Photon is a lightning fast web crawler which extracts URLs, files, intel & endpoints from a target.
Yep, I am using 100 threads and Photon won't complain about it because its in Ninja Mode 😎
Crawlers are supposed to recursively extract links right? Well that's kind of boring so Photon goes beyond that. It extracts the following information:
- URLs (in-scope & out-of-scope)
- URLs with parameters (
example.com/gallery.php?id=2
) - Intel (emails, social media accounts, amazon buckets etc.)
- Files (pdf, png, xml etc.)
- JavaScript files & Endpoints present in them
- Strings based on custom regex pattern
The extracted information is saved in an organized manner.
Here's a secret, most of the tools floating on the internet aren't properly multi-threaded even if they are supposed to. They either supply a list of items to threads which results in multiple threads accessing the same item or they simply put a thread lock and end up rendering multi-threading useless.
But Photon is different or should I say "genius"? Take a look at this and decide yourself.
In Ninja Mode, 3 online services are used to make requests to the target on your behalf.
So basically, now you have 4 clients making requests to the same server simultaneously which gives you a speed boost, minimizes the risk of connection reset as well as delays requests from a single client.
Here's a comparison generated by Quark where the lines represent threads:
Run Photon against a single website.
python photon.py -u http://example.com
Specifying a URL with it's schema i.e. http(s)://
is optional but you must add www.
if the website has it.
Tip 💡 : If you feel like the crawling is taking too long or you just don't want to crawl anymore, just press ctrl + c
in your terminal and Photon will skip the rest of URLs.
Depth of crawling.
python photon.py -u http://example.com -l 3
Default Value: 2
You can keep a delay between requests made to the target by specifying the time in seconds.
python photon.py -u http://example.com -d 1
Default Value: 0
Number of threads to use.
python photon.py -u http://example.com -t 10
Default Value: 2
Tip 💡 : The optimal number of threads depends on your connection speed as well as nature of the target server. If you have a decent network connection and the server doesn't have any rate limiting in place, you can use up to 100
threads.
Cookie to send.
python photon.py -u http://example.com -c "PHPSSID=821b32d21"
Tip 💡 : Don't use ninja mode when you are using cookies because the online services used in that mode don't allow that.
Toggles Ninja Mode on/off.
python photon.py -u http://example.com --ninja
Default Value: False
Tip 💡 : Ninja mode uses the following websites to make requests on your behalf:
Please help me add more "APIs" to reduce load on their servers and turn off this mode whenever not required.
Create an image displaying target domain's DNS data.
python photon.py -u http://example.com --dns
Sample Output:
Tip 💡 : It doesn't work with subdomains. This plugin is in development and this issue will be fixed in a day or two.
Lets you add custom seeds, seperated by commas.
python photon.py -u http://example.com -s "http://example.com/portals.html,http://example.com/blog/2018"
Specify custom regex pattern to extract strings.
python photon.py -u http://example.com -r "\d{10}"
The strings extracted using the custom regex pattern are saved in custom.txt
.
You can contribute in following ways:
- Report bugs
- Develop plugins
- Add more "APIs" for ninja mode
- Give suggestions to make it better
- Fix issues & submit a pull request
Photon is licensed under GPL v3.0 license.