A scan comparison feature lets you run the tool more than once and see what changed, which is useful for noticing when a new subdomain or exposed file appears. The interface is a web dashboard. You set up the tool locally, add a VirusTotal API key (the free community tier works, though it has rate limits), and then run scans through the browser. PostgreSQL and Redis are used for storage and queuing, and Docker scripts are provided to start both without manual configuration. The README is explicit that SCOPTIX is not hardened for production use and has no built-in access controls. You should run it in an isolated environment and not expose it to the public internet. It is built with TypeScript and Node.js and is intended for security analysts, bug bounty hunters, and penetration testers working on targets they are authorized to assess.
A self-hosted dashboard that maps a domain's public footprint (subdomains, old URLs, leaked secrets) using VirusTotal and the Wayback Machine, without ever probing the target directly.
Mainly TypeScript. The stack also includes TypeScript, Node.js, PostgreSQL.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.