Acknowledging the open-source tools and communities that power our vulnerability scanning platform.
FindTheBreach integrates the following open-source security tools to provide comprehensive vulnerability scanning and penetration testing capabilities. We are grateful to the developers and communities behind these tools. Each tool is subject to its own license terms as listed below.
| Tool | License | Description |
|---|---|---|
| Amass | Apache-2.0 | Network mapping and external asset discovery |
| Commix | GPLv3 | Automated command injection testing |
| CRT.sh | Public Service | Certificate Transparency log search |
| Dirsearch | GPLv2 | Web path discovery/brute-forcing |
| Feroxbuster | MIT | Fast content discovery tool |
| Ffuf | MIT | Fast web fuzzer |
| Gitleaks | MIT | Detect secrets in code repositories |
| GoBuster | Apache-2.0 | Directory/DNS/vhost brute-forcing |
| Httpx | MIT | Fast HTTP toolkit for probing |
| Hydra | AGPLv3 | Network authentication cracker |
| Metasploit Framework | BSD-3-Clause | Penetration testing framework |
| Naabu | MIT | Fast port scanner |
| Nikto | GPLv2 | Web server scanner |
| Nmap | NPSL (GPLv2) | Network discovery and security auditing |
| Nuclei | MIT | Template-based vulnerability scanner |
| OWASP ZAP | Apache-2.0 | Dynamic application security testing |
| Shodan (CLI) | MIT | Internet-connected device search engine |
| SQLMap | GPLv2 | Automatic SQL injection tool |
| Subfinder | MIT | Subdomain discovery tool |
| TestSSL.sh | GPLv2 | SSL/TLS configuration testing |
| Trivy | Apache-2.0 | Container and dependency vulnerability scanner |
| Wapiti | GPLv2 | Web application vulnerability scanner |
| WhatWeb | GPLv2 | Web technology fingerprinting |
| WPScan | Custom (WPScan License) | WordPress vulnerability scanner |
| XSSer | GPLv3 | Automated XSS testing framework |
| Library | License | Description |
|---|---|---|
| FastAPI | MIT | High-performance Python web framework |
| SQLAlchemy | MIT | SQL toolkit and ORM for Python |
| Uvicorn | BSD-3 | ASGI web server implementation |
| Gunicorn | MIT | Python WSGI/ASGI HTTP server |
| Pydantic | MIT | Data validation using Python type annotations |
| asyncpg | Apache-2.0 | Fast async PostgreSQL client library |
| PyJWT | MIT | JSON Web Token implementation for Python |
| bcrypt | Apache-2.0 | Password hashing library |
| httpx | BSD-3 | Async HTTP client for Python |
| cryptography | Apache-2.0/BSD | Cryptographic primitives and recipes for Python |
FindTheBreach does not modify or redistribute the source code of these tools. They are used as-is for security scanning purposes within the platform. For license details, please refer to each tool's official repository.