finds.dev← search

// the find

s0md3v/Photon

★ 13,000 · Python · GPL-3.0 · updated Feb 2026

Incredibly fast crawler designed for OSINT.

Photon is a multithreaded web crawler built for OSINT work — point it at a target and it pulls out URLs, emails, API keys, JS endpoints, subdomains, and files. It's a command-line tool for security researchers and bug bounty hunters who want a fast, structured dump of a site's exposed surface area.

The Wayback Machine seed option is genuinely useful — you can bootstrap a crawl with years of archived URLs before touching the live site. JavaScript endpoint extraction is a real differentiator; most crawlers skip this entirely. Output is organized into typed buckets (intel, files, keys, etc.) rather than one flat URL list, which saves post-processing time. Docker support with volume mounting is clean and means you don't fight Python dependency hell.

Last meaningful activity is from 2022 with a 2026 cosmetic push — the roadmap board is abandoned and open issues are stacking up unaddressed. The secret key detection is regex-based and will produce significant false positives; there's no entropy scoring or context-aware filtering. No support for JavaScript-heavy SPAs — it's an HTML link crawler, so anything rendered client-side is invisible to it. The codebase is a single-file script with a flat plugin directory, which makes it hard to extend without forking the whole thing.

View on GitHub →

// want more like this?

We dig through GitHub every week and send a few repos picked for what you actually care about — each with an honest take like this one.

Get finds in your inbox → Search again →