Yo HN, I built this because I wanted something like Assetnote but open source. Once I started, I realized the community had already built tools that do each individual piece better than anything I'd write from scratch. Subfinder, Naabu, Nmap, Nuclei, Katana, Httpx, Gowitness, Wappalyzer, URLFinder, CVEMap. They're all great on their own, nobody had just wired them into a single pipeline with a web UI on top.
That's all XPFarm really is. You point it at a target and it runs an 8-stage pipeline from subdomain discovery through to Nuclei vuln scanning. Filters out Cloudflare, checks what's alive, port scans, screenshots, tech detection, CVE lookups. One dashboard at the end with everything in it, including raw logs so you can see exactly what got dropped and why.
Written in Go, SQLite with WAL mode, Gin for the web server, Docker for deployment. Three commands and you're running.
There's also a binary analysis feature called Overlord that lets you upload files and analyze them with radare2. Found some good CVEs with this, waiting on the vendor, wish me luck.
A3-N•1h ago
That's all XPFarm really is. You point it at a target and it runs an 8-stage pipeline from subdomain discovery through to Nuclei vuln scanning. Filters out Cloudflare, checks what's alive, port scans, screenshots, tech detection, CVE lookups. One dashboard at the end with everything in it, including raw logs so you can see exactly what got dropped and why.
Written in Go, SQLite with WAL mode, Gin for the web server, Docker for deployment. Three commands and you're running.
There's also a binary analysis feature called Overlord that lets you upload files and analyze them with radare2. Found some good CVEs with this, waiting on the vendor, wish me luck.