// the find
s0md3v/Photon
Incredibly fast crawler designed for OSINT.
Photon is a multithreaded web crawler built for OSINT work — point it at a target and it pulls out URLs, emails, API keys, JS endpoints, subdomains, and files. It's a command-line tool for security researchers and bug bounty hunters who want a fast, structured dump of a site's exposed surface area.
The Wayback Machine seed option is genuinely useful — you can bootstrap a crawl with years of archived URLs before touching the live site. JavaScript endpoint extraction is a real differentiator; most crawlers skip this entirely. Output is organized into typed buckets (intel, files, keys, etc.) rather than one flat URL list, which saves post-processing time. Docker support with volume mounting is clean and means you don't fight Python dependency hell.
Last meaningful activity is from 2022 with a 2026 cosmetic push — the roadmap board is abandoned and open issues are stacking up unaddressed. The secret key detection is regex-based and will produce significant false positives; there's no entropy scoring or context-aware filtering. No support for JavaScript-heavy SPAs — it's an HTML link crawler, so anything rendered client-side is invisible to it. The codebase is a single-file script with a flat plugin directory, which makes it hard to extend without forking the whole thing.